urlscan.io logo urlscan.io
SecurityTrails logo

labs.watchtowr.com Open in urlscan Pro
2a04:4e42::775  Public Scan

Go To Rescan Add Verdict Report
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Submission: On June 26 via api from TR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 27 IPs in 3 countries across 21 domains to perform 48 HTTP transactions. The main IP is 2a04:4e42::775, located in United States and belongs to FASTLY, US. The main domain is labs.watchtowr.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on May 5th 2024. Valid for: 3 months.
This is the only time labs.watchtowr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 2a04:4e42::775 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:200... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 104.17.24.14 13335 (CLOUDFLAR...)
1 151.101.65.195 54113 (FASTLY)
1 2600:9000:225... 16509 (AMAZON-02)
1 18.66.102.11 16509 (AMAZON-02)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
4 6 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 34.160.69.120 396982 (GOOGLE-CL...)
1 13.33.187.19 16509 (AMAZON-02)
1 18.245.46.32 16509 (AMAZON-02)
1 2001:4860:480... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.224.189.35 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 18.245.46.19 16509 (AMAZON-02)
1 54.224.70.138 14618 (AMAZON-AES)
48 27
10    2a04:4e42::775 (United States)

ASN54113 (FASTLY, US)
labs.watchtowr.com
1    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6810:8dd1 (United States)

ASN13335 (CLOUDFLARENET, US)
js-na1.hs-scripts.com
6    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    151.101.65.195 (San Francisco, United States)

ASN54113 (FASTLY, US)
app.factors.ai
1    2600:9000:2250:ca00:4:d7e1:700:93a1 (United States)

ASN16509 (AMAZON-02, US)
sc.lfeeder.com
1    18.66.102.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-11.fra56.r.cloudfront.net
static.hotjar.com
1    2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
6    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6810:4c8e (United States)

ASN13335 (CLOUDFLARENET, US)
js.usemessages.com
2    2606:4700::6810:6ffe (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
1    2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
4    34.160.69.120 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 120.69.160.34.bc.googleusercontent.com
api.factors.ai
1    13.33.187.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-19.fra60.r.cloudfront.net
script.hotjar.com
1    18.245.46.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-32.fra56.r.cloudfront.net
tr-rc.lfeeder.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
2    2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubspot.com
1    2606:4700::6812:f36c (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
1    13.224.189.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-35.fra2.r.cloudfront.net
widget.intercom.io
1    2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
2    18.245.46.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-19.fra56.r.cloudfront.net
js.intercomcdn.com
1    54.224.70.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-224-70-138.compute-1.amazonaws.com
api-iam.intercom.io
Apex Domain
Subdomains		 Transfer
10 watchtowr.com
labs.watchtowr.com
215 KB
7 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 360
www.linkedin.com — Cisco Umbrella Rank: 545
px4.ads.linkedin.com — Cisco Umbrella Rank: 6416
4 KB
6 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 268
12 KB
5 factors.ai
app.factors.ai — Cisco Umbrella Rank: 131221
api.factors.ai — Cisco Umbrella Rank: 79124
10 KB
3 hubspot.com
api.hubspot.com — Cisco Umbrella Rank: 5690
track.hubspot.com — Cisco Umbrella Rank: 2823
2 KB
2 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 4674
290 KB
2 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 3016
api-iam.intercom.io — Cisco Umbrella Rank: 3077
6 KB
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 5322
forms.hscollectedforms.net — Cisco Umbrella Rank: 5409
25 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 894
script.hotjar.com — Cisco Umbrella Rank: 1260
60 KB
2 lfeeder.com
sc.lfeeder.com — Cisco Umbrella Rank: 17426
tr-rc.lfeeder.com — Cisco Umbrella Rank: 22164
11 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 4224
1 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2355
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3959
4 KB
1 usemessages.com
js.usemessages.com — Cisco Umbrella Rank: 5803
24 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2607
26 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2634
24 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 902
14 KB
1 hs-scripts.com
js-na1.hs-scripts.com — Cisco Umbrella Rank: 7535
1 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81
95 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381
67 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83
2 KB
48 21
Domain Requested by
10 labs.watchtowr.com labs.watchtowr.com
6 cdnjs.cloudflare.com labs.watchtowr.com
cdnjs.cloudflare.com
5 px.ads.linkedin.com 3 redirects snap.licdn.com
4 api.factors.ai app.factors.ai
2 js.intercomcdn.com widget.intercom.io
2 api.hubspot.com js.usemessages.com
1 api-iam.intercom.io js.intercomcdn.com
1 track.hubspot.com
1 widget.intercom.io labs.watchtowr.com
1 api.hubapi.com js.hsadspixel.net
1 forms.hscollectedforms.net js.hscollectedforms.net
1 region1.google-analytics.com www.googletagmanager.com
1 tr-rc.lfeeder.com labs.watchtowr.com
1 script.hotjar.com static.hotjar.com
1 js.hsadspixel.net js-na1.hs-scripts.com
1 js.hscollectedforms.net js-na1.hs-scripts.com
1 js.usemessages.com js-na1.hs-scripts.com
1 js.hs-banner.com js-na1.hs-scripts.com
1 js.hs-analytics.net js-na1.hs-scripts.com
1 px4.ads.linkedin.com labs.watchtowr.com
1 www.linkedin.com 1 redirects
1 snap.licdn.com labs.watchtowr.com
1 static.hotjar.com labs.watchtowr.com
1 sc.lfeeder.com labs.watchtowr.com
1 app.factors.ai labs.watchtowr.com
1 js-na1.hs-scripts.com labs.watchtowr.com
1 www.googletagmanager.com labs.watchtowr.com
1 cdn.jsdelivr.net labs.watchtowr.com
1 fonts.googleapis.com labs.watchtowr.com
48 29
Subject Issuer Validity Valid
labs.watchtowr.com
ZeroSSL RSA Domain Secure Site CA		 2024-05-05 -
2024-08-03		 3 months crt.sh
upload.video.google.com
WR2		 2024-06-03 -
2024-08-26		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh
*.google-analytics.com
WR2		 2024-06-03 -
2024-08-26		 3 months crt.sh
hs-scripts.com
E1		 2024-05-31 -
2024-08-29		 3 months crt.sh
cdnjs.cloudflare.com
E1		 2024-06-02 -
2024-08-31		 3 months crt.sh
app.factors.ai
WR3		 2024-05-16 -
2024-08-14		 3 months crt.sh
*.lfeeder.com
Amazon RSA 2048 M02		 2024-02-20 -
2025-03-20		 a year crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-01-30 -
2024-07-30		 6 months crt.sh
hs-analytics.net
WE1		 2024-06-11 -
2024-09-09		 3 months crt.sh
hs-banner.com
E1		 2024-05-30 -
2024-08-28		 3 months crt.sh
usemessages.com
E5		 2024-06-10 -
2024-09-08		 3 months crt.sh
hscollectedforms.net
E1		 2024-05-27 -
2024-08-25		 3 months crt.sh
hsadspixel.net
E6		 2024-06-14 -
2024-09-12		 3 months crt.sh
api.factors.ai
WR3		 2024-05-29 -
2024-08-27		 3 months crt.sh
hubspot.com
E1		 2024-05-23 -
2024-08-21		 3 months crt.sh
hubapi.com
E1		 2024-05-04 -
2024-08-02		 3 months crt.sh
*.intercom.com
Amazon RSA 2048 M03		 2024-01-15 -
2025-02-11		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02		 2023-12-01 -
2024-12-29		 a year crt.sh

This page contains 2 frames:

Primary Page: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Frame ID: 2DEA72AF63884B51AE63CD4652FBC3F7
Requests: 42 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.3a9a1752.js
Frame ID: 6CC05B5A6D3D8F58E9AB2BF4B9409A31
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

48
Requests

98 %
HTTPS

63 %
IPv6

21
Domains

29
Subdomains

27
IPs

3
Countries

891 kB
Transfer

2486 kB
Size

22
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3860676%26time%3D1719367828701%26url%3Dhttps%253A%252F%252Flabs.watchtowr.com%252Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&cookiesTest=true&liSync=true&e_ipv6=AQIa8cVfEEvmaQAAAZBSTwdPwPATR-N3jX8bMU6T67AAx9Is4OIVPBEbv-35ShHZaTDOOiFO

48 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/ 		86 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
00353a58949e776e76d99ad58d42e1287889dd3d3299e0ef67e111303bfbe24c

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
39679
alt-svc
clear
cache-control
public, max-age=0
content-encoding
gzip
content-length
29465
content-type
text/html; charset=utf-8
date
Wed, 26 Jun 2024 02:10:28 GMT
etag
W/"15834-B6n2obvcJ2BZ5bp+aeY4VV0plq4"
ghost-age
0
ghost-cache
MISS
ghost-fastly
true
server
openresty
status
200 OK
vary
Cookie, Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
53, 0
x-request-id
691377d2-6154-4a54-a815-6a994a9eb30a
x-served-by
cache-ams21045-AMS, cache-cph2320034-CPH
x-timer
S1719367828.372341,VS0,VE1
css2
fonts.googleapis.com/ 		38 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lora:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&family=Inter:wght@400;500;600;700;800&display=swap
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
15da420d295a885c78bf372cb01d0078bfc2f56c93a0203c34ce2fd4bbd6f4ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 26 Jun 2024 02:10:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 26 Jun 2024 02:10:28 GMT
screen.css
labs.watchtowr.com/assets/built/ 		32 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://labs.watchtowr.com/assets/built/screen.css?v=c49e2c937a
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
c04c22ec20671d45136ecbb2c6c1729daecf3a089378842a926769966202c863

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
68089
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
6999
ghost-fastly
true
x-request-id
0777213b-020e-4f79-a6da-852f2c05b564
x-served-by
cache-ams2100091-AMS, cache-cph2320034-CPH
last-modified
Fri, 21 Jun 2024 06:09:44 GMT
server
openresty
x-timer
S1719367828.428009,VS0,VE1
etag
W/"7f54-190396a44ad"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
1, 0
sodo-search.min.js
cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/ 		197 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/sodo-search.min.js
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
73e90bca3350ae511b91bb029abfdc78760e164530c9cfd8f1f5e5d007a254b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Origin
https://labs.watchtowr.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 26 Jun 2024 02:10:28 GMT
x-content-type-options
nosniff
content-encoding
br
age
32677
x-jsd-version
1.1.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
68063
x-served-by
cache-fra-etou8220075-FRA, cache-cph2320058-CPH
x-jsd-version-type
version
etag
W/"313b2-PGFkfSo33Bwphw9PaHfsB1kMn/Y"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
accept-ranges
bytes
timing-allow-origin
*
cards.min.js
labs.watchtowr.com/public/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.watchtowr.com/public/cards.min.js?v=c49e2c937a
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
7b257e1e81be5f3928d1fa0dc765a5d77eb818b61d72f940ee947dc955bbbb0b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
68090
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
1490
ghost-fastly
true
x-request-id
1299c02d-3c3d-4571-94e6-b4391e0e1bb1
x-served-by
cache-ams2100105-AMS, cache-cph2320034-CPH
server
openresty
x-timer
S1719367829.572151,VS0,VE1
etag
W/"143954965104cf254bf1a498449c6855"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
1, 2
cards.min.css
labs.watchtowr.com/public/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://labs.watchtowr.com/public/cards.min.css?v=c49e2c937a
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
e2f5f034a70265449dbdd6ba7305df5d29dafff850a42eb08eb9a2f6d8c7e838

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
68089
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
6280
ghost-fastly
true
x-request-id
c18a5941-2e61-47ce-9b26-c81a1d7fafac
x-served-by
cache-ams2100133-AMS, cache-cph2320034-CPH
server
openresty
x-timer
S1719367828.428367,VS0,VE1
etag
W/"ec426a3cdde603093dd319f349415771"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
1, 0
js
www.googletagmanager.com/gtag/ 		275 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-Q0QQGYH9DL
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a31b6a57cc0c3f9236b5fdcc5ff931e06b0af6ee9df5bdffc184060f123e5d1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
97040
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 26 Jun 2024 02:10:28 GMT
23785948.js
js-na1.hs-scripts.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-na1.hs-scripts.com/23785948.js
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94d75ebec8b30ab13185f27a45dcd63efad1e3c8588c6ec7a6f6a91aa72b475e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-hubspot-correlation-id
0afd075b-f094-44a5-8bd9-486f89f4358e
x-evy-trace-route-service-name
envoyset-translator
cf-polished
origSize=2506
age
5715
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0afd075b-f094-44a5-8bd9-486f89f4358e
cf-bgj
minify
last-modified
Wed, 26 Jun 2024 00:35:13 GMT
server
cloudflare
access-control-max-age
3600
vary
origin, Accept-Encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://labs.watchtowr.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-7dd59b876-964mk
x-evy-trace-virtual-host
all
access-control-allow-credentials
true
cf-ray
8999a9412e9d1c26-FRA
prism-tomorrow.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/themes/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/themes/prism-tomorrow.min.css
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b15fe2971998a048aebb60f26f6eed76122071db9ef3b995abd003224f52a98
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://labs.watchtowr.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
469357
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
472
last-modified
Sun, 17 Apr 2022 14:36:33 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"625c25f1-1d8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m4uqH6gbCweF%2B1%2BpD9UeZcBzRGm2nixj0qBFU1iBMHBgnwz%2FeIAjECNcforJRZh2vP4rJ1kg4%2BQKZgSMh%2BQklQVmc0GczNkTn50ITNwKoU1xqnLIRiu2IlnLUOriXWMYflNKa8I6"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8999a93ffec31e1c-FRA
expires
Mon, 16 Jun 2025 02:10:28 GMT
watchTowr---Labs-White.svg
labs.watchtowr.com/content/images/2022/04/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://labs.watchtowr.com/content/images/2022/04/watchTowr---Labs-White.svg
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
653dd026068639c920becd532cf32e17cab76ed6de3d821abfc7ba6c49b6ea64

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
792946
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
1192
ghost-fastly
true
x-request-id
24b345d2-b4d5-4a7f-9d14-2925705b53c8
x-served-by
cache-ams21080-AMS, cache-cph2320034-CPH
last-modified
Sat, 30 Apr 2022 05:09:19 GMT
server
openresty
x-timer
S1719367828.428325,VS0,VE1
etag
W/"c1a-18078df92b7"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
530, 0
moveit.png
labs.watchtowr.com/content/images/size/w1200/2024/06/ 		111 KB
111 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://labs.watchtowr.com/content/images/size/w1200/2024/06/moveit.png
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
b380d740626dde396c64470b8a104722e564ec1aa7aff25a724de1c29b67ffc8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Wed, 26 Jun 2024 02:10:28 GMT
via
1.1 varnish, 1.1 varnish
age
123469
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
113673
ghost-fastly
true
x-request-id
901bda03-0801-4922-bf0e-80791527394f
x-served-by
cache-ams21045-AMS, cache-cph2320034-CPH
last-modified
Mon, 24 Jun 2024 15:52:39 GMT
server
openresty
x-timer
S1719367828.428435,VS0,VE1
etag
W/"1bc09-1904af3077e"
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
51, 0
logo-white.svg
labs.watchtowr.com/assets/images/ 		630 B
534 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://labs.watchtowr.com/assets/images/logo-white.svg
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
ceaf8255e1258fa5e1e32c9dee6c940e0562695951c628f7415b9a93eb085e95

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
1116697
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
356
ghost-fastly
true
x-request-id
ec40ce4d-697f-4c0c-a509-c1049261b2cb
x-served-by
cache-ams21055-AMS, cache-cph2320034-CPH
last-modified
Wed, 25 Jan 2023 10:01:05 GMT
server
openresty
x-timer
S1719367828.480739,VS0,VE1
etag
W/"276-185e85fba57"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
711, 0
main.min.js
labs.watchtowr.com/assets/built/ 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.watchtowr.com/assets/built/main.min.js?v=c49e2c937a
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
1fca19e97c3cbc726acc8d8e5ccb34aa99a0b6153054d724560a53c07a652397

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
68091
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
16304
ghost-fastly
true
x-request-id
20b696d3-8371-487e-bb08-afdcb2c293de
x-served-by
cache-ams2100138-AMS, cache-cph2320034-CPH
last-modified
Fri, 21 Jun 2024 06:09:44 GMT
server
openresty
x-timer
S1719367829.537351,VS0,VE1
etag
W/"b10f-190396a44a4"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
1, 2
prism-core.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-core.min.js
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2624d4f66cc5f171cd460896b106630f7666a1e638b42dd9ddefd0ca7758683
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://labs.watchtowr.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1665451
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2815
last-modified
Sun, 17 Apr 2022 14:36:33 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"625c25f1-aff"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BW3FPz8b%2FhdRrCi9FO61OFM4jjRZMWnujKpxq%2BROVLVfmLPoQi2cv5PJGodAmH2lmanmKENL1vilZJq4idD2UvD2BXSZ2%2FQiMQ%2BLB9Gc9KTZZpimTkxCErlq6IEAs%2Fp2deViUGRg"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8999a9405f031e1c-FRA
expires
Mon, 16 Jun 2025 02:10:28 GMT
prism-autoloader.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/prism-autoloader.min.js
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74beaf9148829f7d253d337d715ae6407a39510984c0332bc76a69024e088559
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://labs.watchtowr.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
939430
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2164
last-modified
Sun, 17 Apr 2022 14:36:33 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"625c25f1-874"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2uiE5cAERFBjliUVHpWCKWtQiEKtB6AI06NB5S2eFKlizlTo4nriul5vwaBikXG3SDy2lRHRrJT3m4ln90c38v%2Fa%2FNjbGNLej1AXceHpL8b4cWqYCfz4VDGas1jsNZuvj%2FUcQkp8"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8999a9409f261e1c-FRA
expires
Mon, 16 Jun 2025 02:10:28 GMT
factors.js
app.factors.ai/assets/v1/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.factors.ai/assets/v1/factors.js
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.195 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
789ad6b54d10a01a13238849bba8335168416a9145593404a68019b2b3b2c1f8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-fra-etou8220109-FRA
strict-transport-security
max-age=31556926
content-encoding
br
date
Wed, 26 Jun 2024 02:10:28 GMT
last-modified
Tue, 25 Jun 2024 10:09:36 GMT
x-timer
S1719367829.693443,VS0,VE0
etag
"1d20933d00688ef430a623e04e5c77cb7b5c9fcede6d37f7ce400e673706d546-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
9436
x-cache-hits
3
lftracker_v1_3P1w24do6zP7mY5n.js
sc.lfeeder.com/ 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.lfeeder.com/lftracker_v1_3P1w24do6zP7mY5n.js
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:ca00:4:d7e1:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
86ae6764730a81e65bb4ef02adee5bdddee05973415b09dc1055fab1adebf9fa

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
c53iqKauKyZilLpPErJ7h8LQxMAMBeHm
content-encoding
br
via
1.1 5ddb18e15e6b0ed6114111e515bddc66.cloudfront.net (CloudFront)
date
Wed, 26 Jun 2024 02:06:35 GMT
last-modified
Tue, 28 May 2024 06:55:11 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
431
x-amz-server-side-encryption
AES256
etag
W/"36fe2a3943db3cd67ded913ed0d7a19e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
EzORcqyNWsGozInMifLFZqkYBFUIM1RDVOWTu5rH3JT_Oa7vjE3diA==
hotjar-2950076.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2950076.js?sv=6
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-11.fra56.r.cloudfront.net
Software
/
Resource Hash
841e37fe49b3281facfe12fefbe0382175cdb84bc701dd3ebd8eb10c5e59599d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 83f1b8f73f37458f38e2ee1fc0b9e68c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/7e072396fb361a29a25d9b2737eb7633
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
7JbCQHfH5abYkKu_lFmOLgP2IDj7hhiBUNKr6FLLU0ljVQ7kr5uR-w==
insight.min.js
snap.licdn.com/li.lms-analytics/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 Jun 2024 16:46:52 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=83631
accept-ranges
bytes
content-length
14004
ABCFavorit-Light.woff2
labs.watchtowr.com/assets/fonts/ 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://labs.watchtowr.com/assets/fonts/ABCFavorit-Light.woff2
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/assets/built/screen.css?v=c49e2c937a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
274ba032d9071697b02e08b0833af8b4ed90b453740cdc11528b7e058bdb8f36

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/assets/built/screen.css?v=c49e2c937a
Origin
https://labs.watchtowr.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Wed, 26 Jun 2024 02:10:28 GMT
via
1.1 varnish, 1.1 varnish
age
79348
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
39044
ghost-fastly
true
x-request-id
8303d707-16f2-4b54-a967-89da3e902b1b
x-served-by
cache-ams2100140-AMS, cache-cph2320034-CPH
last-modified
Fri, 21 Jun 2024 06:09:44 GMT
server
openresty
x-timer
S1719367829.602727,VS0,VE1
etag
W/"9884-190396a44c0"
content-type
font/woff2
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
1, 1
attribution_trigger
px.ads.linkedin.com/ 		2 B
813 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
*
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
gzip
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: C60E5EA2AAEE4D1092432DCB571576DE Ref B: FRAEDGE1409 Ref C: 2024-06-26T02:10:28Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-ltx1
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYbwYSt85v/uPFcTjpnhA==
x-fs-uuid
00061bc184adf39bffb8f15c4e3a6784
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&co...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3860676%26time%3D1719367828701%26url%3Dhttps%253A%252F%252Flabs.watchtowr.com%252...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&co...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&c...
0
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&cookiesTest=true&liSync=true&e_ipv6=AQIa8cVfEEvmaQAAAZBSTwdPwPATR-N3jX8bMU6T67AAx9Is4OIVPBEbv-35ShHZaTDOOiFO
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 26 Jun 2024 02:10:29 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 95C9F734B5B645B29724585DE71AF864 Ref B: FRAEDGE1519 Ref C: 2024-06-26T02:10:29Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYbwYS4ykskf/W3RpLfoQ==

Redirect headers

date
Wed, 26 Jun 2024 02:10:28 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 34701B5CE42740529056186CC2C4A86A Ref B: DUS30EDGE0916 Ref C: 2024-06-26T02:10:29Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1719367828701&url=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&cookiesTest=true&liSync=true&e_ipv6=AQIa8cVfEEvmaQAAAZBSTwdPwPATR-N3jX8bMU6T67AAx9Is4OIVPBEbv-35ShHZaTDOOiFO
x-li-proto
http/2
content-length
0
x-li-uuid
AAYbwYS0S0d8GmwAr+zYow==
23785948.js
js.hs-analytics.net/analytics/1719362100000/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1719362100000/23785948.js
Requested by
Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f60bbfe61a7c26d4f01b17af1d324429da09ad82554c9f049b4ff523107f96e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
REVALIDATED
x-amz-request-id
5103ZW21QZBMT6KS
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
8d8356bf-04aa-48d1-9a7c-0359cc84cb32
x-envoy-upstream-service-time
27
x-amz-id-2
K8DVMwwvi7fYRV/9sxBQNWwQW7xEIY3fSBv/s2XtRL0URDZeX3wOsDqxf2Maq5Dpl2NhSnnBm0M=
x-evy-trace-listener
listener_https
x-request-id
8d8356bf-04aa-48d1-9a7c-0359cc84cb32
x-evy-trace-route-configuration
listener_https/all
last-modified
Fri, 21 Jun 2024 21:37:34 GMT
server
cloudflare
etag
W/"95fe5226ea04f8f793c4665751c42914"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-762px
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
8999a9422f2437fe-FRA
expires
Wed, 26 Jun 2024 02:15:28 GMT
banner.js
js.hs-banner.com/v2/23785948/ 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/23785948/banner.js
Requested by
Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28eaa176c9a1856eedfd5aab7a68838bb5ffa51edf2a649ebcda47b09ae72ac1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:29 GMT
x-amz-version-id
jXpkg8ZA3O42lBwDL2ko09nD33May0qZ
content-encoding
gzip
cf-cache-status
REVALIDATED
x-amz-request-id
RWR3YRDREHNE2MEV
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
ca8e2327-4cb7-4f81-8281-fcee2f35df5a
x-envoy-upstream-service-time
64
x-amz-id-2
2kf3AjQ+I1MvndxA2x/k94SjsVnwqXSEN3jZU37epYNX8UUA0t2l/R9/HVoaZ+0z4AEfMoz1Vv4=
x-evy-trace-listener
listener_https
x-request-id
ca8e2327-4cb7-4f81-8281-fcee2f35df5a
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 15 Apr 2024 17:03:53 GMT
server
cloudflare
etag
W/"25da0fa480aec9fd7507eb946c81a856"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://labs.watchtowr.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-rslzw
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
8999a9421ad81da8-FRA
expires
Wed, 26 Jun 2024 02:15:29 GMT
conversations-embed.js
js.usemessages.com/ 		85 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.usemessages.com/conversations-embed.js
Requested by
Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4c8e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
753b5d77684b20581dddd43b3a944bca93a44da9e6dee0c8232ca6ed8a40ead5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
x-amz-version-id
yFTRQFC1g6ZpuTIoktepwBCyrzt6F_8h
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
280
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.16706/bundles/project.js&cfRay=8999a267bd664db3-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
ced73f8a-8d46-460d-b8a2-f1a31e19cdf4
cache-tag
staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
3
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
ced73f8a-8d46-460d-b8a2-f1a31e19cdf4
last-modified
Fri, 21 Jun 2024 14:34:54 UTC
server
cloudflare
etag
W/"d5ed42fdc505d7812288ee600abec355"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-jxxbv
cf-ray
8999a9422b159247-FRA
x-amz-cf-id
tAnjsXXR_Ay07BJ40V2V6KnL1xBtIyX3jaT53XZStAz8NBFjx65UHQ==
x-hs-target-asset
conversations-embed/static-1.16706/bundles/project.js
collectedforms.js
js.hscollectedforms.net/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6ffe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Origin
https://labs.watchtowr.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
x-amz-version-id
WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront)
cf-cache-status
EXPIRED
x-amz-cf-pop
IAD12-P3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
e6ee67f4-2cb8-46d8-bdd6-4daebd41f8ac
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=8999a9422bfdbbce-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
4
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e6ee67f4-2cb8-46d8-bdd6-4daebd41f8ac
last-modified
Wed, 15 May 2024 14:34:44 UTC
server
cloudflare
etag
W/"7d377a186677c174f204d466b8fa5fdb"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
x-hs-cache-status
HIT
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-th2td
cf-ray
8999a9422bfdbbce-FRA
x-amz-cf-id
7pSRDbgmmAaMdTMmjT4VDj7NhSdnZRdzfrqfQJuiVqHQvspGGyGw6Q==
x-hs-target-asset
collected-forms-embed-js/static-1.503/bundles/project.js
fb.js
js.hsadspixel.net/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c114a5641b9988aecb7a00c47bd1d37d912883ff4ef9c3b9fe6ad21603ab1066
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
x-amz-version-id
7Zz_oLsqoY3yHsxt9nM5YRwsj1MKwqFV
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 c13d71f8919c23db6bbd1c08a4dfb350.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
573
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.565/bundles/pixels-release.js&cfRay=89999b40bc9dbb77-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
b50a85b1-2276-4f2b-9019-0221898c2fe9
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b50a85b1-2276-4f2b-9019-0221898c2fe9
last-modified
Tue, 18 Jun 2024 12:46:30 UTC
server
cloudflare
etag
W/"b233ea75981268a81228cd819e8fd5eb"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-zrgzf
cf-ray
8999a942297f995a-FRA
x-amz-cf-id
EuttFugpj1gmW_Jy6K4GS7AQEBIkhKPdgYTopI5xZGUxyHpUjDu37Q==
x-hs-target-asset
adsscriptloaderstatic/static-1.565/bundles/pixels-release.js
get_info
api.factors.ai/sdk/ 		311 B
421 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.factors.ai/sdk/get_info
Requested by
Host: app.factors.ai
URL: https://app.factors.ai/assets/v1/factors.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.69.160.34.bc.googleusercontent.com
Software
/
Resource Hash
940659f8d87bd9fb978259de46239cf8b46aba94633085974ecc86c965455e2c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
fp50m8phd32g8y5reokdoan3w55o0nc3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:29 GMT
via
1.1 google
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://labs.watchtowr.com
access-control-allow-credentials
true
x-req-id
cptnh5ck71m9iov4uph0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
311
get_info
api.factors.ai/sdk/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.factors.ai/sdk/get_info
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.69.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://labs.watchtowr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users
access-control-allow-methods
GET,POST,PUT,HEAD,DELETE
access-control-allow-origin
https://labs.watchtowr.com
access-control-max-age
43200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 26 Jun 2024 02:10:28 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
modules.de6b9e294c29aa146ba1.js
script.hotjar.com/ 		223 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.de6b9e294c29aa146ba1.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2950076.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-19.fra60.r.cloudfront.net
Software
/
Resource Hash
743c4b93ab02f0ece15aa8bdb1f7b5d57e1753fe5ef6d320612ee0888e1196c6
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 10:29:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 c15415cccc7260d4bd35b1ca2c497c96.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
142881
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56329
last-modified
Mon, 24 Jun 2024 10:28:38 GMT
etag
"008a76cf1200a93494425164a6546e72"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
v8L5FGFsTATIe6LJBIwre_bpfs0muNaGOAOmmoMbEL1KwkY0nGvhfQ==
prism-python.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-python.min.js
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/prism-autoloader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed4385685bcf2d4935c8dbbab4bde16603da1329e092d2bf36c3dadd67e9a85c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
153025
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
988
last-modified
Sun, 17 Apr 2022 14:36:33 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"625c25f1-3dc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U1AJCMZffo4NMo%2BWFr1bL7illxlMhgDSFFyg%2FsrlFyxfKgn8CqvI4HBP3iJMHkJRDxbSnIbiGoM6rGvqwEANGvf%2FBZQRWHm9IC1nu%2FB6LdacOlmDmYpumRpmeIp04AdMXq3hnNyp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8999a9420c049125-FRA
expires
Mon, 16 Jun 2025 02:10:28 GMT
prism-clike.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 		708 B
1012 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-clike.min.js
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/prism-autoloader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c76ba4e240932bdc75546be30e550f5ba5e13815ff71511c76e9e27ac3072444
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
466417
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
381
last-modified
Sun, 17 Apr 2022 14:36:33 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"625c25f1-17d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JEFytpR0jKvbQ7Qku3dmX3Oi%2FufBuXiA%2FLAH7eU5f89kTKrLEx4ouxHdyjHo1KlEhDrW5xz7p%2BMYl2gCafNzO7XVnt5lGfO6VAWU4lmdSSdc6%2B1hQflJYSSbQGlhgdtDFIHx1cWL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8999a9420c039125-FRA
expires
Mon, 16 Jun 2025 02:10:28 GMT
/
tr-rc.lfeeder.com/ 		43 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr-rc.lfeeder.com/?sid=3P1w24do6zP7mY5n&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6WyJHLVEwUVFHWUg5REwiXSwiZ2FDbGllbnRJZHMiOltdLCJjb250ZXh0Ijp7ImxpYnJhcnkiOnsibmFtZSI6ImxmdHJhY2tlciIsInZlcnNpb24iOiIyLjYzLjAifSwicGFnZVVybCI6Imh0dHBzOi8vbGFicy53YXRjaHRvd3IuY29tL2F1dGgtYnlwYXNzLWluLXVuLWxpbWl0ZWQtc2NlbmFyaW9zLXByb2dyZXNzLW1vdmVpdC10cmFuc2Zlci1jdmUtMjAyNC01ODA2LyIsInBhZ2VUaXRsZSI6IkF1dGguIEJ5cGFzcyBJbiAoVW4pTGltaXRlZCBTY2VuYXJpb3MgLSBQcm9ncmVzcyBNT1ZFaXQgVHJhbnNmZXIgKENWRS0yMDI0LTU4MDYpIiwicmVmZXJyZXIiOiIifSwiZXZlbnQiOiJ0cmFja2luZy1ldmVudCIsImNsaWVudEV2ZW50SWQiOiJmZjhiNzVkODhhNTg4ZmE5Iiwic2NyaXB0SWQiOiIzUDF3MjRkbzZ6UDdtWTVuIiwiY29va2llc0VuYWJsZWQiOnRydWUsImNvbnNlbnRMZXZlbCI6Im5vbmUiLCJhbm9ueW1pemVJcCI6ZmFsc2UsImxmQ2xpZW50SWQiOiJMRjEuMS5kNzY3MTZiZjE4MTk5NDAyLjE3MTkzNjc4Mjg4MjMiLCJmb3JlaWduQ29va2llcyI6W10sInByb3BlcnRpZXMiOnt9LCJhdXRvVHJhY2tpbmdFbmFibGVkIjp0cnVlLCJhdXRvVHJhY2tpbmdNb2RlIjoib25fc2NyaXB0X2xvYWQifQ==
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.32 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-32.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
via
1.1 ad3a844607df41a7152eab5ebe6e4056.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-P9
x-cache
LambdaGeneratedResponse from cloudfront
content-type
image/gif
content-length
43
x-amz-cf-id
6p2xfAfbTJKoEKM8NFPUxhNwrQwKJuECIRk-F1w9coxousIugdRc3Q==
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-Q0QQGYH9DL&gtm=45je46o1v877901959za200&_p=1719367828548&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=516645654.1719367829&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1719367828&sct=1&seg=0&dl=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&dt=Auth.%20Bypass%20In%20(Un)Limited%20Scenarios%20-%20Progress%20MOVEit%20Transfer%20(CVE-2024-5806)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=655&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Q0QQGYH9DL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 26 Jun 2024 02:10:29 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://labs.watchtowr.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
prism-csharp.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-csharp.min.js
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/prism-autoloader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4eca14394e584a4a3a747fe6dc0a93ddbc657880f7dbac3f8d119ccb206107e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1041603
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2162
last-modified
Sun, 17 Apr 2022 14:36:33 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"625c25f1-872"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5YPaYgbUHEkT2v%2FjeeX01imfKw%2BIVfPbMWMHYFWIKEkn%2Bl1c2AMLnV6dbQjaQkvkh3o9FbVWBn8DAZtwW7sLAeEv0OW2PPnLTiZUiiCiWJi%2Beisojm9gyKlosRdGmWf8c6%2Fk%2BjL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8999a9429c539125-FRA
expires
Mon, 16 Jun 2025 02:10:28 GMT
public
api.hubspot.com/livechat-public/v1/message/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.hubspot.com/livechat-public/v1/message/public?portalId=23785948&conversations-embed=static-1.16706&mobile=false&messagesUtk=9b970aacbeca4c16856814f7759d9f42&traceId=9b970aacbeca4c16856814f7759d9f42
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
x-hubspot-messages-uri
Access-Control-Request-Method
GET
Origin
https://labs.watchtowr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
false
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://labs.watchtowr.com
allow
HEAD,GET,OPTIONS
cf-cache-status
DYNAMIC
cf-ray
8999a9434913924f-FRA
content-length
18
content-type
text/plain; charset=utf-8
date
Wed, 26 Jun 2024 02:10:29 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ies6BXOmi33O%2FVkBVAZWHfC5P6U420n%2Bv05DYl7lPzOx1mdBpnJsaCh4tmNTcRA%2BOk56wzAD54o2yU46KUcw%2BXepGwMDvFDDWznCE1BCbzs5QJV45xd%2FFzQ19aXP39gcuWtn77RqKisRiDQwFw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
2
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-7dd59b876-6bm8d
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
c1c3b7de-7f36-4d8a-b8b7-2eb3259340b0
x-request-id
c1c3b7de-7f36-4d8a-b8b7-2eb3259340b0
public
api.hubspot.com/livechat-public/v1/message/ 		337 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubspot.com/livechat-public/v1/message/public?portalId=23785948&conversations-embed=static-1.16706&mobile=false&messagesUtk=9b970aacbeca4c16856814f7759d9f42&traceId=9b970aacbeca4c16856814f7759d9f42
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe173f18479484bd8fd8b471fa64d5a1ce77f7f1813b627a360d72be072edb35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
X-HubSpot-Messages-Uri
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
3cae0ac8-987c-4f19-8f87-6f8ae1430fea
x-envoy-upstream-service-time
13
content-length
261
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
3cae0ac8-987c-4f19-8f87-6f8ae1430fea
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://labs.watchtowr.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-7dd59b876-vh5w8
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ysDAL5qXHF9hITdMC4XUH14Ugza1KrYtE7TZPWWAGPpoLLuwApMnmlTkQvTeHnQdMhl46gmUOU0CRm0aJT0bvFdSp2Fv%2F%2F6YIt3wxdTQvXvDPV%2Boz0wPCJorvedXrz6A59c%2FUnjMDDIH872zGg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8999a9444972924f-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		136 B
480 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=23785948&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6ffe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1102619929d461c761d302e6023c47c0e8440f2c1e6215cced390867bd868e09
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
f3116974-affd-4841-a996-ed49fb1bdb50
x-envoy-upstream-service-time
12
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
f3116974-affd-4841-a996-ed49fb1bdb50
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://labs.watchtowr.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-csnpm
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
8999a943cd16bbce-FRA
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 		114 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=23785948
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f36c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6197ceff1122e8aa36a89d3554018d665b3ee7efb485588565c53cf9995654ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
078b9b48-e206-4706-a575-f3bc1349e7dd
content-encoding
br
x-envoy-upstream-service-time
3
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
078b9b48-e206-4706-a575-f3bc1349e7dd
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://labs.watchtowr.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-7dd59b876-qhbv4
access-control-max-age
180
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0HCscAjVyaO1xqRUW4vEeqf5y4iFDpjh3LvWE534pBoSceCZW63vn%2B01wtVmXVj1%2BKDamGU8iUhHwhkAVJ5%2FqhD93V08HAH46MyV71ykuwaORs31Bkw416lLGoYn7zgDAjtDbxyIW378ursI"}],"group":"cf-nel","max_age":604800}
cf-ray
8999a945a94c2bdf-FRA
access-control-allow-headers
*
track
api.factors.ai/sdk/event/ 		96 B
113 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.factors.ai/sdk/event/track
Requested by
Host: app.factors.ai
URL: https://app.factors.ai/assets/v1/factors.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.69.160.34.bc.googleusercontent.com
Software
/
Resource Hash
0aae1e585c8c550949e382b516f7c8a62b8584e11045b2a5660ea3b1790dee99

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
fp50m8phd32g8y5reokdoan3w55o0nc3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:29 GMT
via
1.1 google
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://labs.watchtowr.com
access-control-allow-credentials
true
x-req-id
cptnh5ck71m9iov4upkg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
96
track
api.factors.ai/sdk/event/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.factors.ai/sdk/event/track
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.69.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://labs.watchtowr.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users
access-control-allow-methods
GET,POST,PUT,HEAD,DELETE
access-control-allow-origin
https://labs.watchtowr.com
access-control-max-age
43200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 26 Jun 2024 02:10:29 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
/
px.ads.linkedin.com/wa/ 		0
198 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Accept
*
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:28 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: E03750FA31804D0BB4BEA46D71B01563 Ref B: DUS30EDGE0916 Ref C: 2024-06-26T02:10:29Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
access-control-allow-origin
https://labs.watchtowr.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYbwYS4hoBTf89BGBH7QA==
yl8vfv7j
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/yl8vfv7j
Requested by
Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-35.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
86dbfc3579371ca8ca15e0f82fbbd6e24a51b378dfc0be03e94dd0a5ba0efea2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
LX7j8OS2kJaElZMB_ycdhPUzZIZdgefL
content-encoding
gzip
via
1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
date
Wed, 26 Jun 2024 02:06:02 GMT
x-amz-cf-pop
FRA2-C1
age
271
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2673
last-modified
Tue, 25 Jun 2024 14:08:24 GMT
server
AmazonS3
etag
"2b493083ff2d4cbf9a24eb5f31210835"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
gFmFwTu8FbBPr62mJDrrmQ-fluNCgg2rX825V7tGp2OJP6qE--rVFg==
__ptq.gif
track.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=23785948&rcu=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&pu=https%3A%2F%2Flabs.watchtowr.com%2Fauth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806%2F&t=Auth.+Bypass+In+(Un)Limited+Scenarios+-+Progress+MOVEit+Transfer+(CVE-2024-5806)&cts=1719367829715&vi=65dd934c21e0d2a0de6bd0fd780a1554&nc=true&u=64999280.65dd934c21e0d2a0de6bd0fd780a1554.1719367829712.1719367829712.1719367829712.1&b=64999280.1.1719367829712&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 02:10:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
962082ac-c23d-44eb-b3a4-9959f8f6fbb4
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
14
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
962082ac-c23d-44eb-b3a4-9959f8f6fbb4
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yWpFnv1J0b5SXgubNklGK1giK8nBh79OpSMKzmJyukK8ypl7XHhcdzKJsjaWTluOyfgzGU9jYDIaxM54co%2FTpjFzM1uSDZb5tqC%2BHxJzRs2%2BbqYENjK81fijWhft7kM6Z9G6PQNlEZI7dmFUJBcP"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-vtjjp
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8999a948fcc51e4a-FRA
x-robots-tag
none
Logo.png
labs.watchtowr.com/content/images/size/w256h256/2022/05/ 		3 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://labs.watchtowr.com/content/images/size/w256h256/2022/05/Logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
dba1c596f2785886e854da7993f9e62f17831524432311f1776631ca100ae9f6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Wed, 26 Jun 2024 02:10:29 GMT
via
1.1 varnish, 1.1 varnish
age
942697
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
3199
ghost-fastly
true
x-request-id
cecb9be3-52ae-4ca4-b5d2-2f5aefd4ac6f
x-served-by
cache-ams21075-AMS, cache-cph2320034-CPH
last-modified
Wed, 25 Jan 2023 06:56:30 GMT
server
openresty
x-timer
S1719367830.915056,VS0,VE0
etag
W/"c7f-185e7b6bafe"
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
46, 0
frame-modern.3a9a1752.js
js.intercomcdn.com/ Frame 6CC0 		460 KB
139 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.3a9a1752.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yl8vfv7j
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-19.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0e43c0cf6d3e82a7f48f89d5d5ac328d01313697d02d8b78213f2a3dcf70e512
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
MJ1hsjIqCn24QyBgaJ8cdBHUONkpPpLY
content-encoding
gzip
via
1.1 e47c87f8fd9c4c08ac7559d0bcc2b4c2.cloudfront.net (CloudFront)
date
Wed, 26 Jun 2024 02:08:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
123
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
141250
last-modified
Tue, 25 Jun 2024 14:05:29 GMT
server
AmazonS3
etag
"f97f87317f7b3aebcadd9e185e7faa6c"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
hn3Pwdxhaul8lsPSN7r0Hjl00A6yDZ8YH6WwfTb6W4hgAEMduMgUmw==
vendor-modern.474c291e.js
js.intercomcdn.com/ Frame 6CC0 		486 KB
151 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.474c291e.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yl8vfv7j
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-19.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ba4f75609321720b64cdc808ed6425acfa4d3f59f1a75aa030a5afbe998457f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
9LF4BCvUFCECSsnX2p9QW4PrQm.Olf2E
content-encoding
gzip
via
1.1 e47c87f8fd9c4c08ac7559d0bcc2b4c2.cloudfront.net (CloudFront)
date
Wed, 26 Jun 2024 01:22:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
2872
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
154025
last-modified
Tue, 25 Jun 2024 13:19:37 GMT
server
AmazonS3
etag
"339033d60d16ff0e6be0411ddf24abd8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
JAnp_cnT48HICnncNaiBy0iaZkAGoHx23J_6foFgURtOkICEdMPRZw==
ping
api-iam.intercom.io/messenger/web/ Frame 6CC0 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.3a9a1752.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.224.70.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-224-70-138.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4235806fc792a370ed4fde522569227d3e8c3964623397168f0e38b4f337413f
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 26 Jun 2024 02:10:31 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-0e825a06bead32c4c
status
200 OK
x-xss-protection
1; mode=block
x-request-id
000bdnr6hlg6t1cuvnug
x-runtime
0.243394
server
nginx
etag
W/"4235806fc792a370ed4fde522569227d"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://labs.watchtowr.com
x-intercom-version
5051f0233d6596d068367fd168f220e0517da90a
access-control-expose-headers
x-request-id
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 undefined| event object| fence object| sharedStorage object| intercomSettings function| Intercom function| gtag object| dataLayer object| q function| track function| init function| reset function| page function| updateEventProperties function| identify function| addUserProperties function| getUserId function| call string| TOKEN undefined| INIT_PARAMS undefined| INIT_CALLBACK object| factors object| d function| ldfdr object| fs function| hj object| _hjSettings string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk function| lightbox function| pagination function| PhotoSwipeUI_Default function| PhotoSwipe function| reframe object| _self object| Prism boolean| _already_called_lintrk object| _hsp object| _faitracker boolean| FAITRACKER_LS_AVAILABLE number| dat object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled object| __gaConnectorEventsEmitted function| qt function| Kt function| zt function| Yt function| Ft function| Nt object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal boolean| PIXELS_RAN object| enabledEventSettings object| _hsq boolean| hubspot_live_messages_running object| HubSpotConversations object| _paq function| sanitizeKey boolean| _hstc_loaded object| __hsCollectedFormsDebug object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran object| FAITRACKER_CACHE number| FAITRACKER_FORM_BINDER_ID object| ORIBILI boolean| _hstc_ran object| hsCallsToActionsReady string| __hsUserToken number| expireDateTime function| __intercomAssignLocation function| __intercomReloadLocation

22 Cookies

Domain/Path Name / Value
.watchtowr.com/ Name: _lfa
Value: LF1.1.d76716bf18199402.1719367828823
.watchtowr.com/ Name: _ga_Q0QQGYH9DL
Value: GS1.1.1719367828.1.0.1719367828.0.0.0
.watchtowr.com/ Name: _ga
Value: GA1.1.516645654.1719367829
.linkedin.com/ Name: li_sugr
Value: 3a2fce33-4bb8-433a-9a0a-82677cf198fb
.linkedin.com/ Name: bcookie
Value: "v=2&cb1ed56f-ecd7-418a-8522-9f24b2fa21cb"
.linkedin.com/ Name: lidc
Value: "b=VGST07:s=V:r=V:a=V:p=V:g=2997:u=1:x=1:i=1719367828:t=1719454228:v=2:sig=AQG7iGvdAzHyLFZrQbMsco5abQsPVgD-"
.watchtowr.com/ Name: _hjSessionUser_2950076
Value: eyJpZCI6IjJhOWU0MGU5LTk2MGQtNWQzOC1iMzMyLWEwNmRjN2VhMDhmNSIsImNyZWF0ZWQiOjE3MTkzNjc4Mjg5NDcsImV4aXN0aW5nIjpmYWxzZX0=
.watchtowr.com/ Name: _hjSession_2950076
Value: eyJpZCI6IjY5YzY4NDcwLTRkZmYtNDlkYS05YmRjLTQ4MjQyY2RlZTkxNyIsImMiOjE3MTkzNjc4Mjg5NTEsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.linkedin.com/ Name: UserMatchHistory
Value: AQK1tayQ54IvPAAAAZBSTwYkH5r77OM9sQ5X8cOtijsmq7Vyf8ig2bl6LR7H0Giqdb4PjxcOlPT9OA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLjVAF9Q8tpUQAAAZBSTwYkMDH5F4squYc45N8zyFOgkkEId1e-NfOtj15KxYgrr0XEOnbi_XdITNfl_Nfp3w
.watchtowr.com/ Name: _fuid
Value: ZDM5NmQ1NjgtMWIyYy00MTEwLWFlNzQtYTBiMWVlNzhjYjdj
.www.linkedin.com/ Name: bscookie
Value: "v=1&20240626021029a1fea5b8-d4e5-4cb3-8d64-384fe28867c8AQHrdaCr9J8DLt-OFy4HohdrTp9p1XSr"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MTkzNjc4Mjk7MjswMjEvkyo5IyPBk7Cx0pKHdzW16WOW1JpZ2xaEKqlQIjqowQ==
.watchtowr.com/ Name: __hstc
Value: 64999280.65dd934c21e0d2a0de6bd0fd780a1554.1719367829712.1719367829712.1719367829712.1
.watchtowr.com/ Name: hubspotutk
Value: 65dd934c21e0d2a0de6bd0fd780a1554
.watchtowr.com/ Name: __hssrc
Value: 1
.watchtowr.com/ Name: __hssc
Value: 64999280.1.1719367829712
.hubspot.com/ Name: __cf_bm
Value: cSX6OmZ7Z50QGFhPBjGhETlEfG_rfiPsALnTInimw_E-1719367830-1.0.1.1-WaTVDYtK19B_1G6JwOhUkIvEFNPj6T0t8erZ6gvubJddnf1LGlsZRfs0RsKr2oxkdLHJIVWaCJtDklcjZGCnlQ
.hubspot.com/ Name: _cfuvid
Value: _gRRjSHdMBCTH20TQuz9_.jpfLnjPuCLhehw6zQerRM-1719367830046-0.0.1.1-604800000
.watchtowr.com/ Name: intercom-id-yl8vfv7j
Value: f438232b-35f4-434a-9362-e110e97be77f
.watchtowr.com/ Name: intercom-session-yl8vfv7j
Value:
.watchtowr.com/ Name: intercom-device-id-yl8vfv7j
Value: 47b74105-9ab6-4838-a78d-389fbe54264f

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
api.factors.ai
api.hubapi.com
api.hubspot.com
app.factors.ai
cdn.jsdelivr.net
cdnjs.cloudflare.com
fonts.googleapis.com
forms.hscollectedforms.net
js-na1.hs-scripts.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.intercomcdn.com
js.usemessages.com
labs.watchtowr.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
sc.lfeeder.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
tr-rc.lfeeder.com
track.hubspot.com
widget.intercom.io
www.googletagmanager.com
www.linkedin.com
104.17.24.14
13.107.42.14
13.224.189.35
13.33.187.19
151.101.65.195
18.245.46.19
18.245.46.32
18.66.102.11
2001:4860:4802:32::36
2600:9000:2250:ca00:4:d7e1:700:93a1
2606:4700:4400::ac40:991b
2606:4700::6810:4c8e
2606:4700::6810:6ffe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:8dd1
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6812:f36c
2620:1ec:21::14
2a00:1450:4001:80e::200a
2a00:1450:4001:831::2008
2a02:26f0:3500:10::210:a99
2a04:4e42:200::485
2a04:4e42::775
34.160.69.120
54.224.70.138
00353a58949e776e76d99ad58d42e1287889dd3d3299e0ef67e111303bfbe24c
0aae1e585c8c550949e382b516f7c8a62b8584e11045b2a5660ea3b1790dee99
0e43c0cf6d3e82a7f48f89d5d5ac328d01313697d02d8b78213f2a3dcf70e512
1102619929d461c761d302e6023c47c0e8440f2c1e6215cced390867bd868e09
15da420d295a885c78bf372cb01d0078bfc2f56c93a0203c34ce2fd4bbd6f4ca
1b15fe2971998a048aebb60f26f6eed76122071db9ef3b995abd003224f52a98
1fca19e97c3cbc726acc8d8e5ccb34aa99a0b6153054d724560a53c07a652397
274ba032d9071697b02e08b0833af8b4ed90b453740cdc11528b7e058bdb8f36
28eaa176c9a1856eedfd5aab7a68838bb5ffa51edf2a649ebcda47b09ae72ac1
4235806fc792a370ed4fde522569227d3e8c3964623397168f0e38b4f337413f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
6197ceff1122e8aa36a89d3554018d665b3ee7efb485588565c53cf9995654ba
653dd026068639c920becd532cf32e17cab76ed6de3d821abfc7ba6c49b6ea64
73e90bca3350ae511b91bb029abfdc78760e164530c9cfd8f1f5e5d007a254b4
743c4b93ab02f0ece15aa8bdb1f7b5d57e1753fe5ef6d320612ee0888e1196c6
74beaf9148829f7d253d337d715ae6407a39510984c0332bc76a69024e088559
753b5d77684b20581dddd43b3a944bca93a44da9e6dee0c8232ca6ed8a40ead5
789ad6b54d10a01a13238849bba8335168416a9145593404a68019b2b3b2c1f8
7b257e1e81be5f3928d1fa0dc765a5d77eb818b61d72f940ee947dc955bbbb0b
7f60bbfe61a7c26d4f01b17af1d324429da09ad82554c9f049b4ff523107f96e
841e37fe49b3281facfe12fefbe0382175cdb84bc701dd3ebd8eb10c5e59599d
86ae6764730a81e65bb4ef02adee5bdddee05973415b09dc1055fab1adebf9fa
86dbfc3579371ca8ca15e0f82fbbd6e24a51b378dfc0be03e94dd0a5ba0efea2
940659f8d87bd9fb978259de46239cf8b46aba94633085974ecc86c965455e2c
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
94d75ebec8b30ab13185f27a45dcd63efad1e3c8588c6ec7a6f6a91aa72b475e
a31b6a57cc0c3f9236b5fdcc5ff931e06b0af6ee9df5bdffc184060f123e5d1a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b380d740626dde396c64470b8a104722e564ec1aa7aff25a724de1c29b67ffc8
ba4f75609321720b64cdc808ed6425acfa4d3f59f1a75aa030a5afbe998457f7
c04c22ec20671d45136ecbb2c6c1729daecf3a089378842a926769966202c863
c114a5641b9988aecb7a00c47bd1d37d912883ff4ef9c3b9fe6ad21603ab1066
c76ba4e240932bdc75546be30e550f5ba5e13815ff71511c76e9e27ac3072444
ceaf8255e1258fa5e1e32c9dee6c940e0562695951c628f7415b9a93eb085e95
dba1c596f2785886e854da7993f9e62f17831524432311f1776631ca100ae9f6
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e2624d4f66cc5f171cd460896b106630f7666a1e638b42dd9ddefd0ca7758683
e2f5f034a70265449dbdd6ba7305df5d29dafff850a42eb08eb9a2f6d8c7e838
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed4385685bcf2d4935c8dbbab4bde16603da1329e092d2bf36c3dadd67e9a85c
f4eca14394e584a4a3a747fe6dc0a93ddbc657880f7dbac3f8d119ccb206107e
fe173f18479484bd8fd8b471fa64d5a1ce77f7f1813b627a360d72be072edb35