labs.watchtowr.com Open in urlscan Pro
2a04:4e42:600::775 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/#ransompages
Effective URL:
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Submission: On August 04 via api (August 4th 2024, 8:23:58 am UTC) from LU — Scanned from DE

Summary HTTP 50 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 28 IPs in 3 countries across 22 domains to perform 50 HTTP transactions. The main IP is 2a04:4e42:600::775, located in United States and belongs to FASTLY, US. The main domain is labs.watchtowr.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on July 20th 2024. Valid for: 3 months.

This is the only time labs.watchtowr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	2a04:4e42:600... 2a04:4e42:600::775	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bb1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:8ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.1.195 151.101.1.195	54113 (FASTLY) (FASTLY)
1	2600:9000:225... 2600:9000:2250:9200:4:d7e1:700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.66.102.11 18.66.102.11	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:480... 2a02:26f0:480:15::213:7e4a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:4769	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2620:1ec:50::12 2620:1ec:50::12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	34.160.69.120 34.160.69.120	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	13.32.27.19 13.32.27.19	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	52.54.143.95 52.54.143.95	14618 (AMAZON-AES) (AMAZON-AES)
1	52.16.226.145 52.16.226.145	16509 (AMAZON-02) (AMAZON-02)
1	18.245.46.110 18.245.46.110	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6810:6ffe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4e8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:16b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:f36c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.224.189.74 13.224.189.74	16509 (AMAZON-02) (AMAZON-02)
2	18.245.46.19 18.245.46.19	16509 (AMAZON-02) (AMAZON-02)
1	54.166.62.194 54.166.62.194	14618 (AMAZON-AES) (AMAZON-AES)
50	28

12 2a04:4e42:600::775 (United States)

ASN54113 (FASTLY, US)

labs.watchtowr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bb1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

js-na1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.195 (San Francisco, United States)

ASN54113 (FASTLY, US)

app.factors.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:9200:4:d7e1:700:93a1 (United States)

ASN16509 (AMAZON-02, US)

sc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-11.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:15::213:7e4a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4769 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:50::12 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.160.69.120 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 120.69.160.34.bc.googleusercontent.com

api.factors.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-19.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.54.143.95 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-143-95.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.226.145 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-226-145.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.46.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-110.fra56.r.cloudfront.net

tr-rc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6ffe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4e8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:16b7 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f36c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-74.fra2.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.46.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-19.fra56.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.166.62.194 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-166-62-194.compute-1.amazonaws.com

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	watchtowr.com labs.watchtowr.com	189 KB
7	factors.ai app.factors.ai — Cisco Umbrella Rank: 157072 api.factors.ai — Cisco Umbrella Rank: 78799	10 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 px4.ads.linkedin.com — Cisco Umbrella Rank: 7330	2 KB
3	hubspot.com api.hubspot.com — Cisco Umbrella Rank: 9983 track.hubspot.com — Cisco Umbrella Rank: 5359	2 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 28532 scout.salesloft.com — Cisco Umbrella Rank: 36652	4 KB
2	intercomcdn.com js.intercomcdn.com — Cisco Umbrella Rank: 7846	369 KB
2	intercom.io widget.intercom.io — Cisco Umbrella Rank: 5025 api-iam.intercom.io — Cisco Umbrella Rank: 5121	6 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 9601 forms.hscollectedforms.net — Cisco Umbrella Rank: 9837	25 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 1335 script.hotjar.com — Cisco Umbrella Rank: 2017	60 KB
2	lfeeder.com sc.lfeeder.com — Cisco Umbrella Rank: 36891 tr-rc.lfeeder.com — Cisco Umbrella Rank: 45723	11 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 7580	1 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 5067	26 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 7189	4 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 5135	25 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 10675	24 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 8904	171 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3123
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	hs-scripts.com js-na1.hs-scripts.com — Cisco Umbrella Rank: 14508	1 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	95 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	65 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	2 KB
50	22

	Domain	Requested by
12	labs.watchtowr.com	labs.watchtowr.com
6	api.factors.ai	app.factors.ai
3	px.ads.linkedin.com	1 redirects snap.licdn.com
2	js.intercomcdn.com	widget.intercom.io
2	api.hubspot.com	js.usemessages.com
2	scout.salesloft.com	scout-cdn.salesloft.com
1	api-iam.intercom.io	js.intercomcdn.com
1	track.hubspot.com
1	widget.intercom.io	labs.watchtowr.com
1	api.hubapi.com	js.hsadspixel.net
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	js.hs-banner.com	js-na1.hs-scripts.com
1	js.hsadspixel.net	js-na1.hs-scripts.com
1	js.hs-analytics.net	js-na1.hs-scripts.com
1	js.usemessages.com	js-na1.hs-scripts.com
1	js.hscollectedforms.net	js-na1.hs-scripts.com
1	tr-rc.lfeeder.com	labs.watchtowr.com
1	content.hotjar.io	script.hotjar.com
1	region1.google-analytics.com	www.googletagmanager.com
1	script.hotjar.com	static.hotjar.com
1	px4.ads.linkedin.com	labs.watchtowr.com
1	scout-cdn.salesloft.com	labs.watchtowr.com
1	snap.licdn.com	labs.watchtowr.com
1	static.hotjar.com	labs.watchtowr.com
1	sc.lfeeder.com	labs.watchtowr.com
1	app.factors.ai	labs.watchtowr.com
1	js-na1.hs-scripts.com	labs.watchtowr.com
1	www.googletagmanager.com	labs.watchtowr.com
1	cdn.jsdelivr.net	labs.watchtowr.com
1	fonts.googleapis.com	labs.watchtowr.com
50	30

This site contains links to these domains. Also see Links.

Domain
watchtowr.com
www.watchtowr.com
www.linkedin.com
twitter.com
github.com
devco.re
host
pentesterlab.com
ghost.org

Subject Issuer	Validity	Valid
labs.watchtowr.com ZeroSSL RSA Domain Secure Site CA	`2024-07-20` - `2024-10-18`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
hs-scripts.com WE1	`2024-07-29` - `2024-10-27`	3 months	crt.sh
app.factors.ai WR3	`2024-07-15` - `2024-10-13`	3 months	crt.sh
*.lfeeder.com Amazon RSA 2048 M02	`2024-02-20` - `2025-03-20`	a year	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-20` - `2025-04-19`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
api.factors.ai WR3	`2024-07-26` - `2024-10-24`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-01-31` - `2025-03-01`	a year	crt.sh
hscollectedforms.net WE1	`2024-07-25` - `2024-10-23`	3 months	crt.sh
usemessages.com E5	`2024-06-10` - `2024-09-08`	3 months	crt.sh
hs-analytics.net WE1	`2024-06-11` - `2024-09-09`	3 months	crt.sh
hsadspixel.net E6	`2024-06-14` - `2024-09-12`	3 months	crt.sh
hs-banner.com WE1	`2024-07-27` - `2024-10-25`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hubapi.com E6	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.intercom.com Amazon RSA 2048 M03	`2024-01-15` - `2025-02-11`	a year	crt.sh
*.intercomcdn.com Amazon RSA 2048 M02	`2023-12-01` - `2024-12-29`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Frame ID: AD4A3DEB5A030B4DBFF37F15C959E482
Requests: 43 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame.f04067ac.js
Frame ID: 0F478166ACED7070562936A1510BBD95
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

No Way, PHP Strikes Again! (CVE-2024-4577)

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

50
Requests

98 %
HTTPS

64 %
IPv6

22
Domains

30
Subdomains

28
IPs

3
Countries

935 kB
Transfer

2866 kB
Size

21
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://watchtowr.com/
Title: Platform

Search URL Search Domain Scan URL

URL: https://www.watchtowr.com/#contact
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/watchtowr

Search URL Search Domain Scan URL

URL: https://twitter.com/watchtowrcyber

Search URL Search Domain Scan URL

URL: https://github.com/watchtowrlabs

Search URL Search Domain Scan URL

URL: https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/?ref=labs.watchtowr.com
Title: blogpost

Search URL Search Domain Scan URL

URL: http://host/cgi.php?foo=bar&ref=labs.watchtowr.com
Title: http://host/cgi.php?foo=bar

Search URL Search Domain Scan URL

URL: https://pentesterlab.com/exercises/cve-2012-1823/course?ref=labs.watchtowr.com
Title: writeup

Search URL Search Domain Scan URL

URL: https://www.watchtowr.com/?ref=labs.watchtowr.com
Title: watchTowr

Search URL Search Domain Scan URL

URL: https://www.watchtowr.com/

Search URL Search Domain Scan URL

URL: https://ghost.org/
Title: Powered by Ghost

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1722759833573&url=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F%23ransompages HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1722759833573&url=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F%23ransompages&e_ipv6=AQKKxp4mOOjjPAAAAZEcfOhdzZk2GcWPA6m6N1tjuYw6B2BcfhCHxYsUUGn8dp593eCIH27En9pUrxOvrcFMljDuMzxnAQ

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ 28 KB
10 KB 283ms
10ms Document
text/html 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 13078988ea0ee835853e98ded98095727f4834c3b8b9616c0f94c2715e03c04f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

accept-ranges: bytes
age: 436943
alt-svc: clear
cache-control: public, max-age=0
content-encoding: gzip
content-length: 9795
content-type: text/html; charset=utf-8
date: Sun, 04 Aug 2024 08:23:53 GMT
etag: W/"7060-YrWbY/6Px0yHiRFV22n1L4mG1tw"
ghost-age: 0
ghost-cache: MISS
ghost-fastly: true
server: openresty
status: 200 OK
vary: Cookie, Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 17, 0
x-request-id: 1309b95b-9091-4083-9be3-d95c0b7f2fdd
x-served-by: cache-ams21034-AMS, cache-fra-etou8220112-FRA
x-timer: S1722759833.402771,VS0,VE3

GET
H2 200 css2
fonts.googleapis.com/ 38 KB
2 KB 79ms
18ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lora:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&family=Inter:wght@400;500;600;700;800&display=swap

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7149369f0c12985b32524efa29a3adb8d6e7fde9b1966aa0cf1dbca4575bc60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://labs.watchtowr.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000
date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Sun, 04 Aug 2024 08:23:53 GMT

GET
H2 200 screen.css
labs.watchtowr.com/assets/built/ 32 KB
7 KB 9ms
9ms Stylesheet
text/css 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/assets/built/screen.css?v=6cc64998d8
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: c04c22ec20671d45136ecbb2c6c1729daecf3a089378842a926769966202c863

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 436943
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 6999
ghost-fastly: true
x-request-id: a1f4460e-c0e8-4905-8bb6-8471554b8dd6
x-served-by: cache-ams2100114-AMS, cache-fra-etou8220112-FRA
last-modified: Fri, 21 Jun 2024 06:09:44 GMT
server: openresty
x-timer: S1722759833.441961,VS0,VE2
etag: W/"7f54-190396a44ad"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 2, 0

GET
H2 200 sodo-search.min.js Show response
cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/ 197 KB
65 KB 60ms
21ms Script
application/javascript 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/sodo-search.min.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73e90bca3350ae511b91bb029abfdc78760e164530c9cfd8f1f5e5d007a254b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Origin: https://labs.watchtowr.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 20510
x-jsd-version: 1.1.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 65539
x-served-by: cache-fra-etou8220075-FRA, cache-lga21950-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"313b2-PGFkfSo33Bwphw9PaHfsB1kMn/Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BcDv5U%2FwxNuvPCwxhmc3vw0b9kPoKtK%2BlcFCaGVRCxmdYvyMlkN%2FNs7aRU1Ok7WoS%2BUF%2FsiLPex4i%2ByF5c39DYeyyNdD0UErOm8mxwWwvHUJLZS5zweWVZLipFH3axC0NfGb2XqzNE6%2FX62C%2FR8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8add25dfcdc00bd6-AMS

GET
H2 200 cards.min.js Show response
labs.watchtowr.com/public/ 6 KB
2 KB 9ms
8ms Script
application/javascript 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/public/cards.min.js?v=6cc64998d8
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 7b257e1e81be5f3928d1fa0dc765a5d77eb818b61d72f940ee947dc955bbbb0b

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 436943
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 1490
ghost-fastly: true
x-request-id: a2aa26c8-2327-47f2-8c02-0ab0d4db5b0c
x-served-by: cache-ams2100138-AMS, cache-fra-etou8220112-FRA
server: openresty
x-timer: S1722759834.523500,VS0,VE2
etag: W/"143954965104cf254bf1a498449c6855"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 2, 0

GET
H2 200 cards.min.css
labs.watchtowr.com/public/ 37 KB
6 KB 10ms
10ms Stylesheet
text/css 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/public/cards.min.css?v=6cc64998d8
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: e2f5f034a70265449dbdd6ba7305df5d29dafff850a42eb08eb9a2f6d8c7e838

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 436943
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 6278
ghost-fastly: true
x-request-id: 1b06fe09-b825-45ad-9438-57e70101d5ae
x-served-by: cache-ams2100146-AMS, cache-fra-etou8220112-FRA
server: openresty
x-timer: S1722759833.442594,VS0,VE2
etag: W/"ec426a3cdde603093dd319f349415771"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 2, 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 275 KB
95 KB 61ms
31ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q0QQGYH9DL

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

94f4de84a145497610d157771f8c588bae9d65134242d047f2acf9c12c7f7605

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96807
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 04 Aug 2024 08:23:53 GMT

GET
H2 200 23785948.js Show response
js-na1.hs-scripts.com/ 2 KB
1 KB 161ms
127ms Script
application/javascript 2606:4700::6810:8ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-na1.hs-scripts.com/23785948.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

494ce57d806420cbcf0a14689dfdcd4cbc1ebbc60f1d3c8c1ba93c93afde6e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 05b6934e-2287-4698-b6d5-ef856e5523a7
x-envoy-upstream-service-time: 13
content-length: 686
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 05b6934e-2287-4698-b6d5-ef856e5523a7
last-modified: Sun, 04 Aug 2024 08:23:53 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-85b74c4c74-crk7w
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 8add25dfca8f9fd0-AMS

GET
H2 200 watchTowr---Labs-White.svg
labs.watchtowr.com/content/images/2022/04/ 3 KB
2 KB 15ms
15ms Image
image/svg+xml 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.watchtowr.com/content/images/2022/04/watchTowr---Labs-White.svg
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 653dd026068639c920becd532cf32e17cab76ed6de3d821abfc7ba6c49b6ea64

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 954702
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 1192
ghost-fastly: true
x-request-id: 80b7f706-83ee-431f-a824-089892687912
x-served-by: cache-ams21080-AMS, cache-fra-etou8220112-FRA
last-modified: Sat, 30 Apr 2022 05:09:19 GMT
server: openresty
ghost-ratelimits: global=(1.000,0.000,0.000)
ghost-ratelimited: global=false
etag: W/"c1a-18078df92b7"
x-timer: S1722759833.443436,VS0,VE2
vary: Cookie, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 455, 0

GET
H2 200 noway.png
labs.watchtowr.com/content/images/size/w1200/2024/06/ 98 KB
98 KB 14ms
14ms Image
image/png 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.watchtowr.com/content/images/size/w1200/2024/06/noway.png
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: b6b66acc8bcf91dca16f4f00d15e4c9916c3e9cd92d2ed1d13b1e0d445d55090

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
via: 1.1 varnish, 1.1 varnish
age: 724716
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 100168
ghost-fastly: true
x-request-id: 93122fe2-5683-4ec5-ac81-473121597924
x-served-by: cache-ams21021-AMS, cache-fra-etou8220112-FRA
last-modified: Fri, 07 Jun 2024 08:13:32 GMT
server: openresty
x-timer: S1722759833.443666,VS0,VE1
etag: W/"18748-18ff1c2951b"
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 3, 0

GET
H2 200 logo-white.svg
labs.watchtowr.com/assets/images/ 630 B
551 B 15ms
12ms Image
image/svg+xml 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.watchtowr.com/assets/images/logo-white.svg
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: ceaf8255e1258fa5e1e32c9dee6c940e0562695951c628f7415b9a93eb085e95

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1057780
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 356
ghost-fastly: true
x-request-id: 22e78893-a509-4c12-93d7-87dda1ef01bf
x-served-by: cache-ams2100146-AMS, cache-fra-etou8220112-FRA
last-modified: Fri, 21 Jun 2024 06:09:44 GMT
server: openresty
x-timer: S1722759833.476914,VS0,VE1
etag: W/"276-190396a44ef"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 323, 0

GET
H2 200 main.min.js Show response
labs.watchtowr.com/assets/built/ 44 KB
16 KB 19ms
11ms Script
application/javascript 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/assets/built/main.min.js?v=6cc64998d8
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 1fca19e97c3cbc726acc8d8e5ccb34aa99a0b6153054d724560a53c07a652397

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 436943
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 16347
ghost-fastly: true
x-request-id: ddb6b648-c09c-4b64-8c4d-b6ab50a2a610
x-served-by: cache-ams21078-AMS, cache-fra-etou8220112-FRA
last-modified: Fri, 21 Jun 2024 06:09:44 GMT
server: openresty
x-timer: S1722759834.502546,VS0,VE5
etag: W/"b10f-190396a44a4"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 2, 0

GET
H2 200 factors.js Show response
app.factors.ai/assets/v1/ 35 KB
10 KB 69ms
7ms Script
text/javascript 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.factors.ai/assets/v1/factors.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c948ab390b373bc5fc24b50cdb8c299c4887928cc07615882082c5790cc4e0c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

x-cache-hits: 14
strict-transport-security: max-age=31556926
content-encoding: br
date: Sun, 04 Aug 2024 08:23:53 GMT
last-modified: Fri, 02 Aug 2024 14:58:25 GMT
x-timer: S1722759834.588653,VS0,VE0
etag: "7baca93380d7319088cf8cadf2b2247819c560467ca59003faebc5273eb674fd-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9680
x-served-by: cache-fra-etou8220020-FRA

GET
H2 200 lftracker_v1_3P1w24do6zP7mY5n.js Show response
sc.lfeeder.com/ 31 KB
11 KB 64ms
11ms Script
application/javascript 2600:9000:2250:9200:4:d7e1:700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_3P1w24do6zP7mY5n.js
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9200:4:d7e1:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5c0bc5673866e25da9fd4c30974ee5535c141998f2d71bf494311be7d75abd92

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

x-amz-version-id: Asi0.wQjUHQNQMU23AIKi1.8m2EyWh58
content-encoding: br
via: 1.1 4b07e670df891a80bcae1d5be052af3c.cloudfront.net (CloudFront)
date: Sun, 04 Aug 2024 08:23:53 GMT
x-amz-cf-pop: FRA60-P2
age: 2220
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 25 Jul 2024 07:32:22 GMT
server: AmazonS3
etag: W/"0c595bb4d7b3c35632b7fc2dc92d008b"
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: jNQx6-WM2Y4ZSFOWSQ31Sk2_HgbGuxJuuD3HjNBPv0B4uJ9vUGv2Ew==

GET
H2 200 hotjar-2950076.js Show response
static.hotjar.com/c/ 11 KB
5 KB 76ms
43ms Script
application/javascript 18.66.102.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2950076.js?sv=6

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-11.fra56.r.cloudfront.net

Software

Resource Hash

d1768e438483ed1e9c587d489c31e5cda556c0dddb5c0eb7b26f3243751752f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Sun, 04 Aug 2024 08:23:53 GMT
via: 1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/3ad0c44c40536e755c88380c4b6703fe
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: lFXvR4mJj3twjmcDdWv1ZFuqxTyFR6LCavOiBv8ForiNsmcBhg8X0Q==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 40ms
8ms Script
application/javascript 2a02:26f0:480:15::213:7e4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:15::213:7e4a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2024 05:33:09 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=74947
accept-ranges: bytes
content-length: 14597

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 96ms
21ms Script
application/javascript 2606:4700::6810:4769
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4769 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: AT5SM6MTZYM348FF
age: 5233
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /4M1luxg7P/u9KLOIfCoXo30rfuAQSV8ZbwFSSJ8u3DX8knTm+/f7id/xQ5ds4Y8zDu4qVfSWUU=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 8add25e00b130e39-AMS
expires: Sun, 04 Aug 2024 12:23:53 GMT

GET
H2 200 ABCFavorit-Light.woff2
labs.watchtowr.com/assets/fonts/ 38 KB
38 KB 11ms
10ms Font
font/woff2 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/assets/fonts/ABCFavorit-Light.woff2
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/assets/built/screen.css?v=6cc64998d8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 274ba032d9071697b02e08b0833af8b4ed90b453740cdc11528b7e058bdb8f36

Request headers

Referer: https://labs.watchtowr.com/assets/built/screen.css?v=6cc64998d8
Origin: https://labs.watchtowr.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
via: 1.1 varnish, 1.1 varnish
age: 1063075
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 39044
ghost-fastly: true
x-request-id: ba2eb723-1364-44c3-862f-89a2ca804aee
x-served-by: cache-ams2100140-AMS, cache-fra-etou8220112-FRA
last-modified: Fri, 21 Jun 2024 06:09:44 GMT
server: openresty
x-timer: S1722759834.572756,VS0,VE2
etag: W/"9884-190396a44c0"
content-type: font/woff2
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 440, 0

GET
H2 200 image.png
labs.watchtowr.com/content/images/2024/06/ 683 B
874 B 10ms
10ms Image
image/png 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.watchtowr.com/content/images/2024/06/image.png
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 30a4e27bb5dc275877144a180e126138606cce802fae1ac7ee8c0830f8b64a83

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
via: 1.1 varnish, 1.1 varnish
age: 1845608
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 683
ghost-fastly: true
x-request-id: 9aa655a8-9901-473b-ae58-b3ef495dc67f
x-served-by: cache-ams21057-AMS, cache-fra-etou8220112-FRA
last-modified: Fri, 07 Jun 2024 07:37:46 GMT
server: openresty
x-timer: S1722759834.572057,VS0,VE1
etag: W/"2ab-18ff1a1d83f"
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 8, 0

GET
H2 200 image-1.png
labs.watchtowr.com/content/images/2024/06/ 4 KB
5 KB 13ms
13ms Image
image/png 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.watchtowr.com/content/images/2024/06/image-1.png
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 683470e4d5f70b4b84ab1c26414a6217585adf7df6fd7a52e6bca25db40351d2

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
via: 1.1 varnish, 1.1 varnish
age: 382177
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 4394
ghost-fastly: true
x-request-id: 8fc23bfa-bec5-4eb7-9670-cdb8ae0fe836
x-served-by: cache-ams21067-AMS, cache-fra-etou8220112-FRA
last-modified: Fri, 07 Jun 2024 07:38:15 GMT
server: openresty
x-timer: S1722759834.572181,VS0,VE1
etag: W/"112a-18ff1a2494a"
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 9, 0

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
816 B 167ms
126ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3860676&time=1722759833573&url=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F%23ransompages
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: F0A5CA12ED124C1ABEB21068CF5B9D7F Ref B: DUS30EDGE0714 Ref C: 2024-08-04T08:23:53Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYe10frUN6rvSRZxHLklw==
x-fs-uuid: 00061ed747eb50deabbd2459c472e497

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1722759833573&url=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F%23ransompages
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1722759833573&url=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F%23ransompages&e_ipv6=AQKKxp4mOOjjPAAA...

0
266 B

173ms
149ms

Image
application/javascript

2620:1ec:50::12
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1722759833573&url=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F%23ransompages&e_ipv6=AQKKxp4mOOjjPAAAAZEcfOhdzZk2GcWPA6m6N1tjuYw6B2BcfhCHxYsUUGn8dp593eCIH27En9pUrxOvrcFMljDuMzxnAQ
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Server: 2620:1ec:50::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 39B6B96A14A5467FBE8A6A63C860E12D Ref B: FRA231050412009 Ref C: 2024-08-04T08:23:53Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYe10fuPykOHlqAJc1TSw==

Redirect headers

date: Sun, 04 Aug 2024 08:23:53 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: F0479EB550E44674B26E91768937E49B Ref B: FRAEDGE1615 Ref C: 2024-08-04T08:23:53Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1722759833573&url=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F%23ransompages&e_ipv6=AQKKxp4mOOjjPAAAAZEcfOhdzZk2GcWPA6m6N1tjuYw6B2BcfhCHxYsUUGn8dp593eCIH27En9pUrxOvrcFMljDuMzxnAQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYe10frj3bIz9XYpuuwtA==

POST
H2 200 get_info Show response
api.factors.ai/sdk/ 311 B
412 B 157ms
155ms Fetch
application/json 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/get_info
Requested by: Host: app.factors.ai
URL: https://app.factors.ai/assets/v1/factors.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash: 2c656144f906537b46fe3e6ddbda812e6ff788b82a483e220c92bc09658615af

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Authorization: fp50m8phd32g8y5reokdoan3w55o0nc3
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1
Content-Type: application/json

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
via: 1.1 google
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
access-control-allow-credentials: true
x-req-id: cqnjl68navvr92jjc810
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 311

GET
H2 200 modules.8da33a8f469c3b5ffcec.js Show response
script.hotjar.com/ 223 KB
56 KB 47ms
8ms Script
application/javascript 13.32.27.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2950076.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-19.fra56.r.cloudfront.net

Software

Resource Hash

76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 30 Jul 2024 14:23:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 410447
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56385
last-modified: Tue, 30 Jul 2024 14:22:40 GMT
etag: "0728625a147ca79276a1790b9cf3175d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: OhHoAU5fEFFMSsQrpbJJjsY5wHz7QQH7xcBC12U3-CQc56j1Nps7_g==

OPTIONS
H2 200 get_info
api.factors.ai/sdk/ Frame 0
0 190ms
153ms Preflight 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/get_info
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://labs.watchtowr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users
access-control-allow-methods: GET,POST,PUT,HEAD,DELETE
access-control-allow-origin: https://labs.watchtowr.com
access-control-max-age: 43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sun, 04 Aug 2024 08:23:53 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 51ms
19ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Q0QQGYH9DL&gtm=45je47v0v877901959za200&_p=1722759833520&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=416517466.1722759834&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722759833&sct=1&seg=0&dl=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F&dt=No%20Way%2C%20PHP%20Strikes%20Again!%20(CVE-2024-4577)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=537
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Q0QQGYH9DL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Sun, 04 Aug 2024 08:23:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.watchtowr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
359 B 532ms
98ms XHR
application/json 52.54.143.95
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMTIzMjd9.VPRLDlVywXvamkHUrZOJN7rKvtF70sMZ21c4f5nxvn0

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.54.143.95 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-54-143-95.compute-1.amazonaws.com

Software

Resource Hash

1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 7a117f33f106c55b22adb16b1de0e59a

POST
H2 200 / Show response
content.hotjar.io/ 56 B
171 B 440ms
62ms XHR
application/json 52.16.226.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=2950076&gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.16.226.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-16-226-145.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 54a5443e4cd837e1c405458cc22c9fbb61b0e32b0c0f989fc840a2466ef2b24e

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 04 Aug 2024 08:23:54 GMT
content-length: 56
access-control-max-age: 86400
content-type: application/json

GET
H2 200 /
tr-rc.lfeeder.com/ 43 B
339 B 92ms
58ms Image
image/gif 18.245.46.110
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr-rc.lfeeder.com/?sid=3P1w24do6zP7mY5n&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6WyJHLVEwUVFHWUg5REwiXSwiZ2FDbGllbnRJZHMiOlsiNDE2NTE3NDY2LjE3MjI3NTk4MzQiXSwiY29udGV4dCI6eyJsaWJyYXJ5Ijp7Im5hbWUiOiJsZnRyYWNrZXIiLCJ2ZXJzaW9uIjoiMi42NC4wIn0sInBhZ2VVcmwiOiJodHRwczovL2xhYnMud2F0Y2h0b3dyLmNvbS9uby13YXktcGhwLXN0cmlrZXMtYWdhaW4tY3ZlLTIwMjQtNDU3Ny8jcmFuc29tcGFnZXMiLCJwYWdlVGl0bGUiOiJObyBXYXksIFBIUCBTdHJpa2VzIEFnYWluISAoQ1ZFLTIwMjQtNDU3NykiLCJyZWZlcnJlciI6IiJ9LCJldmVudCI6InRyYWNraW5nLWV2ZW50IiwiY2xpZW50RXZlbnRJZCI6ImY2NzdhMDcyMTYyZmRkYjYiLCJzY3JpcHRJZCI6IjNQMXcyNGRvNnpQN21ZNW4iLCJjb29raWVzRW5hYmxlZCI6dHJ1ZSwiY29uc2VudExldmVsIjoibm9uZSIsImFub255bWl6ZUlwIjpmYWxzZSwibGZDbGllbnRJZCI6IkxGMS4xLjJkOTY2YTY2NTY0Y2U3MjEuMTcyMjc1OTgzMzczNyIsImZvcmVpZ25Db29raWVzIjpbXSwicHJvcGVydGllcyI6e30sImF1dG9UcmFja2luZ0VuYWJsZWQiOnRydWUsImF1dG9UcmFja2luZ01vZGUiOiJvbl9zY3JpcHRfbG9hZCJ9
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.46.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-46-110.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
via: 1.1 4f3281e2362f23bf5efc65311d3defb0.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P9
vary: Origin
x-cache: LambdaGeneratedResponse from cloudfront
content-type: image/gif
cross-origin-resource-policy: cross-origin
content-length: 43
x-amz-cf-id: dQ38ovLHIMumwj78sYZL-h3KjhGYr5QqqU7Wc-KkUElFJRaARUbC5g==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 155ms
111ms Script
application/javascript 2606:4700::6810:6ffe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6ffe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c78fab07d4ee469def66170220968c4e790992e5adc971a34edc7eabc695e79f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Origin: https://labs.watchtowr.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
x-amz-version-id: FCxgV_B3nWescR00el0uV0Hdj2lazDBZ
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: b25c37aa-03cf-49ba-9512-439c1381b1b8
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.586/bundles/project.js&cfRay=8add25e13cd26727-AMS
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b25c37aa-03cf-49ba-9512-439c1381b1b8
last-modified: Tue, 23 Jul 2024 12:55:20 UTC
server: cloudflare
etag: W/"ac41634810840adc02ea51748cb19c2f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-n2bh8
cf-ray: 8add25e13cd26727-AMS
x-amz-cf-id: I4b4rR5yVL047b5h1I7_7cv9wzGxV2SswwvQUNZc02UoC-DKEVGFAw==
x-hs-target-asset: collected-forms-embed-js/static-1.586/bundles/project.js

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 85 KB
24 KB 58ms
21ms Script
application/javascript 2606:4700::6810:4e8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4e8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d7ed318241870f903fff41d6a794e810f50196b374ff4274fc36b2b33bfb6af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
x-amz-version-id: IOZvZyCQvESzzIXDpDb8C47v20ojhaU7
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 209
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.17367/bundles/project.js&cfRay=8add20c22e9d9704-AMS
x-cache: Hit from cloudfront
x-hubspot-correlation-id: b26697d1-15cd-4130-9623-2afed5fc0d90
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b26697d1-15cd-4130-9623-2afed5fc0d90
last-modified: Thu, 01 Aug 2024 19:44:14 UTC
server: cloudflare
etag: W/"b57858533bdc895fc298584a34a08c3a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-bc6nt
cf-ray: 8add25e12cd7b71f-AMS
x-amz-cf-id: YhUKeZmuBW5Vx5j6wyvvrPuiE4dweFBXCHkbCgWw9YFqnCp1dYvZOA==
x-hs-target-asset: conversations-embed/static-1.17367/bundles/project.js

GET
H2 200 23785948.js Show response
js.hs-analytics.net/analytics/1722759600000/ 68 KB
25 KB 243ms
206ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1722759600000/23785948.js
Requested by: Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4092f4a7f6c1b1604c94f50bfc78cdb46600ef6cbebf39ef4b799f054a830363

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: AE7PPJT2FBETVCRB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 097ce800-5071-4edd-ae63-cb6ba63b65ed
x-envoy-upstream-service-time: 92
x-amz-id-2: BmarCzK8uKwCc4ow07ovBxDHeH1FFYFzOUYf5Q//n5XGvldaFjjqkdQ6LjfPesZo6s5MXeMdj2DPCgGzDLcGRw==
x-evy-trace-listener: listener_https
x-request-id: 097ce800-5071-4edd-ae63-cb6ba63b65ed
x-evy-trace-route-configuration: listener_https/all
last-modified: Sat, 03 Aug 2024 00:54:55 GMT
server: cloudflare
etag: W/"54b165af72ea94e244ef937f8459f0c6"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-gfff7
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8add25e12fa05c43-AMS
expires: Sun, 04 Aug 2024 08:28:53 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 56ms
25ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dea7d93054c054d6908de184845b8db289207bb4928bbdd07d0ad8d52ec0708f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:53 GMT
x-amz-version-id: kl1dxvjzkssE.fV_O4PhpuAJA5n_6jGg
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 597
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.571/bundles/pixels-release.js&cfRay=8add174a2e3a41a8-AMS
x-cache: Hit from cloudfront
x-hubspot-correlation-id: cfc50616-e908-4ed2-89b5-3433d85d8ca7
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cfc50616-e908-4ed2-89b5-3433d85d8ca7
last-modified: Fri, 19 Jul 2024 20:16:33 UTC
server: cloudflare
etag: W/"5d8f21e5e9508f10da257acb3360bbbd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-vjwjs
cf-ray: 8add25e11d0e1c82-AMS
x-amz-cf-id: n7eCvgTjeJvYcjIlt7wXlqu44sHe4sm1NZiHFBdSe_z7t3mFs2FlSw==
x-hs-target-asset: adsscriptloaderstatic/static-1.571/bundles/pixels-release.js

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/23785948/ 71 KB
26 KB 347ms
317ms Script
text/javascript 2606:4700::6812:16b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/23785948/banner.js
Requested by: Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:16b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28eaa176c9a1856eedfd5aab7a68838bb5ffa51edf2a649ebcda47b09ae72ac1

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
x-amz-version-id: jXpkg8ZA3O42lBwDL2ko09nD33May0qZ
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: P2V32G20QTS15TR2
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 0cb219c4-fc36-4880-ba90-9e490d4ce77c
x-envoy-upstream-service-time: 129
x-amz-id-2: /TcKLlp2EqyUvlUK1RVm1P17YNCTgAmhF6/LTIgGqdTg4BucVnTd42vzh/mh/0/Bk+Zk7KhNLjjVkeyhzmFfrpmaZLeH4JFz
x-evy-trace-listener: listener_https
x-request-id: 0cb219c4-fc36-4880-ba90-9e490d4ce77c
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 15 Apr 2024 17:03:53 GMT
server: cloudflare
etag: W/"25da0fa480aec9fd7507eb946c81a856"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://labs.watchtowr.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-jg42k
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8add25e11f489708-AMS
expires: Sun, 04 Aug 2024 08:28:54 GMT

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 425ms
134ms Preflight
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=23785948&conversations-embed=static-1.17367&mobile=true&messagesUtk=3abddcc6bc1b46b98904ad91e444120f&traceId=3abddcc6bc1b46b98904ad91e444120f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://labs.watchtowr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://labs.watchtowr.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 8add25e32a030a67-AMS
content-length: 18
content-type: text/plain; charset=utf-8
date: Sun, 04 Aug 2024 08:23:54 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dhUEoCxmjVcuhDde3uHX1u2IC9CAHffvby25v9rZEl%2FGB%2B0cHRpnG4VVp%2FJEIF6eLcTTDipFc3EUZk8SJ5xqoJtrAZiAXG9gyKPsHPD%2F7RlsarbWP%2Blv8D8aYsyqtB%2Fe1MmBAIRo%2B9%2B6NImd4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-85b74c4c74-9dx9x
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 1598c768-3a6d-4d1f-a758-fad46d28a45d
x-request-id: 1598c768-3a6d-4d1f-a758-fad46d28a45d

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 313 B
1021 B 136ms
135ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cfce6c12e27532f16a088b9f796976a913cb4291415197ee50c4c77fefb20b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
X-HubSpot-Messages-Uri: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/#ransompages
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f4555160-733b-4a03-99d6-a9cd4ab90f75
x-envoy-upstream-service-time: 10
content-length: 247
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f4555160-733b-4a03-99d6-a9cd4ab90f75
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-85b74c4c74-2mdnj
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OTnSfhoLEiCmdaOYveMaYS7Q%2FApOSjlhvHlQq9e%2B9TQQpSWdTpPy9y0tiXsmvA9IvLRg5wnAAvoSaLKLNsCUx0WGYBr35jPdH1syj6yowuXINHd0NR%2F67Mtb3LBQO5kndNXxZXMvuCQ5jE04Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8add25e40ad60a67-AMS
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 136 B
479 B 126ms
118ms XHR
application/json 2606:4700::6810:6ffe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=23785948&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6ffe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1102619929d461c761d302e6023c47c0e8440f2c1e6215cced390867bd868e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a1eea319-1834-4be9-9bf8-4ada3fc3de0e
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a1eea319-1834-4be9-9bf8-4ada3fc3de0e
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-2hxmr
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8add25e21d916727-AMS

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
196 B 153ms
152ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: FA4A31D5A62C4284A529BBCF260F09D6 Ref B: FRAEDGE1615 Ref C: 2024-08-04T08:23:53Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://labs.watchtowr.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYe10fwmOGLgG8PoGhEuA==

POST
H3 200 track Show response
api.factors.ai/sdk/event/ 96 B
113 B 161ms
161ms Fetch
application/json 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/event/track
Requested by: Host: app.factors.ai
URL: https://app.factors.ai/assets/v1/factors.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash: f1baccbf5c99408fa593d37cc28abde53956b680f702d8a1f1f9e38cbebe1fce

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Authorization: fp50m8phd32g8y5reokdoan3w55o0nc3
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1
Content-Type: application/json

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
via: 1.1 google
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
access-control-allow-credentials: true
x-req-id: cqnjl6gh9hjj0hom1mtg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96

POST
H3 200 add_properties Show response
api.factors.ai/sdk/user/ 49 B
65 B 162ms
162ms Fetch
application/json 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/user/add_properties
Requested by: Host: app.factors.ai
URL: https://app.factors.ai/assets/v1/factors.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash: d77e82654b78a6f97d3b45cacbca5901b92394f5489aed5de07fab2d0efc2015

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Authorization: fp50m8phd32g8y5reokdoan3w55o0nc3
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1
Content-Type: application/json

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
via: 1.1 google
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
access-control-allow-credentials: true
x-req-id: cqnjl6ltalb4ocpu8j50
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

OPTIONS
H3 200 track
api.factors.ai/sdk/event/ Frame 0
0 155ms
155ms Preflight 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/event/track
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://labs.watchtowr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users
access-control-allow-methods: GET,POST,PUT,HEAD,DELETE
access-control-allow-origin: https://labs.watchtowr.com
access-control-max-age: 43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sun, 04 Aug 2024 08:23:54 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

OPTIONS
H3 200 add_properties
api.factors.ai/sdk/user/ Frame 0
0 152ms
152ms Preflight 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/user/add_properties
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://labs.watchtowr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users
access-control-allow-methods: GET,POST,PUT,HEAD,DELETE
access-control-allow-origin: https://labs.watchtowr.com
access-control-max-age: 43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sun, 04 Aug 2024 08:23:54 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 114 B
1 KB 172ms
137ms XHR
application/json 2606:4700::6812:f36c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=23785948

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f36c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6197ceff1122e8aa36a89d3554018d665b3ee7efb485588565c53cf9995654ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 86f4abdd-94d9-4b9d-af9d-89c9e6f738af
content-encoding: br
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 86f4abdd-94d9-4b9d-af9d-89c9e6f738af
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-85b74c4c74-j45zh
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vtjX5iwQfd%2B5m1GCDOJ6H9PgsVvKaCsW%2BwAD%2FZGxFppHbllM8c8l1%2FUgRosIOCR6ZqDvhT1HPeMYVhauqGjDJs6oPtah5ywxgIqiJpIuJorxZVgWSjM4hIkN8cQh0U2FfwlTgmTjF6sqgi6O"}],"group":"cf-nel","max_age":604800}
cf-ray: 8add25e368edb8c6-AMS
access-control-allow-headers: *

GET
H2 200 yl8vfv7j Show response
widget.intercom.io/widget/ 7 KB
3 KB 55ms
14ms Script
application/javascript 13.224.189.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.intercom.io/widget/yl8vfv7j
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-74.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fc3a5707775dd38960c8baefce08d9a07da1f2a1a29581906012fa16c2769d86

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

x-amz-version-id: O.EtKBSAi0orjVep0GXMQu4zblGd3dzP
content-encoding: gzip
via: 1.1 24c299c0a6423c6f96984a85fb014108.cloudfront.net (CloudFront)
date: Sun, 04 Aug 2024 08:20:48 GMT
x-amz-cf-pop: FRA2-C1
age: 201
x-amz-server-side-encryption: AES256
x-cache: Error from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2670
last-modified: Fri, 02 Aug 2024 11:19:36 GMT
server: AmazonS3
etag: "8c75f49059e1e1ff68bf92f201f74455"
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=300, s-maxage=300, public
accept-ranges: bytes
x-amz-cf-id: syf548MaUwCgO2nsUWkuOVjiMEuAy7x2XXZeo5wWy9fvKcmaO8i8xQ==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 171ms
130ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=2297767283&v=1.1&a=23785948&rcu=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F&pu=https%3A%2F%2Flabs.watchtowr.com%2Fno-way-php-strikes-again-cve-2024-4577%2F%23ransompages&t=No+Way%2C+PHP+Strikes+Again!+(CVE-2024-4577)&cts=1722759834108&vi=65c86d52f6df5526b9eab9fa9af31fc6&nc=true&u=64999280.65c86d52f6df5526b9eab9fa9af31fc6.1722759834105.1722759834105.1722759834105.1&b=64999280.1.1722759834105&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 424ae527-bfd2-43c7-80f9-1d4cb2530bbb
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 424ae527-bfd2-43c7-80f9-1d4cb2530bbb
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xtubuk3n31qaphumg6cTY7bh8yha7BdgHT0v0cWEl%2FDF%2BefXqJ0SuQjtaiTcL34L8bxHattuqrvx9hdXfZ6hVBaLzxmFhH1SJ7n4idFRjkBoXGIMQNhd033sBr0lqsxwBi72pfyWmLOOMe2S2qwa"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-p52jx
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8add25e38fde9fa8-AMS
x-robots-tag: none

GET
H2 200 Logo.png
labs.watchtowr.com/content/images/size/w256h256/2022/05/ 3 KB
3 KB 10ms
9ms Other
image/png 2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/content/images/size/w256h256/2022/05/Logo.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: dba1c596f2785886e854da7993f9e62f17831524432311f1776631ca100ae9f6

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

ghost-age: 0
date: Sun, 04 Aug 2024 08:23:54 GMT
via: 1.1 varnish, 1.1 varnish
age: 880500
x-cache: HIT, HIT
status: 200 OK
alt-svc: clear
content-length: 3199
ghost-fastly: true
x-request-id: 7ea6d65b-5955-4954-b2a8-3a64bdc0f17e
x-served-by: cache-ams12771-AMS, cache-fra-etou8220112-FRA
last-modified: Wed, 25 Jan 2023 06:56:30 GMT
server: openresty
ghost-ratelimits: global=(1.000,0.000,0.000)
ghost-ratelimited: global=false
etag: W/"c7f-185e7b6bafe"
x-timer: S1722759834.119398,VS0,VE1
vary: Cookie
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
ghost-cache: MISS
accept-ranges: bytes
x-cache-hits: 269, 0

GET
H2 200 frame.f04067ac.js Show response
js.intercomcdn.com/ Frame 0F47 793 KB
176 KB 40ms
7ms Script
application/javascript 18.245.46.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/frame.f04067ac.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yl8vfv7j

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.46.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-46-19.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

d15069f139f4ec4eb90003ab7d7f578a7052c961a2b5a6830b8aca1c53aca1c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

x-amz-version-id: C1WC6sZ6j5xCuSIw43tpE9MkBTcvlQKs
content-encoding: gzip
via: 1.1 08144b62d8ba59c510ae7682981f36c0.cloudfront.net (CloudFront)
date: Sun, 04 Aug 2024 07:19:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P9
age: 3855
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 179626
last-modified: Fri, 02 Aug 2024 11:17:30 GMT
server: AmazonS3
etag: "d25ee9bd30bef5ec79decca92b0a89cd"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: bFfvxfq1UZ6wE9p8anQLQiHUewsyxNf2454JggNZBGjfqrjQagg6jg==

GET
H2 200 vendor.e6414237.js Show response
js.intercomcdn.com/ Frame 0F47 608 KB
193 KB 55ms
23ms Script
application/javascript 18.245.46.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/vendor.e6414237.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yl8vfv7j

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.46.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-46-19.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

8362d5294744d91598e7b48cdb88cf597156b89fd9ac590ff7fd976be23855bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

x-amz-version-id: c4WOdKybglchSG.egbrDiGcgolk_dyV8
content-encoding: gzip
via: 1.1 08144b62d8ba59c510ae7682981f36c0.cloudfront.net (CloudFront)
date: Sun, 04 Aug 2024 07:31:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P9
age: 3130
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 196789
last-modified: Mon, 29 Jul 2024 15:41:54 GMT
server: AmazonS3
etag: "f353205285d0bef92a483210d7132936"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: uXLGbJywRD133mdUYG-N1w8xQiEbDWFNgCF2P0ZJJuVx6NCVrqFb2w==

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
467 B 98ms
98ms XHR
application/json 52.54.143.95
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.54.143.95 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-54-143-95.compute-1.amazonaws.com

Software

Resource Hash

9e8e3932b9fbb3c41f7f5430912fa8ce7ddc33c8d6a852068b80eab33150dde3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 1df34c526d62c28ce5227bd0853f12ac

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame 0F47 4 KB
2 KB 554ms
353ms XHR
application/json 54.166.62.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.f04067ac.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.166.62.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-166-62-194.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a9ed569183eed8d62ff6d3df3da043b7b8fda1d6d55128684dc161a25f4487d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/604.1
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 04 Aug 2024 08:23:54 GMT
strict-transport-security: max-age=31556952; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-ami-version: ami-0942a50332414b488
status: 200 OK
x-xss-protection: 1; mode=block
x-request-id: 003a532an8tcigt3memg
x-runtime: 0.256388
server: nginx
etag: W/"a9ed569183eed8d62ff6d3df3da043b7"
x-request-queueing: 0
vary: Accept,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://labs.watchtowr.com
x-intercom-version: 69fdbe20677d9845b79be32d981d311f6e30635a
access-control-expose-headers: x-request-id
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.watchtowr.com/	1970-01-21 08:08:39	Name: _ga_Q0QQGYH9DL Value: GS1.1.1722759833.1.0.1722759833.0.0.0
.watchtowr.com/	1970-01-21 08:08:39	Name: _ga Value: GA1.1.416517466.1722759834
.watchtowr.com/	1970-01-21 07:18:15	Name: _hjSessionUser_2950076 Value: eyJpZCI6IjgxZWNiOTQ5LTk2YTktNWU4Ny04YTAzLWYxYTAxMzM4Y2IzZCIsImNyZWF0ZWQiOjE3MjI3NTk4MzM3MDAsImV4aXN0aW5nIjp0cnVlfQ==
.watchtowr.com/	1970-01-20 22:32:41	Name: _hjSession_2950076 Value: eyJpZCI6ImE0NDM3YmMyLWU3N2QtNGE3OS1iZjUyLThhYjcyYmZmMGYwOCIsImMiOjE3MjI3NTk4MzM3MDEsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.watchtowr.com/	1970-01-21 07:18:15	Name: _lfa Value: LF1.1.2d966a66564ce721.1722759833737
.linkedin.com/	1970-01-21 07:18:15	Name: bcookie Value: "v=2&ef6d87df-1a11-4a95-82ae-7e7446cdd06c"
.linkedin.com/	1970-01-21 02:51:51	Name: li_gc Value: MTswOzE3MjI3NTk4MzM7MjswMjHmSIGe1twXQwcQaekapUO1S3/HHJMbW+iw/q9CY6Lb0A==
.linkedin.com/	1970-01-20 22:34:06	Name: lidc Value: "b=TGST00:s=T:r=T:a=T:p=T:g=3463:u=1:x=1:i=1722759833:t=1722846233:v=2:sig=AQFF34oCM1rX0LMffdiuxqPdPOtLRB0u"
.watchtowr.com/	1970-01-21 08:08:39	Name: _fuid Value: ZTExM2ZhZTUtZTY3ZS00NWMzLTkwNGMtOGVmYTg4ZGE2NzZl
.watchtowr.com/	1970-01-21 02:51:51	Name: __hstc Value: 64999280.65c86d52f6df5526b9eab9fa9af31fc6.1722759834105.1722759834105.1722759834105.1
.watchtowr.com/	1970-01-21 02:51:51	Name: hubspotutk Value: 65c86d52f6df5526b9eab9fa9af31fc6
.watchtowr.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.watchtowr.com/	1970-01-20 22:32:41	Name: __hssc Value: 64999280.1.1722759834105
labs.watchtowr.com/	1970-01-20 22:42:44	Name: slireg Value: https://scout.us3.salesloft.com
.hubspot.com/	1970-01-20 22:32:41	Name: __cf_bm Value: 853WEReA.fSTPGYPRhw03oP6HQfhMcgBMDEi_1gVVAQ-1722759834-1.0.1.1-_CpeBFrSaad6TZ.Wy6.lbnAdco0Wl5ot3ecynYANoHB5lIrI5np36wCCS9TxH8lKiQYAHGziUyUFuz1kdAKHMA
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: BkhZueToe7P5V5inso90ut.Hx.Mr6ig0DhDVPa8YF9U-1722759834274-0.0.1.1-604800000
labs.watchtowr.com/	1970-01-21 07:18:15	Name: sliguid Value: e3657df7-3b65-497c-9c9e-14d33e4bf5a9
labs.watchtowr.com/	1970-01-21 07:18:15	Name: slirequested Value: true
.watchtowr.com/	1970-01-21 05:01:29	Name: intercom-id-yl8vfv7j Value: c83a86d7-8409-443f-8633-325e34aac3e3
.watchtowr.com/	1970-01-20 22:42:44	Name: intercom-session-yl8vfv7j Value:
.watchtowr.com/	1970-01-21 05:01:29	Name: intercom-device-id-yl8vfv7j Value: 4a41c539-35a2-48f5-9b34-ecf4c7dc2540

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
api.factors.ai
api.hubapi.com
api.hubspot.com
app.factors.ai
cdn.jsdelivr.net
content.hotjar.io
fonts.googleapis.com
forms.hscollectedforms.net
js-na1.hs-scripts.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.intercomcdn.com
js.usemessages.com
labs.watchtowr.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
sc.lfeeder.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
tr-rc.lfeeder.com
track.hubspot.com
widget.intercom.io
www.googletagmanager.com
13.224.189.74
13.32.27.19
151.101.1.195
18.245.46.110
18.245.46.19
18.66.102.11
2001:4860:4802:34::36
2600:9000:2250:9200:4:d7e1:700:93a1
2606:4700::6810:4769
2606:4700::6810:4e8e
2606:4700::6810:6ffe
2606:4700::6810:7574
2606:4700::6810:8ad1
2606:4700::6811:80ac
2606:4700::6811:afc9
2606:4700::6812:16b7
2606:4700::6812:bb1f
2606:4700::6812:f36c
2620:1ec:21::14
2620:1ec:50::12
2a00:1450:4001:812::200a
2a00:1450:4001:82f::2008
2a02:26f0:480:15::213:7e4a
2a04:4e42:600::775
34.160.69.120
52.16.226.145
52.54.143.95
54.166.62.194
1102619929d461c761d302e6023c47c0e8440f2c1e6215cced390867bd868e09
13078988ea0ee835853e98ded98095727f4834c3b8b9616c0f94c2715e03c04f
1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178
1fca19e97c3cbc726acc8d8e5ccb34aa99a0b6153054d724560a53c07a652397
274ba032d9071697b02e08b0833af8b4ed90b453740cdc11528b7e058bdb8f36
28eaa176c9a1856eedfd5aab7a68838bb5ffa51edf2a649ebcda47b09ae72ac1
2c656144f906537b46fe3e6ddbda812e6ff788b82a483e220c92bc09658615af
30a4e27bb5dc275877144a180e126138606cce802fae1ac7ee8c0830f8b64a83
4092f4a7f6c1b1604c94f50bfc78cdb46600ef6cbebf39ef4b799f054a830363
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
494ce57d806420cbcf0a14689dfdcd4cbc1ebbc60f1d3c8c1ba93c93afde6e60
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
54a5443e4cd837e1c405458cc22c9fbb61b0e32b0c0f989fc840a2466ef2b24e
5c0bc5673866e25da9fd4c30974ee5535c141998f2d71bf494311be7d75abd92
5cfce6c12e27532f16a088b9f796976a913cb4291415197ee50c4c77fefb20b7
6197ceff1122e8aa36a89d3554018d665b3ee7efb485588565c53cf9995654ba
653dd026068639c920becd532cf32e17cab76ed6de3d821abfc7ba6c49b6ea64
683470e4d5f70b4b84ab1c26414a6217585adf7df6fd7a52e6bca25db40351d2
6d7ed318241870f903fff41d6a794e810f50196b374ff4274fc36b2b33bfb6af
73e90bca3350ae511b91bb029abfdc78760e164530c9cfd8f1f5e5d007a254b4
76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14
7b257e1e81be5f3928d1fa0dc765a5d77eb818b61d72f940ee947dc955bbbb0b
8362d5294744d91598e7b48cdb88cf597156b89fd9ac590ff7fd976be23855bf
94f4de84a145497610d157771f8c588bae9d65134242d047f2acf9c12c7f7605
9e8e3932b9fbb3c41f7f5430912fa8ce7ddc33c8d6a852068b80eab33150dde3
a9ed569183eed8d62ff6d3df3da043b7b8fda1d6d55128684dc161a25f4487d1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6b66acc8bcf91dca16f4f00d15e4c9916c3e9cd92d2ed1d13b1e0d445d55090
c04c22ec20671d45136ecbb2c6c1729daecf3a089378842a926769966202c863
c78fab07d4ee469def66170220968c4e790992e5adc971a34edc7eabc695e79f
c948ab390b373bc5fc24b50cdb8c299c4887928cc07615882082c5790cc4e0c8
ceaf8255e1258fa5e1e32c9dee6c940e0562695951c628f7415b9a93eb085e95
d15069f139f4ec4eb90003ab7d7f578a7052c961a2b5a6830b8aca1c53aca1c5
d1768e438483ed1e9c587d489c31e5cda556c0dddb5c0eb7b26f3243751752f5
d7149369f0c12985b32524efa29a3adb8d6e7fde9b1966aa0cf1dbca4575bc60
d77e82654b78a6f97d3b45cacbca5901b92394f5489aed5de07fab2d0efc2015
dba1c596f2785886e854da7993f9e62f17831524432311f1776631ca100ae9f6
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dea7d93054c054d6908de184845b8db289207bb4928bbdd07d0ad8d52ec0708f
e2f5f034a70265449dbdd6ba7305df5d29dafff850a42eb08eb9a2f6d8c7e838
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49
f1baccbf5c99408fa593d37cc28abde53956b680f702d8a1f1f9e38cbebe1fce
fc3a5707775dd38960c8baefce08d9a07da1f2a1a29581906012fa16c2769d86

labs.watchtowr.com Open in urlscan Pro 2a04:4e42:600::775 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

98 %HTTPS

64 %IPv6

22 Domains

30 Subdomains

28 IPs

3 Countries

935 kBTransfer

2866 kBSize

21 Cookies

11 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

labs.watchtowr.com Open in urlscan Pro
2a04:4e42:600::775 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

98 %
HTTPS

64 %
IPv6

22
Domains

30
Subdomains

28
IPs

3
Countries

935 kB
Transfer

2866 kB
Size

21
Cookies

50 HTTP transactions
0 data transactions