www.varonis.com Open in urlscan Pro
45.60.158.169 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.varonis.com/blog/investigate-ntlm-brute-force
Submission: On January 03 via api (January 3rd 2024, 12:42:19 pm UTC) from SG — Scanned from SG

Summary HTTP 181 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 50 IPs in 5 countries across 44 domains to perform 181 HTTP transactions. The main IP is 45.60.158.169, located in United States and belongs to INCAPSULA, US. The main domain is www.varonis.com. The Cisco Umbrella rank of the primary domain is 406985.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2023 Q4 on December 31st 2023. Valid for: 6 months.

This is the only time www.varonis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	45.60.158.169 45.60.158.169	19551 (INCAPSULA) (INCAPSULA)
3	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
28	104.16.109.209 104.16.109.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.4.95 142.250.4.95	15169 (GOOGLE) (GOOGLE)
2	84.17.37.217 84.17.37.217	60068 (CDN77 ^_^) (CDN77 ^_^)
1	152.199.40.67 152.199.40.67	15133 (EDGECAST) (EDGECAST)
1	104.16.137.206 104.16.137.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.95.253 104.18.95.253	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	74.125.68.113 74.125.68.113	15169 (GOOGLE) (GOOGLE)
3	142.251.12.97 142.251.12.97	15169 (GOOGLE) (GOOGLE)
3	104.18.41.124 104.18.41.124	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.176.125 104.18.176.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	74.125.130.103 74.125.130.103	15169 (GOOGLE) (GOOGLE)
4	157.240.15.13 157.240.15.13	32934 (FACEBOOK) (FACEBOOK)
3	151.101.108.157 151.101.108.157	54113 (FASTLY) (FASTLY)
5	142.251.175.139 142.251.175.139	15169 (GOOGLE) (GOOGLE)
1	142.251.10.157 142.251.10.157	15169 (GOOGLE) (GOOGLE)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
4	152.195.58.59 152.195.58.59	15133 (EDGECAST) (EDGECAST)
1	104.16.191.89 104.16.191.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.1.41 104.17.1.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	54.197.68.230 54.197.68.230	14618 (AMAZON-AES) (AMAZON-AES)
11	23.54.118.48 23.54.118.48	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	42.99.140.139 42.99.140.139	4637 (ASN-TELST...) (ASN-TELSTRA-GLOBAL Telstra Global)
3	204.79.197.200 204.79.197.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.65.159.50 18.65.159.50	16509 (AMAZON-02) (AMAZON-02)
2 3	103.43.90.21 103.43.90.21	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.158.64 69.173.158.64	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	64.233.170.155 64.233.170.155	15169 (GOOGLE) (GOOGLE)
3 3	13.228.126.19 13.228.126.19	16509 (AMAZON-02) (AMAZON-02)
1	184.27.122.64 184.27.122.64	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	172.253.118.94 172.253.118.94	15169 (GOOGLE) (GOOGLE)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
2	52.54.13.234 52.54.13.234	14618 (AMAZON-AES) (AMAZON-AES)
1	104.18.192.125 104.18.192.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.19.155.83 104.19.155.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.64.153.27 172.64.153.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.229.163 104.17.229.163	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.76.186 104.16.76.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.251.168 104.17.251.168	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.251.12.157 142.251.12.157	15169 (GOOGLE) (GOOGLE)
1	64.233.170.101 64.233.170.101	15169 (GOOGLE) (GOOGLE)
1	216.239.34.181 216.239.34.181	15169 (GOOGLE) (GOOGLE)
1	157.240.15.35 157.240.15.35	32934 (FACEBOOK) (FACEBOOK)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
6 9	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	52.69.165.214 52.69.165.214	16509 (AMAZON-02) (AMAZON-02)
1 4	18.214.223.204 18.214.223.204	14618 (AMAZON-AES) (AMAZON-AES)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.137.15 104.16.137.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
181	50

46 45.60.158.169 (United States)

ASN19551 (INCAPSULA, US)

www.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
info.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 104.16.109.209 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.4.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 84.17.37.217 (Hong Kong, Hong Kong)

ASN60068 (CDN77 ^_^, GB)
PTR: 84-17-37-217.bunnyinfra.net

plausible.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.40.67 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.137.206 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.95.253 (None, )

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.125.68.113 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f113.1e100.net

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.12.97 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.41.124 (None, )

ASN13335 (CLOUDFLARENET, US)

142972.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.176.125 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 74.125.130.103 (United States)

ASN15169 (GOOGLE, US)
PTR: sb-in-f103.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 157.240.15.13 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-03-sin6.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.108.157 (Tokyo, Japan)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.251.175.139 (United States)

ASN15169 (GOOGLE, US)
PTR: sh-in-f139.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.10.157 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.58.59 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.191.89 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.1.41 (None, )

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.197.68.230 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-68-230.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.54.118.48 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-54-118-48.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 42.99.140.139 (Japan)

ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK)
PTR: ip-42-99-140-139.pacnet.net

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.65.159.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-159-50.nrt51.r.cloudfront.net

trackit.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.43.90.21 (Singapore, Singapore) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 597.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.33.220.150 (Seattle, United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.158.64 (Singapore, Singapore) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.170.155 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: sg-in-f155.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.228.126.19 (Singapore, Singapore) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-228-126-19.ap-southeast-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.27.122.64 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-27-122-64.deploy.static.akamaitechnologies.com

hb.yahoo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.118.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f94.1e100.net

www.google.com.sg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.54.13.234 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-13-234.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.192.125 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.19.155.83 (None, )

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.153.27 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.229.163 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.76.186 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.251.168 (None, )

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.12.157 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f157.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.170.101 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f101.1e100.net

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.15.35 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-03-sin6.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.107.42.14 (United States) 6 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.69.165.214 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-69-165-214.ap-northeast-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.214.223.204 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-223-204.compute-1.amazonaws.com

c2.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.137.15 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	varonis.com www.varonis.com — Cisco Umbrella Rank: 406985 info.varonis.com	4 MB
28	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 22105	60 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 14744 c.6sc.co — Cisco Umbrella Rank: 20790 ipv6.6sc.co — Cisco Umbrella Rank: 15314 b.6sc.co — Cisco Umbrella Rank: 9130	22 KB
10	google.com cse.google.com — Cisco Umbrella Rank: 5708 www.google.com — Cisco Umbrella Rank: 6 clients1.google.com — Cisco Umbrella Rank: 629 analytics.google.com — Cisco Umbrella Rank: 266	173 KB
10	linkedin.com 6 redirects platform.linkedin.com — Cisco Umbrella Rank: 7742 px.ads.linkedin.com — Cisco Umbrella Rank: 778 www.linkedin.com — Cisco Umbrella Rank: 944	167 KB
6	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 4796	11 KB
5	ktxlytics.io 1 redirects trackit.ktxlytics.io — Cisco Umbrella Rank: 75792 c2.ktxlytics.io — Cisco Umbrella Rank: 55249	99 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	22 KB
4	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 338 stats.g.doubleclick.net — Cisco Umbrella Rank: 184	3 KB
4	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1679 analytics.twitter.com — Cisco Umbrella Rank: 1200 syndication.twitter.com — Cisco Umbrella Rank: 1999	132 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 240	178 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 23867	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 5122	22 KB
3	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 11296 track.hubspot.com — Cisco Umbrella Rank: 5095	2 KB
3	google.com.sg www.google.com.sg — Cisco Umbrella Rank: 10713	669 B
3	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 505	877 B
3	adsrvr.org 3 redirects insight.adsrvr.org — Cisco Umbrella Rank: 1095 match.adsrvr.org — Cisco Umbrella Rank: 594	1 KB
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 793 ib.adnxs.com — Cisco Umbrella Rank: 356	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 692	14 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 28373 scout.salesloft.com — Cisco Umbrella Rank: 35875	4 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 14572	26 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 9216 forms-na1.hsforms.com — Cisco Umbrella Rank: 17099	5 KB
3	hubspotusercontent-na1.net 142972.fs1.hubspotusercontent-na1.net	138 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	293 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 395	10 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 12402	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 23936	834 B
2	plausible.io plausible.io — Cisco Umbrella Rank: 13183	2 KB
1	t.co t.co — Cisco Umbrella Rank: 751	377 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 26852	204 B
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 11386	24 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 5159	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 7517	4 KB
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1988	637 B
1	yahoo.net hb.yahoo.net — Cisco Umbrella Rank: 1385	663 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 620	914 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1877	15 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1184	15 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 5454	1 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1770	9 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 13290	6 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 15786	154 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 115	1 KB
181	44

	Domain	Requested by
37	info.varonis.com	www.varonis.com cdn2.hubspot.net
28	cdn2.hubspot.net	www.varonis.com
9	www.varonis.com	www.varonis.com cdn.bizible.com
8	b.6sc.co	www.varonis.com
7	px.ads.linkedin.com	4 redirects cdn.bizible.com www.varonis.com
6	tags.srv.stackadapt.com	www.varonis.com tags.srv.stackadapt.com cdn.bizible.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
5	www.google.com	cse.google.com www.varonis.com
4	c2.ktxlytics.io	1 redirects cdn.bizible.com www.varonis.com
4	connect.facebook.net	www.varonis.com connect.facebook.net
3	js.zi-scripts.com	www.varonis.com js.zi-scripts.com
3	js.hs-banner.com	www.varonis.com js.hs-banner.com
3	www.google.com.sg	www.varonis.com
3	ups.analytics.yahoo.com	3 redirects
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.varonis.com
3	cdn.bizible.com	www.googletagmanager.com www.varonis.com cdn.bizible.com
3	142972.fs1.hubspotusercontent-na1.net	cdn2.hubspot.net
3	www.googletagmanager.com	www.varonis.com www.googletagmanager.com www.google-analytics.com
3	cse.google.com	www.varonis.com www.google.com
3	cdnjs.cloudflare.com	www.varonis.com
2	ws.zoominfo.com	js.zi-scripts.com
2	track.hubspot.com
2	epsilon.6sense.com	cdn.bizible.com
2	www.linkedin.com	2 redirects
2	stats.g.doubleclick.net	cdn.bizible.com www.googletagmanager.com
2	scout.salesloft.com	scout-cdn.salesloft.com cdn.bizible.com
2	match.adsrvr.org	2 redirects
2	secure.adnxs.com	1 redirects www.varonis.com
2	platform.twitter.com	www.varonis.com platform.twitter.com
2	forms.hsforms.com	js.hsforms.net www.varonis.com
2	plausible.io	www.varonis.com plausible.io
1	ib.adnxs.com	1 redirects
1	syndication.twitter.com	platform.twitter.com
1	analytics.twitter.com	www.varonis.com
1	t.co	www.varonis.com
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	www.facebook.com	www.varonis.com
1	analytics.google.com	www.googletagmanager.com
1	clients1.google.com	www.varonis.com
1	cdn.bizibly.com	www.varonis.com
1	js.usemessages.com	www.varonis.com
1	js.hs-analytics.net	www.varonis.com
1	js.hsadspixel.net	www.varonis.com
1	app.hubspot.com	www.varonis.com
1	forms-na1.hsforms.com	www.varonis.com
1	alb.reddit.com	www.varonis.com
1	hb.yahoo.net	www.varonis.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	insight.adsrvr.org	1 redirects
1	trackit.ktxlytics.io	www.varonis.com
1	snap.licdn.com	www.googletagmanager.com
1	j.6sc.co	www.varonis.com
1	static.ads-twitter.com	www.varonis.com
1	scout-cdn.salesloft.com	www.varonis.com
1	js.hs-scripts.com	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	static.hsappstatic.net	www.varonis.com
1	js.hsforms.net	www.varonis.com
1	platform.linkedin.com	www.varonis.com
1	fonts.googleapis.com	www.varonis.com
181	63

This site contains links to these domains. Also see Links.

Domain
info.varonis.com
ir.varonis.com
brand.varonis.com
my.varonis.com
aws.amazon.com
azuremarketplace.microsoft.com
varonis.com
docs.microsoft.com
www.linkedin.com
www.reddit.com
www.facebook.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q4	`2023-12-31` - `2024-06-28`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
plausible.io R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-07-11` - `2024-07-10`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-12` - `2024-01-10`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-08-20`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-01` - `2024-07-01`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-04-18`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M03	`2023-09-09` - `2024-10-07`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
6sc.co R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
*.ktxlytics.io Amazon RSA 2048 M02	`2023-06-19` - `2024-07-16`	a year	crt.sh
*.google.com.sg GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-12` - `2024-11-11`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-09` - `2024-11-07`	a year	crt.sh
syndication.twitter.com R3	`2023-12-06` - `2024-03-05`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
*.6sense.com Amazon RSA 2048 M02	`2023-05-04` - `2024-06-02`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.varonis.com/blog/investigate-ntlm-brute-force
Frame ID: C2B07C93319034F3AFAA0307C0C2BCB2
Requests: 176 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com
Frame ID: 60BEE0B01DA7EB7ACA5F0A4B4F9E4F90
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

How to Investigate NTLM Brute Force Attackssearch

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Plausible (Analytics) Expand

Overall confidence: 100%
Detected patterns

plausible\.io/js/plausible\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

181
Requests

97 %
HTTPS

0 %
IPv6

44
Domains

63
Subdomains

50
IPs

5
Countries

5228 kB
Transfer

8546 kB
Size

69
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://info.varonis.com/en/price-quote-request?hsLang=en
Title: Request a quote

Search URL Search Domain Scan URL

URL: https://info.varonis.com/resource/t1/research-report/forrester-tei-study-2020?hsLang=en
Title: Measurable ROI

Search URL Search Domain Scan URL

URL: https://ir.varonis.com/
Title: Investor relations

Search URL Search Domain Scan URL

URL: https://brand.varonis.com/?hsLang=en
Title: Brand

Search URL Search Domain Scan URL

URL: https://my.varonis.com/Login
Title: Partner portal

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/pp/prodview-rwnjb5nrlmnx6?sr=0-1&ref_=beagle&applicationId=AWSMPContessa
Title: Buy on AWS marketplace

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.varonis-dsp?tab=overview
Title: Buy on Azure marketplace

Search URL Search Domain Scan URL

URL: https://my.varonis.com/login
Title: Community

Search URL Search Domain Scan URL

URL: https://info.varonis.com/securityfwd?hsLang=en
Title: SecurityFWD

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/demo-request?hsLang=en
Title: Get started

Search URL Search Domain Scan URL

URL: https://varonis.com/blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/secauthn/microsoft-ntlm
Title: NTLM

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/2019-07-15-16_45_00-idu24554-10_60_72_92_3389-Remote-Desktop-Connection.jpg?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-1.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-2.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-3.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-4.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-5.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-6.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-7.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-8-.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-10_png.jpg?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-12.jpg?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-11_png_jpg.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-13.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-14.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/great-saas-data-exposure-report?hsLang=en
Title: Download our free report

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&title=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks
Title: LinkedIn,

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&title=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks
Title: Reddit,

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force
Title: Facebook.

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/seller-profile?id=6ff5d0ae-b146-412d-b78a-d54d7e6a841a
Title: Buy on AWS marketplace

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.varonis-dsp?tab=overview&exp=ubp8
Title: Buy on Azure marketplace

Search URL Search Domain Scan URL

URL: https://www.facebook.com/VaronisSystems/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/varonis

Search URL Search Domain Scan URL

URL: https://twitter.com/varonis

Search URL Search Domain Scan URL

URL: https://www.instagram.com/varonislife/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=673891212 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D673891212

Request Chain 105

https://insight.adsrvr.org/track/pxl/?adv=71679u3&ct=0:ms2x9ot&fmt=3&gtmcb=1600160973 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=2167b4c1-042d-4140-9d72-95717bd5a8b7&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=MjE2N2I0YzEtMDQyZC00MTQwLTlkNzItOTU3MTdiZDVhOGI3&gdpr=0&gdpr_consent=&ttd_tdid=2167b4c1-042d-4140-9d72-95717bd5a8b7 HTTP 302
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=2167b4c1-042d-4140-9d72-95717bd5a8b7&google_gid=CAESEB5eS0p8tj2xkDVQOGcvIJo&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=2167b4c1-042d-4140-9d72-95717bd5a8b7&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=2167b4c1-042d-4140-9d72-95717bd5a8b7&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=2167b4c1-042d-4140-9d72-95717bd5a8b7&gdpr=0&redir=true HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS05UjNqYk85RTJ1SHFBSDdncFBBa05kQlJmLkhHa1hscX5B&gdpr=0&ovsid=2167b4c1-042d-4140-9d72-95717bd5a8b7&dpid=55953

Request Chain 147

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732152&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732152&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1704285732152%26url%3Dhttps%253A%252F%252Fwww.varonis.com%252Fblog%252Finvestigate-ntlm-brute-force%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732152&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true

Request Chain 148

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732154&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732154&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1704285732154%26url%3Dhttps%253A%252F%252Fwww.varonis.com%252Fblog%252Finvestigate-ntlm-brute-force%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732154&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true

Request Chain 163

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=3879257910671555679 HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=3879257910671555679&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs

181 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request investigate-ntlm-brute-force Show response
www.varonis.com/blog/ 225 KB
55 KB 486ms
292ms Document
text/html 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d6f87cdfc17be0d49a2e26dac149338c8663574ef0a145e775ab4684a194118

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 83fb51e3fe86a03f-SIN
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 03 Jan 2024 12:42:07 GMT
edge-cache-tag: CT-53575261302,CT-61509086319,CT-61509086320,CG-740355147,P-142972,CW-104582894481,CW-114784368718,CW-115642542216,CW-115948073012,CW-115948073023,CW-125777074029,CW-60280511003,CW-71662020467,CW-87397221683,CW-87930956413,CW-87944291354,CW-96126751858,CW-97266453797,E-100805726527,E-106410557973,E-108364953711,E-114794918156,E-115634408573,E-60279793823,E-60280511142,E-60281971978,E-60281971998,E-60281972084,E-73655310759,E-80785228186,E-87927120033,E-98046358057,MENU-87776709421,RA-60280510996,PGS-ALL,SW-2,B-740355147,GC-100803005043,GC-115636626695,GC-115977342816,GC-125774591019,GC-135490609319,GC-80785228207,GC-87929337765,GC-87930955017,GC-87944143779,TS-60284153915
etag: W/"85e31b588e0052f78efab7d196dd8d03"
last-modified: Sat, 30 Dec 2023 08:46:58 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0IBuCAWP9y778ZtTkRv5BPOXnmcGtJZWoMPFBejHBPL5MmMfJZwEfYQF9TZMZokc%2Fsk7W4oVUihlmxZIFx2Sp8L66cCKpgqmG2aLjMAok0wHLKEbR1K3LJW6Yh6WXiSAfA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cdn: Imperva
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 53575261302
x-hs-https-only: worker
x-hs-hub-id: 142972
x-hs-prerendered: Sat, 30 Dec 2023 08:46:58 GMT
x-iinfo: 9-134256843-134256853 NNNN CT(2 9 0) RT(1704285726555 160) q(0 0 0 0) r(2 2) U24

GET
H2 200 project.js Show response
www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 131ms
126ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 00b2aa54d58244c2fb11fc0fb69d8fbe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 5393204
x-amz-cf-pop: HYD50-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 9-134256843-134256853 PNNN RT(1704285726555 490) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qo2LXUaR9Z2YJPdt2CrekB2z93Fwx4h0bfjNi0idRb9yjqXLsHdEiI%2Bs9tM1ryQPMaT5Yn4lJLBsG6A1FGtiL9KvZqdX12zDOd2Gu3sLl8tp7yUNvm8ufTLNEqCGOpp5hQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 83fb51e5f8aca03f-SIN
x-amz-cf-id: YuKtvFCaQnpv_z0MTYUJbPNImyBTVMVfRr3w8D2DK5jVbXDrE19Lcw==
expires: Thu, 02 Jan 2025 12:42:07 GMT

GET
H2 200 prism-okaidia.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/ 1 KB
1 KB 650ms
129ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/prism-okaidia.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf31d510ed313a8566d08e9b4fdbf94a0a51b35718372bc4bc75d6ff5c8282a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2905918
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 518
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-206"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Mg2ORC9m3oDA9KAPhSC5pI7gSXSPtNafA4QcHAd5VxsX4YrEfHg%2Fgz2aPdZzs3yk5xOQbPi2Cpy8U60DKcbbr1FvhJIz0m9Kl2k8Tz8tx6alMVfcF%2FsEuYtTO%2BeZoaQ%2Fn0TGiZu"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83fb51e939c03f5e-SIN
expires: Mon, 23 Dec 2024 12:42:08 GMT

GET
H2 200 jquery-1.11.2.js Show response
www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 180ms
175ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 b4ef37917b36c601eeeeb55cdda4288c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 2821527
x-amz-cf-pop: SIN2-C1
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 9-134256843-134256880 NNNY CT(1 18 0) RT(1704285726555 505) q(0 0 0 -1) r(1 1) U24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XE2IyhYmiIe7UkynfwcTt132CUDOJpiphF1jtAMvLoqnANV7cr7C2iknKVXpgseQR%2BwS%2BlvOFezvR3mJzN%2B2U9NVaqIYkT3L1S87WtH2pTT2ifyCveRGwXbrni7pUuW1qw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 83fb51e60b9644a9-SIN
x-amz-cf-id: oUh9wZo0_91BEHl8Ye9IsMJhuvJOiH8Lk-A8sVZma8ZdZVDyZMLx4g==
expires: Thu, 02 Jan 2025 12:42:07 GMT

GET
H2 200 blog-no-code-styles.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/ 46 KB
8 KB 1389ms
868ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ed2a2edca25cc1dd846e20cab22088d9c5b7991f52ff78f8ed21930fe92ad46

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 1172211
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"ee303a3eadd35fd691e5a50c469af706"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779172809
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b27d4992-aadf-4ddf-b76a-5ba4028c6587
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 170
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: b27d4992-aadf-4ddf-b76a-5ba4028c6587
last-modified: Fri, 11 Aug 2023 18:39:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rKBpDY%2BY8cAw53j2hQ%2BLt%2BdURRLKGRHBey528bMisV83YWzAa9zhB6MSPwoCAl9aiO5gh0zGUbCk%2BVpUJDLLU4CogrJpP8lOjhTcrnqSi%2BZBogeL1WoRm4GfA0FPcN4047w%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray: 83fb51e93ea0a02d-SIN

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 589ms
76ms Stylesheet
text/css 142.250.4.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Mono:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f95.1e100.net

Software

ESF /

Resource Hash

7c0fbbadde40aed1e86f4c46ea2fc1a26749994e48dc90a5bce7fd466712d99e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 10:42:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Jan 2024 12:42:08 GMT

GET
H2 200 main.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1703194631284/hook-www-varonis/css/ 123 KB
20 KB 884ms
364ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1703194631284/hook-www-varonis/css/main.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 768a72ae7750a9b5b29c1330fb6f14a725b55017a8a6921d7b572249e7c5896f

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 1079237
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"ed0b2107f70f977c92044779a1292b7f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1703194632578
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 6942cd21-29f0-4f12-9170-62b46766e165
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 180
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 6942cd21-29f0-4f12-9170-62b46766e165
last-modified: Thu, 21 Dec 2023 21:37:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFfJ3VUODBPxXL8OS%2FkhP8g1ew9KAVoEJEqH%2B3VwtOkAuIVRfS5RLrh%2FoFA7EQVDrmyR2j61f8dg5UCZH2vCZX%2F2cRgG37MgI7v8KEQp3gaJKaPGyqRAfPVb00DLs7xh3rM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-c8b596779-qb4kw
cf-ray: 83fb51e90e6ba02d-SIN

GET
H2 200 fonts.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/ 2 KB
1 KB 851ms
331ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/fonts.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 1775047
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"97e878d1ce8d38d99c26c5232d3e6c7a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681414274070
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 47c6f5e0-1bc9-477b-87e2-29c922de17fb
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 143
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 47c6f5e0-1bc9-477b-87e2-29c922de17fb
last-modified: Thu, 13 Apr 2023 19:31:15 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J8Vz6UyPnc8XcnkRU9haboQhPJNv%2FEWOh1JOY8cAeQueqGQJkdna8k17HkFpKZ%2F%2F3%2BAOJHz%2FsZzX1ksgKh1pQ0BBTrA1lSH0NMHDpU33U17YUSJ4vOGn2VhzqKLk8zKoiRo%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-5tx8p
cf-ray: 83fb51e90e6ca02d-SIN

GET
H2 200 module_71662020467_Announcement_Banner.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114924139/ 1 KB
891 B 868ms
348ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114924139/module_71662020467_Announcement_Banner.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ffd7ab24503a28bb9eb6137b4d1e1664ed138dca5d1ced6d1a98ff841a24541

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1078003
x-amz-cf-pop: IAD89-P2
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 153
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b7fa71f1-5280-46ab-9d7a-cac1ee8e2423
last-modified: Mon, 30 Jan 2023 21:42:05 GMT
server: cloudflare
etag: W/"dc5b8e6da3be06320569bf90cfe1b4c6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1675114924139
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXYDi9DrwK0dOkdhAVbmwHwMRW95PIri0baoxPWRirztNshbJ6%2BkdK6%2FyEz0S62lH5N6LYEHuXsJXfLJsYvFds4%2F%2BX6462YBGzEG9HId3gMWJn8XCkI7uQeR2Q4qTA0TE24%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6db9d854cb-9nxbr
cf-ray: 83fb51e90e75a02d-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_97266453797_Remediation_Announcement_Banner.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550133721/ 2 KB
1 KB 880ms
360ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550133721/module_97266453797_Remediation_Announcement_Banner.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f31e1ce1202bc0ee8105deb5885a4b7b389b2cf936bff83f05032c8a2cafd0a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 219310
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"25e2f39fad365df55a45617ede2ed5ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550133721
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9e519d8a-8b78-494c-a47a-dfa413f7a1a4
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 184
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9e519d8a-8b78-494c-a47a-dfa413f7a1a4
last-modified: Mon, 03 Apr 2023 19:28:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKVZGubRnhVzrH7ngAldVAz9bnx0UizoRuXfvQdT1Ih3tIGsJ7Vr0H%2BQA3mV0pXr2BNy5yRtv2CjcdJ%2BgM2NXEVW3RWuZuu61tzamwVmn9E77Hc4uCQhCpDXukbs26SljDY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray: 83fb51e93ea2a02d-SIN

GET
H2 200 module_96126751858_Site_Navigation.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030600211/ 14 KB
3 KB 881ms
361ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030600211/module_96126751858_Site_Navigation.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45c7614c18a99d6d92d12cd7f4f06a07ce88256882a8889574d265fc32eace0b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 553367
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"1e14b5836ec1ab1e8354d2661a31a88f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030600211
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c3011d82-0297-4199-b926-49756b73af1e
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 181
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: c3011d82-0297-4199-b926-49756b73af1e
last-modified: Thu, 03 Aug 2023 02:43:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kte6PW7o%2FiP0n0y8vBlxXNBWQNUFlrceOlAGV9I0gy91KhRbM37%2BZgm1ii76ubI4LX7dCDm3kdZhSjXdmh6PLxuo9YjjpkWwsQ3O%2Bus7Q0GlS%2BJ6DUjLimwhO%2BgU73p%2BxFU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 83fb51e90e6ea02d-SIN

GET
H2 200 module_125777074029_Navigation_Submenu.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210033148/ 2 KB
1 KB 882ms
362ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210033148/module_125777074029_Navigation_Submenu.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ef71ca3de1b4e89664ec102fe490b2abfbc80350253421c50a31bd3b22b9722

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 984780
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"4d29d054ec06349f29591688037aa80f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210033148
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 4d55eb47-d623-435a-8413-256bb8a12d47
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 163
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4d55eb47-d623-435a-8413-256bb8a12d47
last-modified: Wed, 16 Aug 2023 18:20:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JEbI%2FCxX8MVHzArceLmbdQYVNfkl0CogSVGzWHPTppn2saUU8skJ9YLpFPtJOx3UjJbNwX3sfAychlOE0cxIw0WMSy651LHp%2Fv1XAP%2BR2rpu%2Fg1J9tLqVS9nfRenYu7wNlU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 83fb51e93ea5a02d-SIN

GET
H2 200 LanguageSwitcher.css
www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.11/sass/ 1 KB
1 KB 148ms
145ms Stylesheet
text/css 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.11/sass/LanguageSwitcher.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

957a85939578fa14d2371922b58dcbf67f9b769e459f38699ceee6a84751134d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 0676a5fe6935c768360b164abce6620e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 2892119
x-amz-cf-pop: SIN2-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: iXRaVI6gvNO5oDb7NS9VHG_l3VoXX6Hh
content-encoding: br
x-cache: RefreshHit from cloudfront
x-iinfo: 9-134256843-134256877 NNNY CT(19 9 0) RT(1704285726555 495) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 10 Mar 2020 17:42:28 GMT
server: cloudflare
etag: W/"116ce0ec359fc58e099de58c90ed35b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2WvVCjW0q%2B%2BrZ%2B2qa0YM3HVQFxKADMKL0Y%2BybSgqIDW2yNlQ7wLEahyeHuKvFlrIovXypigJpCX9aDQ%2BW7kzrMAU4hiRR59%2F14z2npDgEZFAUrG0%2BeR3%2FcLTQhMY%2BxFyCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 83fb51e60d2e3ff0-SIN
x-amz-cf-id: VYsGVsHva9ExruEJUJUhe6yJ5Dk8O8M42Xs4hWbGYvTm8vp44S2MUQ==
expires: Thu, 02 Jan 2025 12:42:07 GMT

GET
H2 200 module_115948073012_Blog_Post_Header.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073012/1697137854894/ 2 KB
1 KB 912ms
392ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073012/1697137854894/module_115948073012_Blog_Post_Header.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a1f86c63c2ee772b07a6f678e7f8cd51b3aea064d83423eb213fb1df9d6b34c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 290067
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f5bff8587da6703942d1e04601fb2ccc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1697137854894
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: e6ed99ec-5dcd-46db-88e1-4ff3a609190b
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 150
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: e6ed99ec-5dcd-46db-88e1-4ff3a609190b
last-modified: Thu, 12 Oct 2023 19:10:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j5raYn%2B6tKjtC27W9ik7wm6lhhFgwI19xC3WVI5uGW03Bi2OqIt7T9WSb4UQ2pz5Vk0plX%2BUglyjR0s48BnE9YW9xwy8ql1VETt%2FV6jvYqBwKITHt8OgbhR1PCSNCosVFDI%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-q8s24
cf-ray: 83fb51e93ea1a02d-SIN

GET
H2 200 module_115948073023_Table_of_Contents_Sidebar_-_Global.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779300110/ 758 B
1 KB 864ms
345ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779300110/module_115948073023_Table_of_Contents_Sidebar_-_Global.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0420b36738d9457c3f40a67c69135b170861becd9bac983563b3aeada5287aa4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 197694
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"af2e09f2a3860d065ab2b884c54bad8b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779300110
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 82a4b7a1-efe4-415c-b255-450589605d86
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 168
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 82a4b7a1-efe4-415c-b255-450589605d86
last-modified: Fri, 11 Aug 2023 18:41:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvwAUVeLKKxSaLLRTrAOYsJgZdxYwjLaLITbpamVKuF2XeeeTW49WsZOo004Ic6Wi263paIV%2FlrjyQccco7%2Fztd8pGh%2BxvHTUeAXx06HZQ5S8AeU0jKUAuLJuLJZ56bOXKM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 83fb51e93ea7a02d-SIN

GET
H2 200 module_60280511003_blog-form.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832789186/ 3 KB
1 KB 877ms
358ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832789186/module_60280511003_blog-form.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e2924c80f612bf59a0cb21d31b05f0575ed143922e412e3e061bf02f5d5960a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1250544
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 14 Mar 2023 22:26:30 GMT
server: cloudflare
etag: W/"0beb1a886bb335c582b07556399b13e8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678832789186
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cM03sLk0pzLlUGIwpGo9Sf2KRIpO%2BtsBIstrs60LfNQOe6MsWaTtOSovyb550QYUjVAj1i3f58c3CLb6nYeUWFjL8RdSCwZwhp%2FBOzFWKlMlWvP%2B7GznBP1r41XnNXm5EWU%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83fb51e93ea3a02d-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_104582894481_What_You_Should_Do_Now_-_Global.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/ 46 B
951 B 904ms
386ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/module_104582894481_What_You_Should_Do_Now_-_Global.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8499144a67d70c01a19de99fb20ca5e7da3337e44814419b9a9c867da619b2e

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

age: 470778
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: "7e0b52d7773d1bdc69885fe97aa20285"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692928068437
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD66-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 169
alt-svc: h3=":443"; ma=86400
content-length: 46
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
last-modified: Fri, 25 Aug 2023 01:47:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sP1wjXnoY830kK1gIlJoC1ONZ66tCc8aLV2PVaEVvxnWTlvsB%2BsfjwHCruYW5YLJCWsrLvSaqxdxYjGlzhXdK2JuBE4kiiIEemrqIl3Aw9pApxBHPxpzeC8oLKXl1B2Pv74%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
accept-ranges: bytes
cf-ray: 83fb51e93ea4a02d-SIN

GET
H2 200 module_115642542216_Blog_Post_Conversion_Panel.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115642542216/1684180718003/ 2 KB
1 KB 903ms
385ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115642542216/1684180718003/module_115642542216_Blog_Post_Conversion_Panel.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d514e3fc3d638136890b4a1f61d2f861af3bbd8f997ca15685efbd22554538c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1075015
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 175
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5119b3dc-4a97-4ee2-81e9-253064842a10
last-modified: Mon, 15 May 2023 19:58:39 GMT
server: cloudflare
etag: W/"688ebc7b9f5e3593cecd51eb92e4c6e6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1684180718003
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KwxD%2FTub7aXqcJ36KrDWW8wmRVWNis83WoeSBdAoD3DKlvL4w%2BO6BwkE85XOLWUJpEoRVbtgBSYtuAJWKDeNivK70ueiP9O%2F%2BfiP3Ozqfwmhq0X6Bb6pxhO%2BMKLej3dVdeg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-65zd4
cf-ray: 83fb51e90e6fa02d-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_114784368718_Blog_Keep_Reading.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/114784368718/1684524759023/ 2 KB
1 KB 875ms
357ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/114784368718/1684524759023/module_114784368718_Blog_Keep_Reading.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1a1846f2d4d1abd1379f703e256e92f3b4b138f6dc90fdd8c99c58b7ca43457

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1229485
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 116
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 96dd81bb-9126-4eac-a5bc-abd140019136
last-modified: Fri, 19 May 2023 19:32:40 GMT
server: cloudflare
etag: W/"d922d55fec70ef38b027578f64a0010f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1684524759023
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eEkE5XB9FDuEs4MzevyLQ4A279TUBBfHHIGK0JK4xPZSevGf7B42PXI2HiyJL6O%2B8o%2FSepUpBn1WnT0VKY6bfetiaK%2FDw2oj04E9Z97saD9vy73lhRf6pTTLhAS8agtGKt4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-65zd4
cf-ray: 83fb51e90e70a02d-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_87397221683_Footer_Site_Directory.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310897/ 4 KB
1 KB 891ms
373ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310897/module_87397221683_Footer_Site_Directory.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 456766b19e4bca3d3e998e25a416376f2158061b925f28f32527aee2ff1e28db

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 553367
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"8853d36396f354f645f3057dfc260fb6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310897
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 360d6228-1ab6-4362-ab1f-c18abd614486
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 142
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 360d6228-1ab6-4362-ab1f-c18abd614486
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uTgyxGXKkIiNyO0UdDnScT4lwkMx7%2BgTkRmF%2Bl8%2BdGgOdFVFMmzLQ2tUBvhIxm9phyVU5IZNDliWqd6X%2FJjhXeUyhh51QCT3ckAi7gxaJu1MPjoLVEzcxlTdM%2BsiIOjWfs0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-j7nft
cf-ray: 83fb51e93eaaa02d-SIN

GET
H2 200 module_87930956413_Footer_Legal_Links.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87930956413/1678467830039/ 207 B
590 B 858ms
340ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87930956413/1678467830039/module_87930956413_Footer_Legal_Links.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f08978088fd2635efee64efe38bdf155d6258f8b547fca43381435d0048ce46

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1076844
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 18
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 10 Mar 2023 17:03:51 GMT
server: cloudflare
etag: W/"96007886169fd0ec341d641653f4f98b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678467830039
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8kMeuYdjjkGF6ipUCmB0ekgMmbjQG2PxieB%2F7D%2BmPwZYmBgpy3xbSmcTaW97aS2W8bDNkTpfGJQ9bBvt7pd6wBGEy6cfaknN6xmDvqzYtxn5dGjvscESuDN5YXznnz2CuA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83fb51e90e72a02d-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 18

GET
H2 200 module_87944291354_Footer_Copyright.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87944291354/1674235657411/ 45 B
476 B 859ms
341ms Stylesheet
text/css 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87944291354/1674235657411/module_87944291354_Footer_Copyright.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce52d3c9ed8217ae0ca3dd0479d5ced16baf2de6625e0c81166471aaa956136d

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1856173
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
content-length: 45
last-modified: Fri, 20 Jan 2023 17:27:38 GMT
server: cloudflare
etag: "c54f91357d03928424b38f6d19c9c224"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674235657411
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iIyl7plR%2BDHBkANvYE0wtYW%2F0Y9Mg%2Fkd1%2FlOaRA%2ByNNO%2BPCMtuLSFZ%2FluSXJfoO%2BufhhCQ7a5KBbtPQ%2FbUcUfM0vMs%2FA9RqiS10nO493z%2BXK5FMuCtOVWkmYr9N6oDvezjU%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 83fb51e90e74a02d-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 plausible.js Show response
plausible.io/js/ 1 KB
1 KB 811ms
166ms Script
application/javascript 84.17.37.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.io/js/plausible.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

84.17.37.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

84-17-37-217.bunnyinfra.net

Software

BunnyCDN-HK1-1059 /

Resource Hash

021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:09 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1059
cdn-cachedat: 01/03/2024 12:28:47
cdn-pullzone: 682664
cross-origin-resource-policy: cross-origin
application: 10.0.1.2
alt-svc: h3=":443"; ma=2592000
server: BunnyCDN-HK1-1059
cdn-proxyver: 1.04
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: public, max-age=3600
permissions-policy: interest-cohort=()
cdn-requestid: 1c0343c08df270bd30121b7db1fecf07
cdn-requestcountrycode: SG
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 601ms
50ms Script
text/javascript 152.199.40.67
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.40.67 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (sgc/5691) /

Resource Hash

2fe74f47043e8dd59d0efcf0c663ddfc1c0c0e2037c9f4be0adb67b6f9df7736

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV4
x-cdn: ECST
age: 338
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163637
x-li-uuid: AAYOCd1M/4HxP3mW+DRqBw==
last-modified: Wed, 03 Jan 2024 12:36:30 GMT
server: ECAcc (sgc/5691)
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Wed, 3 Jan 2024 13:36:30 GMT

GET
H2 200 Frame%2036-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 158ms
152ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 514610
x-amz-request-id: HCR0M4K1PGNC0FXM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 NNNN CT(8 18 0) RT(1704285726555 510) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"4a0280ec41a09339bc32b34cd26d66f3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428417394
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 f81208a29b5f00cfa13282b25b82d06c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YmacvXukdtrqgcUXsZZPYD9p7.OCqpBh
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GGT8d5ITK4hA1KiFYp9+pG4M6xoEfeWKuuyKAdZwDBaCxqHObHSSk7+GT5lUxkkbVQjD9hRxLiY=
last-modified: Tue, 11 Apr 2023 21:05:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKELv9riWKnj4Q31uv0KhxTWppYYOl9Pi0JYt6iVouOCyEWq2a%2FDO3CHCmE8QOmUix83zVz3dLJ%2FlCFWe6S0rnzt%2FzozTO7HCs5aPEAuaLxpyvKrNptfYO9Ub%2BC6ScxMAB8%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: UKe+aTfrxEbzxidl6sLqEB9WlWUAAAAAkR4uJS1RvwoZwilw+6A4eQ==
cf-ray: 83fb51e649c43f53-SIN
x-amz-cf-id: oe3q3XmN6lFanN8tCMVlHl-rMx8t8IAQbdg8aLZ2a1g6x3orne8MoA==

GET
H2 200 Frame%2036%20(2).svg
info.varonis.com/hubfs/ 2 KB
2 KB 205ms
199ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(2).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4450600125b5cdb5761654bbe725c5b4fcbc8e1a89f0a14b20f77157afc5715

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 510555
x-amz-request-id: 5M98GGK0MKPN2Q96
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256885 NNNN CT(0 11 0) RT(1704285726555 519) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"db75d74e33e96cccf27b2b6b95161418"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428486763
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 e3964230e2f6e90d463d5500cb5c136c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nlQ.JNOv_1Z2QlY4vh553LM_j5Qk51Cs
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MjB4O7rFwqhs5ntj0jOZoBKGhswnqltxK3gebrHFYCHUifRjuVu2FjWn9n+m6i4tcxJu9iwuHbg=
last-modified: Tue, 11 Apr 2023 21:05:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ov7TDzWUGltqE4VUnEf8gI1p4v4nkJPXO18lkNggatHowxIcQfXhU%2Bb1spu10oOHCNL39nnK9yWmbvOd01cmYaFNTsFKneanbpLPdp45eqab4eXcNwRivs2VOxw6d3oE%2Fc%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: VJpHVY2c/ETzxidl6sLqEB9WlWUAAAAAvWV8bVfr+rEBysInFGBt4w==
cf-ray: 83fb51e6390d9f79-SIN
x-amz-cf-id: RST1nUhlRgeUU5-BaVZQI7yUicMfAWW2GM4eSx_L74E6Coj-Ne8z4A==

GET
H2 200 Frame%2036%20(1).svg
info.varonis.com/hubfs/ 1 KB
2 KB 108ms
107ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(1).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-cdn: Imperva
age: 514117
x-amz-request-id: HCRA8WB68M2AZ0PP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256885 PNNN RT(1704285726555 641) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"7cba335c1df43bbb31b831c70444dc5c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428464410
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 c76130909cba12f494ee98f488e40752.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: jQIVfYXDwJPgRyEKdz3rJ1BSaSxuz0vz
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cOdTRusJDg2wPmdoPV1QWg7ypbwXDOtihZQj+JRv32LWFyFS2MefmPkDtql68dICAday5koMqZc=
last-modified: Fri, 07 Apr 2023 16:37:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQWtziKZvissF%2FFTgNU2CvLEMtT9Jf3afOe0pmgXoI13FFVy2ax6x%2BhZViOAJbKnVVA8AgildLSQq7cjrsUTl05SGVuJ79%2B2Kb%2BOvWEcmkvHQSHSJ0XIwF5dtoQmCnLDIp8%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: bsKhPWGAQFjzxidl6sLqEB9WlWUAAAAAccc441kPxJdSIWG1+6sbsg==
cf-ray: 83fb51e6ea199f79-SIN
x-amz-cf-id: oqLTjxjQqR7o3j9j8vS1yg14cJeRhE_J2VhobVU0rynchzYcoSUGiQ==

GET
H2 200 NavIcon_M365_2.svg
info.varonis.com/hubfs/ 6 KB
3 KB 109ms
109ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/NavIcon_M365_2.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 515200
x-amz-request-id: HCREYQHBXVBBQ6DY
x-amz-server-side-encryption: AES256
edge-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 693) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8bcc6d027ad47e870fe16a237dc73bfe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674081974689
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 f81208a29b5f00cfa13282b25b82d06c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: zwSqLSU0xjuOBDaiT8xXQbFQQAf95O6P
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pzCNrYpvALXaGLoJYz75m0SRBqD+YJpSx9nkghMwtjwRaiNs01mRIHqVVIhjX6C7WqqCTaDaQNYTKUTfmmTjGg==
last-modified: Fri, 07 Apr 2023 16:33:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wuSdTaxFNIwYngvO5lAyVMRozEV%2BPz73TWzb8cxpKBmtrIwibh31e4CmsclRXEb1cZ5bUide08zjnMLsiq00pQ23DgBBaAQUk3kY%2F%2FaHo40hqcoqa2ljKNnF2ECbUogEFGA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: t6unVzB0Om3zxidl6sLqEB9WlWUAAAAA47bhk5Yn6hInUFXFNwAqqg==
cf-ray: 83fb51e73b003f53-SIN
x-amz-cf-id: TCskXUKY8ZNSEc4BA5pDfnyfgxNbVulMPONTuPwIPMj7P8pXSJnrDA==

GET
H2 200 NavIcon_AzureFiles.svg
info.varonis.com/hubfs/Web%20Assets/Logos/ 2 KB
2 KB 124ms
124ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Web%20Assets/Logos/NavIcon_AzureFiles.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e648da8a366d494100d90e0af69a2945f34e53a2c70432ea12c0303039f2351

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 514514
x-amz-request-id: FREJ6BVGJKFX5DWD
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 772) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"39f1c52d2cc888b95c60463165cda36d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691417731365
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 914dbe74ea96bd4eab279d4e05aee014.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PQz0I5ZDy7h_rRyB67TOq3xY2tYQaD.k
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: UNscj80JQAkttBiau1K1BVk8G+JlSCeyQNuy0UP6HGhJAQiWB9JFqfo+FJ5vFixgwEa0qSruY+w=
last-modified: Mon, 07 Aug 2023 14:15:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxH3j9S8m6FO0MqweFaOuVZAY5Jmb6g40rgHAtr7mL38WRKyvd5B39Bx%2BPCNSmbQ%2FedyOitaMF%2FOPwiOy3ecxQs8J28kqq1FS3eEVnLedGkocLbIVotENQuFGRHvsthGZeg%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: B7xPdSDnTV3zxidl6sLqEB9WlWUAAAAAy7QZoGIyTZWz+dUSsYxxnw==
cf-ray: 83fb51e7bb813f53-SIN
x-amz-cf-id: sunI4_SxsEoUjj-BPGg33w_VR57LxT_V789nP81raDuJb9vHTN9D-A==

GET
H2 200 Logo_Windows_Full-Color-1.svg
info.varonis.com/hubfs/ 480 B
1 KB 118ms
104ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Windows_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db1e2dc64218b7044da50d01d0ffb83bcdca49a35b1ab7ffcdef6736863986cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 515073
x-amz-request-id: HCR6RVMAWFV79MD6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 1922) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"d694fe76cecc0228afb418373de25fd7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429615523
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 91c831638d7245b2d89d0c60131ffd6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .uN1VY8fE_6giU8Wl79_70fP6NJlVGUA
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BGDGVQsu235WrXLYWtdFsFp5xO3gV5F/1FY9xHDCaP98C4+nPtmo6vI2TnimSR8esebZGp5Z9x4=
last-modified: Wed, 29 Mar 2023 16:37:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UyrU2WEkpxl1nPSRqH%2Fyeprr3yrJEPBzL5ta8%2FlnAq9sPUzhcecWsaBpLtstqT2hCNyM26KPlQAEh3NhC97CEZRfRUKNVLeVNd1gGtJ9eUUAwDszPXSvE0RD4ibiHq6ifr0%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: fInGXj/ULiXzxidl6sLqECBWlWUAAAAACBxOQylc8XyiD11l5cDDOA==
cf-ray: 83fb51eeefc03f53-SIN
x-amz-cf-id: ZFZJRrfjTebGce7V567gAHtlhaP24SsY23FZd5itLFhn8616sE2ruA==

GET
H2 200 Icon_Windows%20AD_Full-Color.svg
info.varonis.com/hubfs/ 308 B
1 KB 125ms
112ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_Windows%20AD_Full-Color.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a40943594d5eaaa010c66254e2dc4a83d8bc53104602afda2e3b622b8e78e2f0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 514365
x-amz-request-id: 5T0DH21HAWRHQ521
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256885 PNNN RT(1704285726555 1924) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"cd83460848cbb057d8576e5cbd227359"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429626407
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 5fd865e604cad30b24a805ca3b6d4048.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: j0AZK7sFXh11TgqH_ROdfL.gi9gjKDU7
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: TGYkCCMM9kIw65zv/UbcZfPNP98omi9BRcCgQqMB/BFY7WmRCHDYd3wGYAoFdhzGijoxjeULEmA=
last-modified: Fri, 07 Apr 2023 16:34:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B7wXqZCdckS3a1z7s79yhAVXzgJBmrS5DLuGpgbX45WrRQIpH60bnjPAQc58WI9dC35T9WZdOQpTCtxTUgikxf5g5N1O%2FjxFdc3xp%2FthaxgQUV3HA48OgMxvJ9AF2Zm3wXI%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: ZEpJe4p6wxHzxidl6sLqECBWlWUAAAAAH8rBnLf8K/W2ReN/rrk3gg==
cf-ray: 83fb51eeeaee9f79-SIN
x-amz-cf-id: cNBCbt8WAdIQX-BGzHlZ7GdXRxlhVPYSnAEhvCtWpA6-0eub7OFERA==

GET
H2 200 Logo_GoogleDrive_icon.svg
info.varonis.com/hubfs/ 1 KB
1 KB 147ms
134ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_GoogleDrive_icon.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b40e79c5d412914e928d19e3cda375d940ed037dd6a1f6d7613b894e39898094

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 514481
x-amz-request-id: YKE4N0QRK916XJBR
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256987 NNNY CT(10 22 0) RT(1704285726555 1925) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"5ed1993efba372d504a94f9cededf3ac"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429633320
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 f81208a29b5f00cfa13282b25b82d06c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: C55Z6MT7XpHwV8In.o_V0y0xhp5ppwr0
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: sBjPHLe53Fk7XeBRkJNhf7Cozdra6KM0jeFSUPqAB2ZtLhoNmJFOmPX3sje3plMPW4HwJ1jcJII=
last-modified: Wed, 29 Mar 2023 16:35:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sGcV36Ki9teIZiNOpbAQfNXL%2FaJCh9B5%2BCr4EpXpT62pN%2B6xCBd4vQsFmHTrdSPD71VMNugTHWOZVoUAkoMvEPstkvrXCwA%2B5zKKB8ExaeFPZethNnGQ46WGfzeekC0BB9I%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: p7OGRfcmVSnzxidl6sLqECBWlWUAAAAAPOFmjSbU2+3Uz3EZA4oLeQ==
cf-ray: 83fb51eeec954067-SIN
x-amz-cf-id: mztohjmmUOEeVIncNiVxD0F4mKDdNqrlu9MHZyBNYVPBdD07huKSFw==

GET
H2 200 Logo_Salesforce_Full-Color-1.svg
info.varonis.com/hubfs/ 12 KB
6 KB 158ms
146ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Salesforce_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f24b7fa64d8f44ddd36d64d9a647d13caea3756513d97abd40e3c8754efc63b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 512376
x-amz-request-id: HWMXXVFJZN74PVHG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256989 NNNY CT(9 17 0) RT(1704285726555 1926) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"be309990b75f168448dbfedb6fa65e11"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429638821
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 844958a6c6c19e59b7fbdd2ad9cef208.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tAzo3ayGAIUKFNkzvo1.OA9IZRoodnWm
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 5/9xMENNtjr3SPq2ZkOgE9MKb2Tjy76m1e+VGnjexCe8Ki6T5GPMQLh1HWz+3Vgfjem9awufmEQ=
last-modified: Wed, 29 Mar 2023 16:36:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FBeONU%2FA%2F%2FQbG7bzWGCOhvzdfr6C7ldCVFhxx1JDRAN86DE79A8ks18FOrqrgps1CG7PbZpSv07wGXNI%2FZzDefHlLKWdosRere1juB9uZJOwjgcIJ0gy8%2BJX23OhVKMjGRc%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: fIwPMVFyORPzxidl6sLqECBWlWUAAAAAyqBa1iQqyev7NfXkDyATAw==
cf-ray: 83fb51eeea73ab59-SIN
x-amz-cf-id: eV50x0Kk-Xf4YYRVeH7fAktAbnLx8YAS_-0Z0qHOHFpgqum4CgeEkw==

GET
H2 200 Icon_Nasuni_Full-Color-1.svg
info.varonis.com/hubfs/ 3 KB
2 KB 296ms
284ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_Nasuni_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10426b160a932ef2b98908d2f32aca756777f9d0a90ee2d7bc334cb1629e0ddd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 511283
x-amz-request-id: TW7M7ADKDYRZXWFW
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256991 NNNY CT(9 13 0) RT(1704285726555 1927) q(0 0 0 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f0b0eaa5332ee7de29889d93840bfc0f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429645009
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 5fd865e604cad30b24a805ca3b6d4048.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KGxnFvJWYxjnwQ.jwg9Mt9Io5nzlo9bc
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: M9JRRDage/D1I7cvcFcY05U1FynYTjwGYBBrZVBzEN3xeHPZvc+Ap/fGyCtesfO0U5LIsaSKTkk=
last-modified: Mon, 03 Apr 2023 21:49:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MmaNlvsLTfbEEmAyK9XKfDJRUGtvZ4uEmwiLCSe9OopgFFQANDHl8jH4A4YnvMH6egXOO6iBvYqVGf8F4MnJhu7SXE76gaatM98nFPUG2ZM19OI%2BClBsqYWLGigK1RpYtig%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: nZXmTXRsRDnzxidl6sLqECBWlWUAAAAAx2HJbS5Fbji9FmzT0T12bg==
cf-ray: 83fb51eeed91a138-SIN
x-amz-cf-id: jB6DNfjrmOlqW1iuvb9jag6_rRobTfPCnwYH223h2x_AtarF2TfkFw==

GET
H2 200 Icon_UNIX_Full-Color-1.svg
info.varonis.com/hubfs/ 13 KB
7 KB 159ms
146ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_UNIX_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5db5a02e960dde70bbf77fb6d28c61d4f6b5c291b3dd08d76a678d17c2d96420

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 514012
x-amz-request-id: 5B43Q6CDS3C2WNJ4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256993 NNNY CT(10 9 0) RT(1704285726555 1928) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f95d3f7607cf257b1cd570a34d5e7499"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429655074
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 5fd865e604cad30b24a805ca3b6d4048.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: TAyhZrsomXl28HGe2LLLazlL86PmY7x0
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hkOhmHC4HihkS8PW2WhN8ENB0aejTOZ6rBe0j1+yTDsjv5Hxfy9fr3Ez4lZViXCOIC9QNAwWNIg=
last-modified: Fri, 07 Apr 2023 16:34:48 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FJfsqW4AeTobGQQWuBDyAoYrsRcolvxUn4W2HPhpyz8x9nInMPue2%2BqNcVzRdDCOd6WPDANG42YuxU%2FpRp%2FfUubbUR92v0CfMxTa5VfPFCB8hcHQ%2BKYFMXGlg9wsW7KrEdA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Tpq5GoBHmCPzxidl6sLqECBWlWUAAAAAGCtQg3AVB5SPXIUGV5KZGw==
cf-ray: 83fb51eef8b387a0-SIN
x-amz-cf-id: t90e7fPWTWLhzW6ESDypkrQ0lCm6xvdspV3CODJClz5FFwMweckSeA==

GET
H2 200 Logo_Box_Full-Color-1.svg
info.varonis.com/hubfs/ 2 KB
2 KB 157ms
145ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Box_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0adb972147098e0e4d6abbd7b83952363c8eab82429760136816142d675e321

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 515198
x-amz-request-id: D29CVD36HCAVBVTB
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 1930) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"12fad58f529b97c18d6081296d804d47"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429662187
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 261dbbb56805d787e4e94407d9511a46.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4bnH0nYJLrnJYB2scTeniXFFZf3HM_Ur
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 06AZfXEXoanezU8JuXd+dRAZsmvwoA16TKzzp/CaJkURfNlMsDAR0YxMFc2a/7x7tFueN7vimko=
last-modified: Wed, 29 Mar 2023 16:36:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6go%2FfS4KKhnRrzlnAyFBpn71bQPuigiTP5jIJ4zjLcTPJREFX%2BRXh808eJgmId1yNUHWvVdfqX2hfD6ZmxAlGg4c5NU02Ns%2BsOVRmrPTiHot%2Bq1fuICeKZdBTdmLSUcXJ2Y%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: QW5lZmigZ2Lzxidl6sLqECBWlWUAAAAARrJDYD2Z3xjLFdGy5A9ggg==
cf-ray: 83fb51ef381e3f53-SIN
x-amz-cf-id: 4dykfUGVWltXXi8muq97djHtTuabKKIqk2HbxgSi209voV-k3QqQHw==

GET
H2 200 Logo_Amazon%20Web%20Services_Full-Color%201.svg
info.varonis.com/hubfs/ 6 KB
4 KB 186ms
174ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Amazon%20Web%20Services_Full-Color%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12feece8311f076308c2bbd3d8de66155192ea9df9a705a486f8e4684c45c5c5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 514842
x-amz-request-id: GXSSHE2TJT24NPTM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256885 PNNN RT(1704285726555 1931) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"9ec8f05ec8b4bccf14856667c2f4af0e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429669382
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 ab94358e0d2d36f8b4f6ff94645b8b38.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .hqD1QhDm8nt6xQNshEa2DyryB7lp9Y3
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: KiartN6NXPwvaKG51iyV5lhjIIFd9F8bk/riF+yX1VUi5tGM+qw3+WS+xTyyjg5grvPHDXIBh98=
last-modified: Wed, 29 Mar 2023 16:35:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8xp7rQ3T6vNLQoWw3ToLT17Q9ZVZYhh6OpGaTBun8bqXxzDvNPMNKuM3ng1l6xmTxJzSRrc%2BST%2FI2eD7ZGOxhvWeVFLK1wHvc6t2mlxSB%2BrqQODPtHoeuUlOs8fXgJOkclE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Wao9Xtu0A1jzxidl6sLqECBWlWUAAAAAVn0le8nTFOCbSz4otfEMQg==
cf-ray: 83fb51ef4b539f79-SIN
x-amz-cf-id: mVMrPB03XxFULyP21nawAOF-FvJDsQUJ73qm80gObNlG5KQ6hM5Jdw==

GET
H2 200 Logo_Okta_Full-Color-1.svg
info.varonis.com/hubfs/ 3 KB
2 KB 213ms
201ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Okta_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bc3c3712e26de83ecb08d0360e70ff826b4fda86e8348a3ee2208b4ab2ebad1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 515124
x-amz-request-id: HR8DADB49SZ7DRKP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256987 PNNy RT(1704285726555 1931) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"6ae59b6e0ce4f86234daff364456a46c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429677378
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 cc91f4cc360b8afb58871d3847b754c4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5b0dmh0pwNv7XUyXYOrxaO9n9Ea4swdz
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: oDCeV9ZqWFfOk3ABEC8w1Xlv/dExVlEWFR12i247ISYUT1uVpuuq9OC9W6mog/FtLzJXC1KEP30=
last-modified: Wed, 29 Mar 2023 16:35:58 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pOSqqNWZRsx4%2FdamxowQ1OeIO%2Fcei3ipUVkuN%2Fbiw42QLUaZGMJiyTKWwJmX4zx%2FTnz2xT8qBYZCz3taMvyYAY1QrzFV55QYB8MCGSjfAJ5JmaelGPghG9lOn2mBX4GKceE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: xW3uH6wuORHzxidl6sLqECBWlWUAAAAAAYgf4SmmtMUokTU9ZEZFJA==
cf-ray: 83fb51ef6d184067-SIN
x-amz-cf-id: 4no6NU-O8qYjbTwXA-mGeHxJ3qPeuHaXnet7e_kkBdEI5uj69hTJ9A==

GET
H2 200 Fill%201.svg
info.varonis.com/hubfs/ 1 KB
2 KB 275ms
264ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Fill%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a074c8ee602a0b3416f69defbab28371abb92ce73f934afa6e58ecec72b9256

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-cdn: Imperva
age: 515124
x-amz-request-id: STEARTSQX1KRK693
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 1932) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"6980550af35925ac7c226d9e70c95932"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429684459
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 d3dc7fce70a4cf01f01f6bf06755098c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: T17L.OC3KO6B91DsAQ1bpeTtHFnJrWVM
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 7oe9tK/qlVaKHwDWUhezTEP068aq6vnnKGPw5A1wQMXSrpOUioeMbZbRHDsEhaQSoavptK1nB2s=
last-modified: Mon, 27 Mar 2023 20:18:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6z1OfYrFmlotab6I%2BnMdh%2BqQazGneJdCafo%2BDVXwm%2FKNChkw8LAsEkpSXUHzWu3zJz7KCVR6hgXAaL6VpH%2BBT6KuuP5AzjqaBk5wc70IfZlQaaiDwqLE5XhRT9OZ67R0vk%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: SS3DW/cH8Tbzxidl6sLqECBWlWUAAAAA3BaVl/PoANM2qwC0oYgfeg==
cf-ray: 83fb51ef88643f53-SIN
x-amz-cf-id: o8Qe3rTVIZYaGd5G1hknc1eWDgM0MzvESvCMk1lQg79QilujW8ONHg==

GET
H2 200 ed-lin.jpg
info.varonis.com/hubfs/ 6 KB
7 KB 322ms
311ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ed-lin.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd6a2c2e6967a14b880413da005bf9e57a394669242cd4dcf91855df7d4337ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: BCEBYX892XHX6ZPR
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256989 PNNy RT(1704285726555 1933) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="ed-lin.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "7050e00d88f77a2dc46031f138a5bbd6"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646951273866
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 b1b6dd278ddb4020600ada83f7d40a58.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: P3H0.gP1tnVz9BcPSLW0qz0Ase06hoXp
x-amz-cf-pop: SFO53-P1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=11595
x-cache: RefreshHit from cloudfront
cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 5674
x-amz-id-2: Bu3FABeHZQxIZkm3Uy8/KGXsUweBYARfE5F8EDGIkVaAgmKha8GyfVFbGr0GK5vLtkpu1PvU8ok=
last-modified: Thu, 23 Mar 2023 21:22:16 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r6HXaVUJGkxgzeKAGZoVDCVLTVvdOO4sra5zEbV23S6%2BzzCUcsnkQ5n1G5va1rC4%2FteuR2x8UJFf%2FXjAgttVhDbe8NqeLa1qLC%2B7BSg7dyhB0bIVsS5F2AB4SsaRxUC1di8%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: DTJbJOzO9D/zxidl6sLqECBWlWUAAAAAbticaDFyTu/iNxXZj16KTQ==
accept-ranges: bytes
cf-ray: 83fb51ef8b60ab59-SIN
x-amz-cf-id: -hmoBTygBD59yIAjdi3CUCX_68DiBYTPkq4qI-gcHKTpipTQ9EN1pw==

GET
H2 200 Varonis-IR-Team-Hero.png
info.varonis.com/hubfs/Imported_Blog_Media/ 603 KB
605 KB 1416ms
1405ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Imported_Blog_Media/Varonis-IR-Team-Hero.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbc0f30e58b2a906e2bdbdf999ce1d8352660f5e59204c6c47efc3ed98b57cb1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-53579990612,FD-44912348718,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: 6GS9K74DCHJQF36A
x-amz-server-side-encryption: AES256
edge-cache-tag: F-53579990612,FD-44912348718,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256993 PNNy RT(1704285726555 1934) q(0 1 1 -1) r(2 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Varonis-IR-Team-Hero.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "1d5e5b5f6ac7b95785a2ec24b8b34f02"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1629751499546
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 05ec74146f636de45e985d09f62976dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1zRIXrh8Eao6OPKyBQYuLbybW_l5hNxj
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1188495
x-cache: Miss from cloudfront
cache-tag: F-53579990612,FD-44912348718,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 617178
x-amz-id-2: Cf4CZonEI53eGBtlizdm71feQi8NGB/qv67r9ZgwXIS9bRr6+Ptjp3ZBe7POMmp+e8KDVcv+Hdc=
last-modified: Fri, 10 Feb 2023 22:29:48 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1CriFXhdxIE4lhW4ZZUMWZyEjIIr%2FDGRt358J3ZPQ0QGlOQkcSekuI0vfTAlw86XlbUPNjQ24F6RFwLO72h4CCwSbGHjDrY6Ta4zXLqQ4JsLA3vkjtkaBrYr4Y%2BP9jV7wQQ%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: CmD4Yg0GTFvzxidl6sLqECBWlWUAAAAAwlT4U8EFLZR0HSB1NJ3hTA==
accept-ranges: bytes
cf-ray: 83fb51ef898487a0-SIN
x-amz-cf-id: FpmlvOWWNzV4jd0B6GV8uhq95QEvlx1NT9fDyFJYN7ZnT3CmjOEr2g==

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 485 KB
154 KB 1849ms
1349ms Script
application/javascript 104.16.137.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.137.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc2e1c7db0ffa63e5333bc3771c96bf5c5d704332d79dfcfbff8bc16187b1abf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4371/bundles/project-v2.js&cfRay=83fb51eb1a8844b7-SIN
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"982d8d22d576c26eb044b0e746926bef"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4371/bundles/project-v2.js
date: Wed, 03 Jan 2024 12:42:09 GMT
x-amz-version-id: wkCPEW5SoVMi9CoHH5BglhAxVEpTVVPC
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 41b4b9cb-856f-4e7b-9b10-208ee8f9e5da
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 41b4b9cb-856f-4e7b-9b10-208ee8f9e5da
last-modified: Wed, 20 Dec 2023 09:57:15 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JnbOyw09YXZWHAdGRueKt1rjFrmVMoPrfDdK%2FqIa%2Bj8sC5WnzbWBRiqTMZAq2RIBnQT4KJz0e5HkOYd1l8GILI01Z%2F%2BcDNaR%2F09gWC%2BlmSTp2TZfLw2l4ONfkMsWZjMb"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-h8t9m
cf-ray: 83fb51eb1a8844b7-SIN
x-amz-cf-id: DoLgtm7tqJBAWdGMyBUeZenoKHXFC4nYCS8PpGmtJRr4tYV-k9CPYA==

GET
H2 200 Blog_DebunkingDSPMMyths_202309_FNL.png
info.varonis.com/hubfs/ 627 KB
629 KB 221ms
210ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_DebunkingDSPMMyths_202309_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a281330b7c2282a20565d51663b28ed618b8b6ddb4eb8242cefdd8283eb13cb7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-135813579384,P-142972,FLS-ALL
x-cdn: Imperva
age: 510588
x-amz-request-id: JQ3TJFTE3801VDBX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-135813579384,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256885 PNNN RT(1704285726555 1935) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_DebunkingDSPMMyths_202309_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "17763da7f2d681be59bdb3848f64b47e"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1695238198383
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 914dbe74ea96bd4eab279d4e05aee014.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: c7NLh.Gxied0MoIvTHCsKXmuxJ5LLF6u
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=885895
x-cache: RefreshHit from cloudfront
cache-tag: F-135813579384,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 642324
x-amz-id-2: 4UQZkeFofTRTar3Gd6VEpeKpB9VDQNMfpdtiduezybDwm+FxBeAb6eLn+DpBGEi9glTs7rh1BKsloBxogWmhwg==
last-modified: Wed, 20 Sep 2023 19:29:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AWMdBc7Y8AUa%2FkAa5qsbj88Om8mQ0AN%2F8bDIa%2Fgye73KvvvJtKCdRCOAUqwcQcZPx5N1ARatkIy6oh0v5yImJPMcKx2Y3QBE%2F9gVywZgqB%2BbjVp9MOBMvD0tu8slsDQ5iHc%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: +yLjJ4TuH3Lzxidl6sLqECBWlWUAAAAA1Mfdb6db7MT9putF+C7pIg==
accept-ranges: bytes
cf-ray: 83fb51efabdb9f79-SIN
x-amz-cf-id: KEjl-zlGluZOMrzNhT-7rMHZru32eISEPFlwS_A7rry6WPf4YhfO-g==

GET
H2 200 MicrosoftTeams-image%20(1)-1.png
info.varonis.com/hubfs/ 12 KB
13 KB 320ms
310ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/MicrosoftTeams-image%20(1)-1.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5869f8ae61b66d78a6de0c52b94436d47899e11d112bee6445b5aedbc5868970

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-121885984550,P-142972,FLS-ALL
x-cdn: Imperva
age: 514515
x-amz-request-id: VAEV1R1PWB79BRYD
x-amz-server-side-encryption: AES256
edge-cache-tag: F-121885984550,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256987 PNNy RT(1704285726555 1936) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="lexi-croisdale-headshot.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "056b0911eae4bb7e7924d7becbe495bd"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687455265218
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 3440b79c112e9514e3e6f25a7439db3c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ha.TpWDKzWlipeSVTZBWC1BYcTdNCIpu
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=69085
x-cache: RefreshHit from cloudfront
cache-tag: F-121885984550,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 11916
x-amz-id-2: 4WqMm5LIX+0n8hf0JjnErDkb8vC0APzhaseJXN4fYj1ch9/0ViKBh8w7I2Iwf0OdSF6vLXtKUFM=
last-modified: Thu, 03 Aug 2023 17:44:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k2pdyeHDv3tED9KKJq91q2fB0bzOxi2YZWmnWebVDK3MppTSWjLkV3%2FbRVR9yBzQF5jRDpMZPaMOE5aD0SnvitTlFay90TNpNSosQj1DRVDhYum2wn7w9zsqGDzCeoDPAwQ%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: yRfcBk/+1AHzxidl6sLqECBWlWUAAAAAF0PKSC8RS3zCCGmFNf3BoA==
accept-ranges: bytes
cf-ray: 83fb51efddd94067-SIN
x-amz-cf-id: e9fj4Rpc-qYG5kfI6qjYmvMS6c7k53ljDQaSmq_V3A0MHBnII9pLRA==

GET
H2 200 Blog_CISOAdvicefromSpeedData_BlogHero_20231_FNL.png
info.varonis.com/hubfs/ 483 KB
484 KB 322ms
311ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_CISOAdvicefromSpeedData_BlogHero_20231_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

651bb2dc3a4634b30334a27eee2ce53901b2750f0ab8c091f2e25e93a52aee3f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-149920257173,P-142972,FLS-ALL
x-cdn: Imperva
age: 515124
x-amz-request-id: F0HA3XJ59WY21946
x-amz-server-side-encryption: AES256
edge-cache-tag: F-149920257173,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 1937) q(0 2 2 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_CISOAdvicefromSpeedData_BlogHero_20231_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "a571a0334199c3d6dd34a75a59c5300c"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702565575165
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 b01cad2ed1269880253c38e06a99f4de.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: LOXxTexu1aKIAmfL0veaRhOhzB97CTT.
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=671664
x-cache: RefreshHit from cloudfront
cache-tag: F-149920257173,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 494082
x-amz-id-2: n+pt2qVSSozI6ICfnMt0XX8gE/cvWZWTSakHx98UGhlsX+uOeJVDZ0gGUVATB77KgUZS9wDNcHU=
last-modified: Thu, 14 Dec 2023 14:52:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FKxwlyLFcFGviEevEF8ORrVPIdgNZ0QL0b1%2Bk9qhovcEg%2BJWb0HMhyfP0sq933p2w50TAy0lCDmz33fM5qGedy%2B7kJ1I2CNTZexb3ir2IbGlcuUjge6BBqagRApiC65jq%2BM%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: df8FCgbEPmHzxidl6sLqECBWlWUAAAAArdziB/FbjItx0Ukx52zLQg==
accept-ranges: bytes
cf-ray: 83fb51f029463f53-SIN
x-amz-cf-id: dUYNj-VninmvIsguaWsb7XW58UTuk6v23iQMfpMMXd3AkU67u0RklQ==

GET
H2 200 Megan_Author%20Photo.png
info.varonis.com/hubfs/ 33 KB
34 KB 2588ms
2578ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Megan_Author%20Photo.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb849a169f3b5ec132c50c2fbf85053671e849aa6421d55a5eab5d22feb75b3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-105894741257,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
age: 515196
x-amz-request-id: Z2755BQ6JEKTAQ4C
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105894741257,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256991 PNNy RT(1704285726555 1939) q(0 2 2 -1) r(9 9) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Megan_Author%20Photo.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "989355caeca6ff42e2f2ffb11828a9ca"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678400614926
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 3440b79c112e9514e3e6f25a7439db3c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: VUsiAQUInNsnX0B100DG9NupFL.VRVFi
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=67302
x-cache: RefreshHit from cloudfront
cache-tag: F-105894741257,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 33294
x-amz-id-2: neayKojW01lUvfwSPplOlxA8eUQ+8+gwpDcuMa10ZH3c2Ffop7DbTB/YcAKOoMGhdwpzgc52SZc=
last-modified: Wed, 29 Mar 2023 16:38:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aVh2xgQUqhm5JPXcPlyLunjWlEBSZOMVngMaxTHAoCku5xNHlRP324eyA6A3Y2EzmHKxB%2FkPJJZbjbliSb%2FCZ6E2q6Ltxj7mnzeMCnPYuUi8C0wUfLE%2FDYcsVlkN%2FVep%2BIc%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: BOcoUeuG0jTzxidl6sLqECFWlWUAAAAAAXgCj6XJn6t/aOVmGPjSkQ==
accept-ranges: bytes
cf-ray: 83fb51f03f6fa138-SIN
x-amz-cf-id: bPS-X6U3UV3X4NE0uHd9ktgbNouIj-IAHmXmeT3Q1NpcKW8R7i9OCA==

GET
H2 200 Blog_USPrivacyLaws_BlogHero_202208_FNL.png
info.varonis.com/hubfs/Blog/Graphics%20and%20Heroes/ 1 MB
1 MB 372ms
362ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog/Graphics%20and%20Heroes/Blog_USPrivacyLaws_BlogHero_202208_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cda8a0ab9bd5461151a18173515c5a597af845054d6c5476f85c2a01d1b6160e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-83823854760,FD-109375700770,P-142972,FLS-ALL
x-cdn: Imperva
age: 510548
x-amz-request-id: MDF2CQJJ8DKV7021
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83823854760,FD-109375700770,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256885 PNNN RT(1704285726555 1942) q(0 3 3 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_USPrivacyLaws_BlogHero_202208_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "263815ed47bd5cb02b1113b0e01863c3"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662146385978
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 2ca4ccff3a1366a36e81c34e56cb1296.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: pxlF0JnfoxWe9YEos5iM16LPqLsOjsdQ
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2302545
x-cache: RefreshHit from cloudfront
cache-tag: F-83823854760,FD-109375700770,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 1523056
x-amz-id-2: tRYn9CEUuw9o9KW2/o1PRsG/SmJvnVLhYYhU1W7orhaeGIqaGMEiDOCosn+nBS8KZtIZrcL0To0=
last-modified: Tue, 11 Apr 2023 21:10:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EP%2F5TmToXECYmKv5NMgMm%2FAMU02fnAz%2BR5elojyWn2YcnTPI3wYnVFKV8m3Mqzs4AIJOrwVSlhHpfDEFlghYBKqfAbzff8ZHyVCEi6Prs6coMJEhaGM7FevlWkiXAPfm6w%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: UPXAOT2GiTDzxidl6sLqECBWlWUAAAAAu6QlRBPHjjWf/wMA217nRw==
accept-ranges: bytes
cf-ray: 83fb51f05cf49f79-SIN
x-amz-cf-id: 7FNeIaULlUB1yZvt4JnqrMh7bxq4v3zy0WQm1tWgjrpF3mMwEnTDFw==

GET
H2 200 Mark%20Weber_Speed%20Data%20Blog%20Hero.jpg
info.varonis.com/hubfs/ 51 KB
52 KB 1415ms
1406ms Image
image/jpeg 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Mark%20Weber_Speed%20Data%20Blog%20Hero.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a98e6573aa43aa760480589e09e812b6c094ff4f6c47cc2c6ed20160e8431e06

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-146273274881,P-142972,FLS-ALL
x-cdn: Imperva
age: 515195
x-amz-request-id: 0EE22S1V9QKF0EKJ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-146273274881,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256989 PNNy RT(1704285726555 1943) q(0 3 3 -1) r(3 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "51d5493bfb8611cbdbc52cbfc001387e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1700502642743
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 aa1a30846e0095e7119e3af834f718c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: IQUSFXjP0R6hlMHR4yLTUraHmIWW54zG
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: degrade=85, origSize=203364, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-146273274881,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 52286
x-amz-id-2: +MFxs9IniDT0VHgrQD1q3ZqCkCUH1EnGQwyvTCskg5sHJyQA5tWXypttJW6Ul5k0N7Me0TBEFer/+hqXbAmurOUvGfrtP6au
last-modified: Mon, 20 Nov 2023 17:50:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=frznN5VeoADW%2Byt29NuGRhBVrNjGi%2FJfxKp2Tyhvq%2BLBe6TWfGCe2YFZCpwTbD2BOtMhwZrN4JSOv4Y9CgdmUatPBnGWCB7pKHpOWQRJyxYVoJEw5l%2BDT6tT6N23RZrACqg%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: XnuXFsJlZ0rzxidl6sLqECBWlWUAAAAAfDV7Pk4zQglnwMiLw4gkUQ==
accept-ranges: bytes
cf-ray: 83fb51f05cc7ab59-SIN
x-amz-cf-id: 8XPoeHGRXdjqAk__lYTzZpdEf1boLSqwaPHsZth2thOXWZChhQlsSA==

GET
H2 200 prism.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/ 19 KB
7 KB 210ms
161ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7b88bddc6c757b2fc8cb113e2469801ab14a78ec1a8fada4d6391e3573f5f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1705637
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6336
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-18c0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzADQmFP%2BueAaKHSRKPVQq3Kqm%2FFiZxl2XOR5FdcwKLJRY0BvnDUJvlE2WISVpqph%2F3u7KrD4X8WUBM%2F6EAUD8fEQpRMkVK%2B6bU9gRczYlGrcNeovYrmMsb1e3XzTDVLRtXpxMr5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83fb51e939c33f5e-SIN
expires: Mon, 23 Dec 2024 12:42:08 GMT

GET
H2 200 prism-autoloader.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/ 6 KB
2 KB 90ms
90ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0233342795c86e2079f7406bce72c481918b9ce416aedeb6b37044abae50fc8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2892543
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2202
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-89a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=stG8rwO%2FLTwgoux2CDx8Aay4uIGAtEzXZuaCnuYopOEWax%2BoDwIyV2baMPmLIKqLHazIEVhevpwRTk18ca9F0wPJGWDnFqZsOesoIFdpqGbP6cb0Lz2oEobMDwsc6TW4zlBmE5UB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83fb51ea3b313f5e-SIN
expires: Mon, 23 Dec 2024 12:42:08 GMT

GET
H2 200 facebook.svg
info.varonis.com/hubfs/ 634 B
2 KB 804ms
794ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/facebook.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a5034e01d5b47ec7eee2b3a45a23919684146c27b715f4fd863037b11b2abff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 515194
x-amz-request-id: Y6V28G7VHMZCH4BZ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256987 PNNy RT(1704285726555 1944) q(0 3 3 -1) r(3 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"9667ebfd8e6880e7066c322b0b25a6c8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219654732
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 e210e35eb3b86a214f96a9c0bbf8557e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: WA7pU2leNpTprUjaVEZpDKXqPbClsTVp
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Ze/rJjijplTQjFRPmM3zidRtEAfEBJh4u5rkNW/OUvAkPuF/zHuMH0iEUzqw6i9yetP/hyahePc=
last-modified: Mon, 03 Apr 2023 21:49:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6eJGecnkcC7wph1kpvzK%2FzpL8vvd4Vf%2B%2Ba1ioLw%2ByLC1RZmqEaYBJK4dXIhi%2Fh2lwfqcDfOcBg4a%2FYpO%2FaAWCVK779NHAysuHnYiMl6Butny59%2Bolkk7ItwgqnDQz0ZCQw%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: dmmeZaW2dQXzxidl6sLqECBWlWUAAAAA4jAvROIdjR4NZUOwZEs6lg==
cf-ray: 83fb51f05e954067-SIN
x-amz-cf-id: AHnhJB7QjMWL2Tf2xQBGYiHFi52pidUyeJV5pi1R3ISk5tLZ_aWlBw==

GET
H2 200 linkedin.svg
info.varonis.com/hubfs/ 1 KB
1 KB 1413ms
1404ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/linkedin.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b4639302db82b725feb2fb5b7c2f16d1ef8abe70409c496fe0dc777e143f45d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 515192
x-amz-request-id: MTTJKZ8FV0EY1FPX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 1945) q(0 2 2 -1) r(2 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"15f6f62efcbc0f51585cd41ce283b99a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219666618
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 a70d15c0de6117f8c3e081ecba9408a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QNfQH6UicIJK0KK7LA52dQI3xwAuEigm
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QNE9dBCqXYFyMYixN1TRgn3/BN9V0TtSzu3t/3lm13+SoNpz/ww5wDlosRA7SfOW7XPc90UV9x8=
last-modified: Fri, 07 Apr 2023 16:33:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjgLTEj%2FtEWQe6T82SJhvP0eE8E9gDDdl4GYKWSpXvfk8BOI2pTpiAHczLsr8jLBkCcfq0wucuzVgzU89tSPwRtES9%2FPVBvCfMdrygx5SQh4ulNqy0ZKhtQ5IWDaTPf%2FAuA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 7ccKO9EbwUPzxidl6sLqECBWlWUAAAAA/utQlAa8pvu1PNVouBDiWg==
cf-ray: 83fb51f0ba143f53-SIN
x-amz-cf-id: KxyRbf8Bz3ahonmBJZE8n0zB44YFbDuFuYk84NEcRPtf6PzwYXq6GQ==

GET
H2 200 twitter.svg
info.varonis.com/hubfs/ 1 KB
2 KB 2530ms
2521ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/twitter.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3daf9b6a39281fdc04a57bdabe589d9aa970719d22733e04fc1ab799b7a5db49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-cdn: Imperva
age: 514895
x-amz-request-id: 4RNEQFCH6XCGTMFV
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256987 PNNy RT(1704285726555 1946) q(0 3 3 -1) r(3 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3ce4a000e199a193e3e73cfac7b4e108"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219676422
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 318dc0d466d2a355ca0bbeb0721ef1b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5d9b1tur7umZsj9sMPaWqlWPAKNW7KFs
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: U2UNvm5FGPnHSgobIKVZKJRM/bYiXiVwEwONvF8h8OxAQ7u4Rf9qjWSsUZZkxX2SjrzS1oufIsU=
last-modified: Fri, 07 Apr 2023 13:49:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X6A%2F7xdwdbROF3VgDpTeWZivN51JCPCh08Co%2Bqd78F2zdZMvMu1i3DIuVXrPRpDf9uCettLbkuHRL6uLTAJgV1n2lajgx0Vq7%2FrFKk9jA%2BtZZPC%2BcJFkTBYbkaZqYjWHMvA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: ESTeHaEeI3jzxidl6sLqECBWlWUAAAAA7BBMjIjM45fwQQhQqhD9nw==
cf-ray: 83fb51f0ff5e4067-SIN
x-amz-cf-id: BgC0hMSgudvG_vAFeoTcJE7n6RCdLLfJ3o98Rpxju10sLs46aLX7_w==

GET
H2 200 instagram.svg
info.varonis.com/hubfs/ 3 KB
3 KB 2524ms
2515ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/instagram.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae925eb57e9822aec57086375bcf93fe910d7c6c0d83cf10bf448c5348aaf0b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-cdn: Imperva
age: 513083
x-amz-request-id: A50AFM6ZEXQY5SHJ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 1947) q(0 3 3 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"2eeffa913d57b77cfd604f3ef1fae9ed"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219687130
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 1a425d1c4a67bd62cbf8d7a0405627da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: meODPhL4FdcYRYplK87hLr86vudDDmQz
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NFVvMQQm68Wc2jCGlxpwQdxfJ6DWrTYZoPqKuA/iLus8b++BV8hJKRRF48EpCwgN0bn0NMi0Wxw=
last-modified: Mon, 03 Apr 2023 21:29:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hDAnscYA5zAHctXS9XpvalYOU67c3NwyWhB8sekdlkuJ0iHpyduX8gFK93p9UjIZwihm6udzJQgAzs%2F0rqhUeO3g5mTmB%2FofocHzVJ7dSfJZAkeHSJoX%2BL4i1qo5NUQg6eA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: qdrfFEfbYxjzxidl6sLqECBWlWUAAAAAJY6F9jnkV9OB1ayHMs3yjA==
cf-ray: 83fb51f13abd3f53-SIN
x-amz-cf-id: Oj0kN3CxZqJCaAHuBsZQDpz1JDNhkvUlWsjOUgaeudOiQGSfhlgJbg==

GET
H2 200 ISO-27001-Logo%201.png
info.varonis.com/hubfs/ 2 KB
3 KB 2528ms
2520ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ISO-27001-Logo%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b15ab10a2a109c8e59d604cd4101cebe7aab42ec227f8f521398e063bfe0217

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 515193
x-amz-request-id: 5DT1GNWANVHWSPXB
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256885 PNNN RT(1704285726555 1948) q(0 3 3 -1) r(3 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="ISO-27001-Logo%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "a413509b077bcf2faa7621b0d5d4de36"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604427281
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 2ca4ccff3a1366a36e81c34e56cb1296.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: timIF1O_gxoEXq7s04ImeochSBRbmAhf
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2523
x-cache: RefreshHit from cloudfront
cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2066
x-amz-id-2: DVl7/KLawAnljWUIKzO0g5PyA8N+NoMYt6xpTOQhtWlYb4G6IwcwDVqtWR/JPjQTItdyWUH9qJw=
last-modified: Wed, 29 Mar 2023 16:10:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hbi%2BB2tzfmf0MHl8quTQ%2Fd%2FCd3He2RILJgBFePdyWaFvZgCtJHr78LiadG25u2hEWz5b6mBJVfQrTldaLC9Ks%2FmPTaVclTYP75YOt0iRDzT9KpsJmw6gurvC87oXIn1gDdU%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: TDYYaonZNg/zxidl6sLqECBWlWUAAAAAgVn3wAN4sA1WSfzftLpZJw==
accept-ranges: bytes
cf-ray: 83fb51f14e1f9f79-SIN
x-amz-cf-id: MoSa4uUg-XET8DU0u9LimHr7SeMEAyudL-CgIOAMyDiVTSUSIiF_4A==

GET
H2 200 ISO-27001-Logo%20Copy%204%201.svg
info.varonis.com/hubfs/ 13 KB
11 KB 2525ms
2517ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ISO-27001-Logo%20Copy%204%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba1b3f329ba47639a8586777bb19db73a9c3e37954b5e72ff97df8e0ea931062

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 515193
x-amz-request-id: Z9FND032VXZFM3DE
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256989 PNNy RT(1704285726555 1949) q(0 3 3 -1) r(3 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3c29f40cae554dd8c7276ac63187dec1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604432436
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xgSkvj92cQLN2iNJZ_lFxRESVIwvyqH_
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: iuash+7o2vdzgkXSyEPkSAB6if0eiJO5iu39DUUah3nnZmW34CAkV2kdmkQm8hgCH22zAmNCfdk=
last-modified: Wed, 29 Mar 2023 16:10:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HfRZhbdMtjFUbXmgT3hHFmA2XRTd6usFNUZlmxaiCIMzcFMKA%2FTx3ZvO%2FSELpG3nyqbq6O8Mp5MoBrkrZzg8fmwdsveUjuXVORS7LRhHrKD1kOovy4PEgAAY%2BULMhMydznI%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: j6lxX72DK3Hzxidl6sLqECBWlWUAAAAAr+98MpG+4bwvh5Zs317ywg==
cf-ray: 83fb51f14e4eab59-SIN
x-amz-cf-id: ISqYpknlevQZBoMd6E-ulJEtLdQyvh0kliNOgvv22tvQt0vD1Pk4-Q==

GET
H2 200 STAR-Level-1-badge%201.png
info.varonis.com/hubfs/ 730 B
2 KB 2526ms
2518ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/STAR-Level-1-badge%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ea31af1ae38b9f8194f93234449262a79af7a7bdac0938c740c62f0eae9d85b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-cdn: Imperva
age: 514841
x-amz-request-id: S4EY4KB9MEFNMFN9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256993 PNNy RT(1704285726555 1950) q(0 3 3 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="STAR-Level-1-badge%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "21b42231b455b1ad08b6ac53b5081df7"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604442982
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 11db54d41dc7b64f760df4a169363db2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3t6QVHH7wvf.mxjXy3Y9twhVmeBu1ejQ
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1187
x-cache: RefreshHit from cloudfront
cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 730
x-amz-id-2: apCV7jaAG7pORqFWrZoB135sHWG+RWmQFoGGGsx6mRRrYVq3N6cjhXS4m5J1VX9unBFjn+dm2IQ=
last-modified: Fri, 31 Mar 2023 14:59:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BN9vIYKGp4b5%2F5vVYU04N2CwDRSlIMPCeevOOK6tBW%2BU1Q2Pi9CE4wNBH4FzltCa4GT60YC%2BJa9TS5gEV8Kvd%2FDj79wGozTRkYFd65Q1uwztTJCImlAKNvyUpregi7AMxa4%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: qM5zVwCxTxvzxidl6sLqECBWlWUAAAAA8/enEi5+aelO0qgBmGqjAA==
accept-ranges: bytes
cf-ray: 83fb51f17c3d87a0-SIN
x-amz-cf-id: vuh3J1AtdSqfVdm47HBwaSW2uTe4ufrXFn_X-E7LLqN1Fjv_ES9k9A==

GET
H2 200 AICPA_SOC_250x250%201.png
info.varonis.com/hubfs/ 2 KB
3 KB 2527ms
2519ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/AICPA_SOC_250x250%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42222ea51046de258be17a4b61f802c94c29d8feeacaaa4ae194c590198ad002

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 513581
x-amz-request-id: C24AKBT28R4F0HKK
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 1951) q(0 3 3 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="AICPA_SOC_250x250%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "3086eb0e182b996b1bd0e515cb8d5ddb"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604414374
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 927285687bace94d90da4630edce9fec.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QOLtmRwBZ0.MIDnZrV1Q2ii25CJ9jxJq
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2732
x-cache: RefreshHit from cloudfront
cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2104
x-amz-id-2: d6P8qTa0NDdWluI76YgVYxkTM7IFwNJsoj7HZhpC6vIdP8nOgXwQLsczOVLGvnQceqEYM6jsU9cH9xeou1dpQCfy4bm9DKypWbIkNh2eC/c=
last-modified: Fri, 07 Apr 2023 16:34:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HMeLMZtLSAedkKWIt%2B%2BC94XMyfJRlAyQnGrvTvCjm5u09N9d7NiwXtpWK394ZkRCYxFjMtvzeec6rTVkbeurBtHY4ipcIHbkZ9UbLlU7kZSjcBUxPpmv9l5GJMqcNeEkoxk%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Kx0fOq0eqWvzxidl6sLqECBWlWUAAAAAT3ebPxOJIN0JlNdp80QF+w==
accept-ranges: bytes
cf-ray: 83fb51f17b103f53-SIN
x-amz-cf-id: 9wmBlrH-YPb3ABalTd_ndoffXEyoOtWfxSnEXePpC7V6zjYha3-sMA==

GET
H2 200 niap_logo%202.svg
info.varonis.com/hubfs/ 11 KB
9 KB 2584ms
2577ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/niap_logo%202.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2c5c92cd55477571c7e757c4105315c813e710586cf1f334f809e8c93d845c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 514451
x-amz-request-id: 8AXNKBHC1N5ZAC5Q
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256989 PNNy RT(1704285726555 1952) q(0 4 4 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f7049a9fa4c9ccda9202bfdca55095ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604438044
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 1a425d1c4a67bd62cbf8d7a0405627da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: i_ozlwX4ZN4wsFQgd.1gm.ZEAGKJ9w6P
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 6HqGXqdPtSYOrmVWVgyFupEn3LXYRwv3eLbP2BALkoMaFBLR35tqEuXWsCgaJvoO1sIsRgJIENU=
last-modified: Fri, 31 Mar 2023 01:17:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ihnJskucVy7FRBIr%2FOJIgS0Pwn0I3yR1YSOrffVYqiQVv%2FAzgOXL546VZe1JbWsEUhKQeD0f%2FuQDokMuogzYzy2eHcrXnKR5pVrXvhoYJWOEJ64QO5XuwBYm35SZWRjrDds%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: O3+0f3Qrm17zxidl6sLqECBWlWUAAAAAIX48Pv3fF9CVp6sJCCNUAw==
cf-ray: 83fb51f19edcab59-SIN
x-amz-cf-id: vnopYFnJXtvhXOMH_FdM9Ch-MelZuf9Gy9tfrlCayg1qk2t18Nr82A==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 806ms
217ms Script
application/javascript 104.18.95.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.95.253 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:09 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 6a453f38d14868702eadac9560675990.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: SIN2-C1
age: 567143
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fq79ea6oJivtov3tMxcfckjZHc7hrfsu8%2F0nyS5lvLOfnHcHJLNTXtiORAN8hLG4Ow%2B4nVW%2FYPI%2BwzBJWN7CPPz5zzy8NXU96vTz4KogvfymmFLn%2BGKdCf4UAX4292Q9ERVjhySVgjs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 83fb51f2de3b3d80-SIN
x-amz-cf-id: kZmY6gJTOxcRgiNxpVFxZdnH9V0rBqJ2eHBDTx65_YUTh27Mz9AjSA==
expires: Thu, 02 Jan 2025 12:42:09 GMT

GET
H2 200 announcement-banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/ 304 B
704 B 133ms
133ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/announcement-banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5ec6b8d820581f2d04713d3bea37883b0e5c2881f7bb108e13a3d63249c4867

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1179141
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:33:00 GMT
server: cloudflare
etag: W/"ed246e714d8f7084f9613208eb724cf5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550379808
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fn4A9uPtRI5Mp3f1yKZUGGx7YaGdvdUQHewE9bFgQuQExPrvco7b0XKE42a2fTwTiutuPOoxeeTqnZrNmMppKx72%2BVRl%2Fkmm1Wnm6%2FwtQvEWTkKmz8kCRM0fkyQ6I5chQyk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83fb51eaf8daa02d-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 cse.js Show response
cse.google.com/ 9 KB
4 KB 600ms
83ms Script
text/javascript 74.125.68.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.68.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f113.1e100.net

Software

gws /

Resource Hash

adc1888f05786d618ba9904a8f0aff48c7bf6e84fe3842e417a55dd0c3df687a

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-q8tD8l9M9hiSxcsrvPXH7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-q8tD8l9M9hiSxcsrvPXH7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding: br
date: Wed, 03 Jan 2024 12:42:09 GMT
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2985
x-xss-protection: 0
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
server: gws
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type: text/javascript; charset=UTF-8
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=

GET
H2 200 module_71662020467_Announcement_Banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/ 865 B
876 B 122ms
109ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/module_71662020467_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6cc38542df851f8b331cdd5ac0dbe9929c7968d347c62d93c22b91ef560a931

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 478163
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"6eb6d7132999731493bad4b8e9e19c88"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1675114923395
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 909721a0-ff3b-48f3-8b82-eaadd29b4011
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 133
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 909721a0-ff3b-48f3-8b82-eaadd29b4011
last-modified: Mon, 30 Jan 2023 21:42:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7jwZ5LEhH3hZ0zBBwkOT8J18H6G3aC4W3HUNaMWfaJ5SWV0IGUjTsH99xVjrYH1W0d2cvFJ7uK9Oeuh9ofDh9yykXWEBGBUoEO95wVP2qQZK%2BFbbiazYPx5AAqDE7PXNmD8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-j7nft
cf-ray: 83fb51eeddd7a02d-SIN

GET
H2 200 module_97266453797_Remediation_Announcement_Banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/ 860 B
924 B 129ms
117ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/module_97266453797_Remediation_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 386427
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a25c4019cb8b6fc47eb8ed83cf1076d4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550132881
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 39a13f21-25ae-4cb7-9386-f54652bf2e38
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 141
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 39a13f21-25ae-4cb7-9386-f54652bf2e38
last-modified: Mon, 03 Apr 2023 19:28:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=10g7QWCiqgGjfMZVgbDdk9nXnoLqaTn6klBe%2FQrKTPres58z%2FAXSayBy0L9G1p%2FJFxf1k8vyyMwXCHtwcSQCG1ObdfPXFkcNLmGI52lhwczbFwOe%2BLDkcxgHgSk%2BkWJF8B8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-q8s24
cf-ray: 83fb51eedddba02d-SIN

GET
H2 200 main.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/ 10 KB
4 KB 121ms
108ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/main.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:09 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 195235
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 55707f89-9b97-4ea7-8e8e-690170738527
x-envoy-upstream-service-time: 151
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 55707f89-9b97-4ea7-8e8e-690170738527
last-modified: Fri, 01 Apr 2022 11:44:17 GMT
server: cloudflare
etag: W/"c4d1fac2b0b677aeaa2c2ade72813888"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1648813456943
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jBPIGE3SSGEDemkRs%2BH0rTAbKqgHsFTg5BDwnrO%2B76%2B%2B%2FpOhVos%2FpA5H%2BcvtobB9eYO4%2FaDnRAauUNFuGTkUE6oRBMkkKgh6ACOj9T7XS%2FGZospOv698%2FkWhvGNxkS1WmYE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-7fw4c
cf-ray: 83fb51eedde1a02d-SIN
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 module_96126751858_Site_Navigation.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/ 4 KB
2 KB 126ms
114ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/module_96126751858_Site_Navigation.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 470778
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"066f9d11e54f30bcda41cc81ace646da"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030599466
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 490a3902-2e15-49cd-8cfe-50266492d64d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 244
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 490a3902-2e15-49cd-8cfe-50266492d64d
last-modified: Thu, 03 Aug 2023 02:43:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2nzw4WzRBy85bBRQtZl7c0krTDZe3GpO2UhrdKUjfk%2FhttWE%2BEEcVjazvflBivCJxwheAXNBp2lI5ysizYUy2Ky5NGZMdGy01nXVdTntUMDKAKxKhyVHxIx3LfupJXAi6w%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 83fb51eedde3a02d-SIN

GET
H2 200 module_125777074029_Navigation_Submenu.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/ 1 KB
1 KB 125ms
113ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/module_125777074029_Navigation_Submenu.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 1172211
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"131209442a05e734a14e3bd00f89bee6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210032469
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 03 Jan 2024 12:42:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5dba04c5-4646-4a60-ae3d-bbe90cda58a7
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 198
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5dba04c5-4646-4a60-ae3d-bbe90cda58a7
last-modified: Wed, 16 Aug 2023 18:20:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRcE%2FgIeK%2BRFsSHjHO8ryu6HS3kBQ4PhVuIWNcQRz4D9DJ5hQLoqCvjQ4THwGugIlOB2Os3hBIJrjS9FYRxPT0ouZXYEIUrajGoJp8aKiE5rcc5LV1OoUfpFvzQ9N1R9neI%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 83fb51eedde5a02d-SIN

GET
H2 200 module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/ 2 KB
2 KB 141ms
129ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f5e45ba0c943167a203ccff2d9b3065c7767b1c32c33e6b21af38da1738b8a7

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 383891
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f95490701022c4b61b9aae62631a9ad7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779299533
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 47583cb8-397a-48c6-9b65-c7e53ea6169d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 199
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 47583cb8-397a-48c6-9b65-c7e53ea6169d
last-modified: Fri, 11 Aug 2023 18:41:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFmZY8nlplg2KWbTi2HcSMn201vjtWfag7S6QWHO5PTD2nqEtzhPXIuHLHF3Vc8q5JYXuSmmVZXTW%2BQ2V1YcH7bSNohNMAP0Fn6t%2BZ5ncjAYNWxnbvFskHVyki0kDRLxd%2BM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 83fb51eedde6a02d-SIN

GET
H2 200 module_60280511003_blog-form.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/ 232 B
772 B 179ms
165ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/module_60280511003_blog-form.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dc5ff8e8d54854daa72a30a2bf8345b75255597251028dad23e18510e635b98

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 383891
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"199d600316628445ac927b3b2b5d292b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678832788379
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 596c1d22-08ec-45db-8661-a3eece14dea5
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 234
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 596c1d22-08ec-45db-8661-a3eece14dea5
last-modified: Tue, 14 Mar 2023 22:26:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYFCA8H6UxlQ%2FRk6as4MZ5oEMo%2BReSXUcVy6uu4yS5tvRP5U5t5qZ5JHL8%2Bs00punm%2BxMXbdECg0qc6sjo6YEJebFTPayoLPNzKnrnu0pr6f5lVNG%2Bfe%2F6m172G5Lp1O0F0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 83fb51ef4e46a02d-SIN

GET
H2 200 blog.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/ 1 KB
1 KB 187ms
173ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/blog.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f6b8b612b0090fdd0032dfd7071745a0b99149bc01a55cd24b40086ede2b8d7

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 553367
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"577f12ced843bbb8382cdbe78669b3ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1685000791604
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b5392a22-56fe-4bb3-875e-6554306b6fff
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 199
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: b5392a22-56fe-4bb3-875e-6554306b6fff
last-modified: Thu, 25 May 2023 07:46:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZUADhR26pOV7RHELFeZ%2Bie7A06GKaj9Iz2hUli65gJYcw7cVFLIrJO0Hzjg97cW32faESfsjUldSTQ53uvWNc87Nvfb6y60RMaIQg32COWLqAgfeK48yUBrJyrjEvv53Z4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray: 83fb51ef4e48a02d-SIN

GET
H2 200 jquery.toc.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/ 1 KB
1 KB 182ms
168ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/jquery.toc.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 293810
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"39e23085840845568c2de46aea67930a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678780073283
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: e2df3224-79bf-45de-8753-66430a464bf5
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 193
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: e2df3224-79bf-45de-8753-66430a464bf5
last-modified: Tue, 14 Mar 2023 07:47:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c2wnszSSIbj%2Fx2rPl8DydcoPOlpqLmXSrdtuZaNtMaYugI3N2WSvKL6dzQYjeO3NUPkhqoL1wDecnrxdNCQVK5lMOj8g12oXG56X%2FLv9FMEE3MeNTy9n7qcmIXMo94BI0ko%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 83fb51ef4e4aa02d-SIN

GET
H2 200 module_87397221683_Footer_Site_Directory.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/ 577 B
879 B 187ms
174ms Script
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/module_87397221683_Footer_Site_Directory.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 1333116
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"b7e1d67d9b7a486bb634ad966519a8bc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310222
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 03 Jan 2024 12:42:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f62e46eb-1b10-4124-89a4-2b403c1bab5c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 156
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: f62e46eb-1b10-4124-89a4-2b403c1bab5c
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rjO63YtP3%2BChVypQBU5lNKvAw4SqMBuRpMsp4C6WZK8zcKkiK636dHGXAhXk7%2BfegqN6SUhDwd9NQ8ipOp0v7pquFcULRACSibMLzhtKJbBlu1ZAgpelrdnDUbWmrS2K7VI%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-8ktx6
cf-ray: 83fb51ef4e4da02d-SIN

GET
H2 200 142972.js Show response
www.varonis.com/hs/scriptloader/ 2 KB
2 KB 2586ms
2579ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/scriptloader/142972.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97f04fa82ba3917eb12728a7e3b4d4057923bdf90f44d325932a0d61dee59ce8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:10 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7cd20aee-aa2d-411e-beaa-c59d94aa21de
content-encoding: br
x-iinfo: 9-134256843-134256880 PNNy RT(1704285726555 1952) q(0 4 4 -1) r(12 12) U24
x-envoy-upstream-service-time: 7
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7cd20aee-aa2d-411e-beaa-c59d94aa21de
last-modified: Wed, 03 Jan 2024 12:40:00 GMT
server: cloudflare
x-trace: 2B4E165A47F9B86D137683B73C962B9CF51DEEC40C000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-9b6w4
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVhEQzByjRF5DZmMBFx61JG%2FTQoxmwF0Tz5Ba1jE57iMUKE0FSHwog5OW1VGy2d%2B5U7PsdT2vppvysv%2BWkTzEYmyrPwjHMejCvsryRcen37FJjzbRjQX%2FZcFMqC%2FqHBrTw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83fb51f1bf5d44a9-SIN
expires: Wed, 03 Jan 2024 12:43:10 GMT

GET
H2 200 index.js Show response
www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 2582ms
2575ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 f522b6a8c8e425336aaa599cbeaad88a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 2816896
x-amz-cf-pop: BKK50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 9-134256843-134256877 PNNy RT(1704285726555 1953) q(0 4 4 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1E1m4oR8BcM0lC5hAriNuE5hfsVQ79EKZP05RKVk08pxPQtfU17pgNiOWrrYvd7Hycup43GAwV5exF9pBEU7YPVeHPbU38shItAw5vQJH%2Fp43bH6dmZS261O9Lukyr29Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 83fb51f1bf633ff0-SIN
x-amz-cf-id: JbWXDkgPhIthGpN7CykA0Knbbz_MoCyopmignBDH9Z6n3mzawHSLXg==
expires: Thu, 02 Jan 2025 12:42:09 GMT

GET
H2 200 _Incapsula_Resource Show response
www.varonis.com/ 145 KB
20 KB 97ms
90ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=477231678

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

418ffe5db334b8d460cb846ee44b26448c47c239883447d8fe2dfb3f169b2b1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 20769
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 339 KB
114 KB 635ms
114ms Script
application/javascript 142.251.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

777fa3c67f6d7d7be4840b6bf52240adf3efb13f0c4a9f367f8cf8c0f1c5d31a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 115961
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Jan 2024 12:42:09 GMT

GET
H2 200 Graphik-Medium-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 46 KB
47 KB 1011ms
428ms Font
application/font-woff2 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Medium-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1703194631284/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
age: 1079340
x-amz-request-id: 5CC17GC0K7JHBQ6M
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "b1508d27f0878f1a2c67e3104acc6f04"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839921
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 03 Jan 2024 12:42:10 GMT
via: 1.1 97c5e5bbb7dc36ff0b6b29ccefb4baee.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: qsBQrK0UutXz6JHO9XDG7lT0R2bZ_P1t
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 47393
x-amz-id-2: 3kDcjYmkOH+Z5RBS05z+RPd+S3aiFqV+3k449S3y9M/K9t2e0gITs3Zdm8V+wfoas0fsC8Omv+Q=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 83fb51f2c9404c2f-SIN
x-amz-cf-id: REOCtLg0DMgzJxlVD86PXVxK9DmqNJI4uZTbFNRfFG4geXGMLM_d8A==

GET
H2 200 Graphik-Semibold-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 47 KB
48 KB 1737ms
1154ms Font
application/font-woff2 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Semibold-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1703194631284/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
age: 813496
x-amz-request-id: 5CC8K1WNH1RHE4NC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "912a296360c873da4d505fecc03d44a5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839881
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 03 Jan 2024 12:42:10 GMT
via: 1.1 c68aa4270b22c7e4e7044fd6df451f70.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: mxuwX8fqRvNjrtNo8SAnedwxdNDRhr6l
x-amz-cf-pop: HEL50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 48237
x-amz-id-2: 7RFnlOsg06DJbIxEh0x5ihQAzLzfouuOvaxWO0DDYodJhZdNvLq8d234lA3OAPNc4vpHuXlmRDg=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 83fb51f2c93e4c2f-SIN
x-amz-cf-id: K8oiB0H8NUp9hwG-UXwdn9_D-aHGX2M_B1oedj2M40Uryot-q5brow==

GET
H2 200 Graphik-Regular-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 42 KB
43 KB 1735ms
1153ms Font
application/font-woff2 104.18.41.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Regular-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1703194631284/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
age: 201385
x-amz-request-id: C25S891BYNXFGFAP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: "3c6b915f90783765fd47bc0e05b46078"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839928
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 03 Jan 2024 12:42:10 GMT
via: 1.1 8f4e0ffdaf6aff45124ff701a42582e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: dC1ZTBx86DO9UlmT3zytQkvsH.OIjcRF
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 43329
x-amz-id-2: 8FM6eLOFmLBVFG3DL/3QDeO8w/WJ/3tVeE6S/zlcZLfChb8Ol4cbgzSBhcBJ7dCTHY4K5wO0mNg=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 83fb51f2c93d4c2f-SIN
x-amz-cf-id: oCbbpNaA6dRby5oVnKVwsnkquCw1JQgbzfvPfc8lXXz8nWOm1VpKfA==

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/142972/40a8f297-80c2-4c34-9572-8648458abed5/ 5 KB
3 KB 1150ms
499ms XHR
application/json 104.18.176.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/142972/40a8f297-80c2-4c34-9572-8648458abed5/json?hs_static_app=forms-embed&hs_static_app_version=1.4371&X-HubSpot-Static-App-Info=forms-embed-1.4371

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.176.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

843cc74e4d2e2ba92294d12ded85baf059fb5eee64c0431dee6640cc759f31ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Wed, 03 Jan 2024 12:42:11 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 7d37d25f-fe4e-4567-ae11-2dc52b4f7d02
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 6
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7d37d25f-fe4e-4567-ae11-2dc52b4f7d02
Server: cloudflare
X-Trace: 2B2B1D87A5D5F8F0DEEFCF4F52E5B7303C5DDDE4B7000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.varonis.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 83fb51fb9d183fa1-SIN
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-tnqw9

GET
H2 200 electric-blue-bullet.svg
info.varonis.com/hubfs/List%20Bullets/ 207 B
1 KB 1202ms
1201ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/List%20Bullets/electric-blue-bullet.svg

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

579b9f734819f583199cd70b03c4e919430a74dd7698921ef16465b41d934769

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-cdn: Imperva
age: 511283
x-amz-request-id: WAT7D2CFZ21T1JRB
x-amz-server-side-encryption: AES256
edge-cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256991 PNNy RT(1704285726555 3304) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"11a69afb5c346ee7879933cb8018fb16"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1686756510007
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 5482351e8bcb93be701264b475dd3018.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .NxTwPt8HK_D1KNCw2RVpUG949n3i.Ds
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: d/fS+0e2w1k/6tiHpjYz8PkJPEnilun0un6yGGqjmg9ds86Fw8v6UNdbdoMhD2kYheSSr/9IOcI=
last-modified: Wed, 14 Jun 2023 18:26:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v9zNmvFMwkcTLtNRtVq2q5LxzAgg%2FVm9vG2jh%2FIFrC5%2BETf3MS0x5JkkKycPs3T2lL99kAQLMfe6Y6p%2Bv%2BEBosAaXD%2F6QE0OA4ig%2FHTvlST5aHf6ZcRJqEpV2CJh7GpqD9Y%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Uw5YDs3pqgrzxidl6sLqECFWlWUAAAAA4QYgaF7Fmn2EIYE7yS1OXQ==
cf-ray: 83fb51f78811a138-SIN
x-amz-cf-id: Mj9Bfb9Bt8XVRnsfJR9f5D_Uz68hx4gk3vryL2u8fl23DzxZVHUTWA==

GET
H2 200 left-dots.svg
info.varonis.com/hubfs/Blog%20Assets/ 2 KB
2 KB 1199ms
1199ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog%20Assets/left-dots.svg

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

842abfe134599c5d48d4ddd88bde8d24bd36b32b22bea540837311364b7ce2c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-cdn: Imperva
age: 513975
x-amz-request-id: MS218079CZ3DEK44
x-amz-server-side-encryption: AES256
edge-cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256989 PNNy RT(1704285726555 3306) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"254492fd49488a86ceb0dec13de43a23"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687458027842
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 43ea48c3f6365b58e0e610399bbffb40.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ehUGABsPDh.TzD7OR2EU0s227ASA3VJS
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 41o+2DYdJ0SVvDdagXqNkf70n9xyyywzRbJoLEuhXtYoiGfSv51DSztJPEzIEHyV9wPVuruwypbDfuJ2eEQoJVo4gaGQ0Fki
last-modified: Thu, 22 Jun 2023 18:20:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IrC6GFC%2FbRR%2F9bmUvWEWvUBOUESCV9BnxcMl8hd%2BYw1ZVQ%2BxvbxYRHpkT32Joh8%2FBg9vrKDFBsZcgISjZbIE137qsjhELd8eIwDSghUUj%2BcO%2B2EwUCjevwgd%2BuRaZr07384%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: RKVEQPRMcznzxidl6sLqECFWlWUAAAAAjqwoCMmPf6BiRafzb6Qe/g==
cf-ray: 83fb51f7880cab59-SIN
x-amz-cf-id: DzRLODtSaumRwLznuWhLXkuZquVth5tKl1gzA1K9-Wwu_E-dT1Hegg==

GET
H2 200 2019-07-15-16_45_00-idu24554-10_60_72_92_3389-Remote-Desktop-Connection.jpg
info.varonis.com/hs-fs/hubfs/Imported_Blog_Media/ 9 KB
10 KB 1257ms
1255ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hs-fs/hubfs/Imported_Blog_Media/2019-07-15-16_45_00-idu24554-10_60_72_92_3389-Remote-Desktop-Connection.jpg?width=538&height=646&name=2019-07-15-16_45_00-idu24554-10_60_72_92_3389-Remote-Desktop-Connection.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7dcf1ed0e0a9dad981e5c38f1e12cef3acb43c52e1511bd68daa7ffc91ec6a6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 261dbbb56805d787e4e94407d9511a46.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
x-cdn: Imperva
cache-tag: F-53574988132,FD-44912348718,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256987 PNNy RT(1704285726555 3327) q(0 0 0 -1) r(1 1) U24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 9142
cf-resized: internal=ok/h q=0 n=1043+0 c=1+25 v=2023.9.8 l=9142
last-modified: Fri, 10 Feb 2023 22:06:49 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfJ-0KtRTSR2mgSjkT30B8awXmXo2x18tX3RPcnGHfDQ:9162e8cda5323ff67cda0aa37e25047f"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b2pEzH4Nf6O8y302xLByzDFxAy8ol3IIpCSPmfI9cBPxVy1cfPokWP4wqFd5JZ%2BgsQ%2BD76H6K%2FhS3pT2NrXsE7rr6KHjsAz2xsC6emhTJ91p1olr6oaI1%2B3E6uZSzl3tm60%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-incap-sess-cookie-hdr: /xiRSogUF27zxidl6sLqECFWlWUAAAAA3pqsFRG+2zLxKQ0Aq4lRmg==
accept-ranges: bytes
cf-ray: 83fb51f7b8c84067-SIN

GET
H2 200 NTLM-brute-force-blog-1.png
info.varonis.com/hubfs/Imported_Blog_Media/ 51 KB
52 KB 1254ms
1253ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-1.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e95568becfa0171d1990a4941bffcbe470ac34deafa67bd3dbfb4a5c63414878

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-53580091209,FD-44912348718,P-142972,FLS-ALL
x-cdn: Imperva
age: 218616
x-amz-request-id: 1AQRDDH5M0QSPQHQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-53580091209,FD-44912348718,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256885 PNNN RT(1704285726555 3330) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="NTLM-brute-force-blog-1.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "f88cfb24e6f5e53b0af3a1734a52b335"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1629751489417
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 97c5e5bbb7dc36ff0b6b29ccefb4baee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Cv0iMvVOQnm2wJkACng4qSmlA.ZldEfH
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=79624
x-cache: Miss from cloudfront
cache-tag: F-53580091209,FD-44912348718,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 52128
x-amz-id-2: vgo7K3AMVYz0n0/X96Pg2MGQU/BCDy7PuSzCegIWRT3EBgTqC2cS+JW2wQ0+Do/rjyHEs5SDi4U=
last-modified: Fri, 10 Feb 2023 22:37:01 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JWD0rvjs9VeJOgQpnHPkHEWl8MyNVlXSB4aU0aQ%2BNafmoYZaF2s8%2FurdJ9GwlxdNv87%2BdyuFUwmh%2BIlvAIHVk2umhECHRVpnei0Q7ICcAhsuKLTpS8Aa5FT2TcvArmNDkBc%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: +ebfJBGjKFbzxidl6sLqECFWlWUAAAAAK+eqm8wB4CMI0hsX+Mx+1w==
accept-ranges: bytes
cf-ray: 83fb51f7bd759f79-SIN
x-amz-cf-id: AuYZqFEigDFUuD6S01O98Byu6hY6Mm5o2MeWcifjTy5TSCHsaPic_Q==

GET
H2 200 NTLM-brute-force-blog-2.png
info.varonis.com/hubfs/Imported_Blog_Media/ 18 KB
19 KB 1255ms
1254ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-2.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12eca6d41ac5b6b6f68c6309fd26134d2db7ba3b5e9179a5ac2849b00a084093

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-53579900267,FD-44912348718,P-142972,FLS-ALL
x-cdn: Imperva
age: 114808
x-amz-request-id: R8HER798E0E78RV9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-53579900267,FD-44912348718,P-142972,FLS-ALL
x-iinfo: 9-134256843-134256882 PNNN RT(1704285726555 3333) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="NTLM-brute-force-blog-2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "492c1be4f51cec00fbd88e2975705025"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1629751500723
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 03 Jan 2024 12:42:10 GMT
strict-transport-security: max-age=31536000
via: 1.1 d5395aef0c58da123cbcc801b71e308c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5MzFhVwBKx.WoaeEA5_Ol2n8Zh_A9_aM
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=26085
x-cache: RefreshHit from cloudfront
cache-tag: F-53579900267,FD-44912348718,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 18678
x-amz-id-2: gQsKBkDwdI4leacfDAKaJ4BqQdlHbQ50oe5ImaW9vIpntRltrOipayJnnOkzitiJV7CjimkTtwA=
last-modified: Fri, 10 Feb 2023 22:21:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J0hA9mi2blXL9PwWegW5CVNRCabMe8bYpKzqe7dDK6SyQtazqC4d91uJdc65ocz2NI9KPMoOxU94jJfois3cewxTgOc9KPqSGZyHHDExVnApzLXF%2Fvmjlp5PdOqE2vbstNs%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: r8WtMIkXbRfzxidl6sLqECFWlWUAAAAAGyuh5+flzY9B66ppKtIkaQ==
accept-ranges: bytes
cf-ray: 83fb51f7bc8c3f53-SIN
x-amz-cf-id: wxyhgzm8KFPrEooJO-EwPkl1iJD8pk9LZsm3fdgF26jShFuklZEckA==

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/3bd4ac03c21554b3/ 315 KB
105 KB 1046ms
503ms Script
text/javascript 74.125.130.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/3bd4ac03c21554b3/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.130.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sb-in-f103.1e100.net

Software

sffe /

Resource Hash

7448175084bac35748586b504207f8b7c371f6f751ef435f4b0569421a794db6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107185
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 16:53:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 03 Jan 2024 12:42:11 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/3bd4ac03c21554b3/ 41 KB
9 KB 815ms
272ms Stylesheet
text/css 74.125.130.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/3bd4ac03c21554b3/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.130.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sb-in-f103.1e100.net

Software

sffe /

Resource Hash

a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9068
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 16:53:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 03 Jan 2024 12:42:11 GMT

GET
H2 200 minimalist.css
www.google.com/cse/static/style/look/v4/ 5 KB
2 KB 692ms
150ms Stylesheet
text/css 74.125.130.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/minimalist.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.130.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sb-in-f103.1e100.net

Software

sffe /

Resource Hash

e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1452
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 03 Jan 2024 13:31:59 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 1254ms
645ms Script
application/x-javascript 157.240.15.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.15.13 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-03-sin6.fbcdn.net

Software

Resource Hash

35aa863dd1dd4c9588068b4661b33da6bc2e2ea25e953cd41e5de614ab86396b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 12:42:11 GMT
content-md5: iEYulZ8rOfvLfLUJ88np6w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
reporting-endpoints
x-fb-debug: RuLLlWwaBx8AGTMRuwS6BAVkW4peTsn5Sx9vMI5GnLlA6mdiwDntPgRlxo5kzdfGSCUa9G37nRfFV7yGt8gsNw==
x-fb-content-md5: b4ca95a39c231ab70f9fa46b152895d1
cross-origin-opener-policy: same-origin-allow-popups
etag: "f1eb55eddb57e6ff29ae60797c321356"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Wed, 03 Jan 2024 12:42:36 GMT

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 687ms
153ms Script
application/javascript 151.101.108.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.108.157 Tokyo, Japan, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 27597
x-served-by: cache-iad-kjyo7100044-IAD, cache-tyo11945-TYO
last-modified: Mon, 11 Dec 2023 17:20:28 GMT
etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 592ms
62ms Script
text/javascript 142.251.175.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.175.139 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sh-in-f139.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 11:01:16 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6055
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 03 Jan 2024 13:01:16 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/ 3 KB
2 KB 790ms
263ms Script
text/javascript 142.251.10.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/?random=1704285730498&cv=11&fst=1704285730498&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v846391121&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&hn=www.googleadservices.com&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f157.1e100.net

Software

cafe /

Resource Hash

1de712ef3b1f05963d2167fc404772d048bf323d336184fb2a96736fdb48d3cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1286
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 26 KB
9 KB 788ms
118ms Script
application/javascript 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 12 Dec 2023 19:56:38 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "ead4fccfb1bebd02138cf2dcadd7dcba"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8123

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 655ms
154ms Script
application/x-javascript 152.195.58.59
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.58.59 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (sgc/56CE) /

Resource Hash

196d92bf5816c956d998e5e2eb9579e8169d427dc9e6c19b07ef3c304c950686

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
last-modified: Wed, 20 Dec 2023 05:16:14 GMT
server: ECS (sgc/56CE)
age: 55773
etag: "801b7a7333da1:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25393

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 777ms
197ms Script
application/x-javascript 157.240.15.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.15.13 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-03-sin6.fbcdn.net

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 03 Jan 2024 12:42:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: W16LXdCExXJzkAXAyRbJonxAdc10bKfvVlSFkhPKF2p2vaXZwAtpcfih+CaTJ+ck5JazYjA7O78cxe8Ie/Vodg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 142972.js Show response
js.hs-scripts.com/ 2 KB
1 KB 1607ms
939ms Script
application/javascript 104.16.191.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/142972.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.191.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb5c1eacb3376ceb006a8f0684532a2cb4b55f9877964d4ce228fcc2d52b6d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4b927cbe-b827-41ce-8bd4-0e8183a3c42e
x-envoy-upstream-service-time: 32
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4b927cbe-b827-41ce-8bd4-0e8183a3c42e
last-modified: Wed, 03 Jan 2024 12:32:14 GMT
server: cloudflare
x-trace: 2BF699F59B9854D142AFD153A70DB794D4ABCB38B6000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-9lt8r
cf-ray: 83fb51fc1fe03f8c-SIN
expires: Wed, 03 Jan 2024 12:43:12 GMT

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 788ms
115ms Script
application/javascript 104.17.1.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.1.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: 27S2Q07G8FSW032Q
age: 619
alt-svc: h3=":443"; ma=86400
x-amz-id-2: G17UlcwrfSoEZpxJBG1dD4OkFb3E0fM6PiGD0brWWqrYGOv6ckskWzrfL10xeFDmDX6OkCL+6rzv7Jy/we8UiFrrE2lrbkS7H3WvhDJHlAs=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 83fb51fc284901cd-SIN
expires: Wed, 03 Jan 2024 16:42:11 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 955ms
323ms Script
text/javascript 54.197.68.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.68.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-68-230.compute-1.amazonaws.com
Software: /
Resource Hash: 188c1e20523e1ab17f7628b260d17e9d92d8b7442e6c068fb450fed7ce067768

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 03 Jan 2024 12:42:12 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 607ms
224ms Script
application/javascript 151.101.108.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.108.157 Tokyo, Japan, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 18:55:37 GMT
x-amz-server-side-encryption: AES256
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100147-IAD, cache-tyo11952-TYO

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 292 KB
94 KB 112ms
111ms Script
application/javascript 142.251.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

bdde1f0d01b521be372fe477b7439f6b72f22849c6dd79ed066d14786056a896

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95963
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 Jan 2024 12:42:10 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
17 KB 484ms
111ms Script
application/javascript 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-54-118-48.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 20 Dec 2023 22:26:49 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65836a29-fee9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17567
expires: Wed, 03 Jan 2024 12:42:11 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 42 KB
15 KB 666ms
85ms Script
application/javascript 42.99.140.139
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

42.99.140.139 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),

Reverse DNS

ip-42-99-140-139.pacnet.net

Software

Resource Hash

f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Dec 2023 13:09:33 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=69337
accept-ranges: bytes
content-length: 15541

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 526ms
95ms Script
application/javascript 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

a-0001.a-msedge.net

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 03 Jan 2024 12:42:12 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F0B8D5F0645941AE8C2F99F56100B989 Ref B: SIN30EDGE0513 Ref C: 2024-01-03T12:42:12Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 404 cse.js
cse.google.com/ 0
0 105ms
104ms Script
text/html 74.125.68.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.125.68.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sc-in-f113.1e100.net
Software: /
Resource Hash

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H/1.1 200
OK ktxevents.v1.js Show response
trackit.ktxlytics.io/ 98 KB
98 KB 907ms
296ms Script
application/javascript 18.65.159.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://trackit.ktxlytics.io/ktxevents.v1.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.159.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-159-50.nrt51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Tue, 02 Jan 2024 18:34:25 GMT
x-amz-version-id: 8nobErucU.TGbL_HVc3JJOzAiDrdj9pU
Via: 1.1 fd7e3a18100f88ff2f1e21cc8f9721be.cloudfront.net (CloudFront)
Last-Modified: Wed, 23 Oct 2019 19:11:31 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT51-P2
Age: 65268
ETag: "5350ce54b7969cfe1e9a0314b25964b6"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 99889
X-Amz-Cf-Id: GE4WhCpvXQ-XXreusLmaJMTbuDjzuklsUlQ0aKhsOE-2u90rofERSw==

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=673891212
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D673891212

43 B
840 B

168ms
168ms

Image
image/gif

103.43.90.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D673891212

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Server

103.43.90.21 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

597.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:12 GMT
an-x-request-uuid: a4f38d0b-8452-40a0-a899-53e62f8cd38d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 115.66.175.152; 115.66.175.152; 597.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:12 GMT
an-x-request-uuid: 64941d08-5e19-4ac8-8d00-66cf61d63326
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D673891212
cache-control: no-store, no-cache, private
x-proxy-origin: 115.66.175.152; 115.66.175.152; 597.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

cksync
hb.yahoo.net/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=71679u3&ct=0:ms2x9ot&fmt=3&gtmcb=1600160973
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=2167b4c1-042d-4140-9d72-95717bd5a8b7&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=MjE2N2I0YzEtMDQyZC00MTQwLTlkNzItOTU3MTdiZDVhOGI3&gdpr=0&gdpr_consent=&ttd_tdid=2167b4c1-042d-4140-9d72-95717...
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=2167b4c1-042d-4140-9d72-95717bd5a8b7&google_gid=CAESEB5eS0p8tj2xkDVQOGcvIJo&google_cver=1
https://ups.analytics.yahoo.com/ups/55953/sync?uid=2167b4c1-042d-4140-9d72-95717bd5a8b7&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true
https://ups.analytics.yahoo.com/ups/55953/sync?uid=2167b4c1-042d-4140-9d72-95717bd5a8b7&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=2167b4c1-042d-4140-9d72-95717bd5a8b7&gdpr=0&redir=true
https://hb.yahoo.net/cksync?cs=63&axid_e=eS05UjNqYk85RTJ1SHFBSDdncFBBa05kQlJmLkhHa1hscX5B&gdpr=0&ovsid=2167b4c1-042d-4140-9d72-95717bd5a8b7&dpid=55953

57 B
663 B

441ms
130ms

Image
image/gif

184.27.122.64
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hb.yahoo.net/cksync?cs=63&axid_e=eS05UjNqYk85RTJ1SHFBSDdncFBBa05kQlJmLkhHa1hscX5B&gdpr=0&ovsid=2167b4c1-042d-4140-9d72-95717bd5a8b7&dpid=55953

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Server

184.27.122.64 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-27-122-64.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Wed, 03 Jan 2024 12:42:14 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 57
x-mnet-hl2: E
expires: Wed, 03 Jan 2024 12:42:14 GMT

Redirect headers

location: https://hb.yahoo.net/cksync?cs=63&axid_e=eS05UjNqYk85RTJ1SHFBSDdncFBBa05kQlJmLkhHa1hscX5B&gdpr=0&ovsid=2167b4c1-042d-4140-9d72-95717bd5a8b7&dpid=55953
date: Wed, 03 Jan 2024 12:42:13 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 module_87397221683_Footer_Site_Directory.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/ 577 B
596 B 212ms
212ms Other
application/javascript 104.16.109.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/module_87397221683_Footer_Site_Directory.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.109.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-encoding: br
age: 1333117
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"b7e1d67d9b7a486bb634ad966519a8bc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310222
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 03 Jan 2024 12:42:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f62e46eb-1b10-4124-89a4-2b403c1bab5c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 156
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: f62e46eb-1b10-4124-89a4-2b403c1bab5c
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wTsR7tpzYoZtsn2PaGMnle7sz2aGbGmS%2Fv8GvHnCSqxE11hlDJYJPXq4dEA5lhw%2FQSFlNJkkBASu%2F46cN9AkkTzb1WwDbSWzBy7SgwdHhIXrUmQ%2FmGlP9mz1SIls5urnYxA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-8ktx6
cf-ray: 83fb51f80ac7a02d-SIN

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238

Request headers

accept-language: zh-SG,zh;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e

Request headers

accept-language: zh-SG,zh;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 _Incapsula_Resource
www.varonis.com/ 1 B
93 B 1160ms
1159ms Image
text/plain 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.varonis.com/_Incapsula_Resource?SWKMTFSR=1&e=0.4829176167050149

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

POST
H2 202 event Show response
plausible.io/api/ 2 B
501 B 1074ms
362ms XHR
text/plain 84.17.37.217
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/api/event
Requested by: Host: plausible.io
URL: https://plausible.io/js/plausible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 84.17.37.217 Hong Kong, Hong Kong, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: 84-17-37-217.bunnyinfra.net
Software: BunnyCDN-HK1-1059 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
cdn-edgestorageid: 1059
cdn-cachedat: 01/03/2024 12:42:11
cdn-pullzone: 682664
application: 10.0.1.2
alt-svc: h3=":443"; ma=2592000
content-length: 2
x-request-id: F6bW19WtZiz0N7sDNkYJ
server: BunnyCDN-HK1-1059
cdn-proxyver: 1.04
cdn-requestpullcode: 202
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: must-revalidate, max-age=0, private
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
cdn-requestid: 3a4b9ab6a040a8e4bb728c7a5ae2ec89
cdn-requestcountrycode: SG
cdn-requestpullsuccess: True

POST
H2 204 collect
www.google-analytics.com/g/ 0
162 B 185ms
184ms Ping
text/plain 142.251.175.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-PCF2HBX32M&gtm=45je3bt0v9102029281z8846391121&_p=1704285729026&gcd=11l1l1l1l1&dma=0&cid=1212712299.1704285731&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704285731&sct=1&seg=0&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4228
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.175.139 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sh-in-f139.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1015553108/ 42 B
340 B 469ms
468ms Image
image/gif 74.125.130.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1015553108/?random=1704285730498&cv=11&fst=1704283200000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v846391121&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_lceTDiXdOM2o2Fh2n6m_UbfAddjxyA&random=2243975285&rmt_tld=0&ipr=y

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.130.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sb-in-f103.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:11 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.sg/pagead/1p-user-list/1015553108/ 42 B
455 B 501ms
56ms Image
image/gif 172.253.118.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/pagead/1p-user-list/1015553108/?random=1704285730498&cv=11&fst=1704283200000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v846391121&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_lceTDiXdOM2o2Fh2n6m_UbfAddjxyA&random=2243975285&rmt_tld=1&ipr=y

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:12 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 195ms
52ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1704285731380&id=t2_4ofecxl5&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=8a464ca0-b2e4-479c-82ad-2d0f60ae6e90&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3549b422&dpm=&dpcc=&dprc=
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
357 B 1026ms
329ms XHR
application/json 52.54.13.234
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMTQ3NX0.iI-HhwOQ2R9nR36t6D2kwo7l09ByrLMU2A7_XHc4Ar0

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.54.13.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-54-13-234.compute-1.amazonaws.com

Software

Resource Hash

e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 1425d6edac2a784e036fa772e40637ad

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 131ms
131ms Script
text/javascript 142.251.175.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.175.139 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sh-in-f139.1e100.net

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 697
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 03 Jan 2024 13:40:44 GMT

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1016 B 931ms
424ms Image
image/gif 104.18.176.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.176.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Wed, 03 Jan 2024 12:42:12 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 7f52326d-ea9e-4e03-950d-6a70113da24b
x-envoy-upstream-service-time: 5
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7f52326d-ea9e-4e03-950d-6a70113da24b
Server: cloudflare
X-Trace: 2B4670A0AB2C91361B1B41D6CBEE2FDE29964A7C3C000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-ncnts
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 83fb52026a4e3f98-SIN

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
107 B 89ms
89ms XHR
text/plain 142.251.175.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1903912389&t=pageview&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&ul=en-us&de=UTF-8&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAEAjAAAAACAAI~&jid=1441434584&gjid=1448699365&cid=1212712299.1704285731&tid=UA-2019109-1&_gid=1086626213.1704285731&_r=1&_slc=1&gtm=45He3bt0n81KMGCX7Vv846391121&gcd=11l1l1l1l1&dma=0&z=1122003031

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.175.139 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sh-in-f139.1e100.net

Software

Golfe2 /

Resource Hash

a04f7efa05c1f9212a79b715568b9976977a4d8e8f0c7ee571ab4f71bf32ccc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1016 B 1443ms
907ms Image
image/gif 104.18.192.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.192.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Wed, 03 Jan 2024 12:42:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 405d8c56-e6cd-4fe1-b003-7147f2126cea
x-envoy-upstream-service-time: 6
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 405d8c56-e6cd-4fe1-b003-7147f2126cea
Server: cloudflare
X-Trace: 2BFDA20D47EB4A6EBB363AC62DA390F9AB74A7FD6F000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-bhrjw
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 83fb5204d9544b62-SIN

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 978ms
444ms Script
text/plain 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=142972&callback=jsonpHandler

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9444d343-20ae-40f0-9528-5258d48bb976
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=83fb52055cc85f4e&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 9444d343-20ae-40f0-9528-5258d48bb976
server: cloudflare
x-trace: 2B9355EE85F6DAF62419C163C2EE00506881C69C1C000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-962bg
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 83fb52055cc85f4e-SIN

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/142972/ 69 KB
22 KB 880ms
357ms Script
text/javascript 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/142972/banner.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b46cf928be95b8e0f24c718b850ef2898c6c137e96661d33b7a6f7514ad76581

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
x-amz-version-id: YLmCB7vCUzdvLwOSaBuYhFk4OspElecf
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: NCDETARAQ7J0SHXD
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 16bfe2bb-b308-4ea4-8428-410ad4d36672
x-envoy-upstream-service-time: 18
x-amz-id-2: mOGYgSYU/+YSLUaw1MgVMUpA1IfeDBJGJX6hqUDoyGCmjVo/Wiqt2N+UjtRj07vzJiC+Yjbm1I3Bd3Mqzbu7MAlvGm3LzPBqOHoKevAhhyI=
x-evy-trace-listener: listener_https
x-request-id: 16bfe2bb-b308-4ea4-8428-410ad4d36672
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 15 Dec 2023 12:21:37 GMT
server: cloudflare
etag: W/"690eeea539775102d6150c8df94f9120"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-8z6xl
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 83fb5205596e448b-SIN
expires: Wed, 03 Jan 2024 12:47:12 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 623ms
119ms Script
application/javascript 104.17.229.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.229.163 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72e8aa11120d22eddafdee660ecc72d141bff2ab7c42c04bbf50399b83e1645c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
x-amz-version-id: xhcuv40vMhop9D9LE0Ufg_3zdYpVKT_8
via: 1.1 c13d71f8919c23db6bbd1c08a4dfb350.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.504/bundles/pixels-release.js&cfRay=83fb51fc09596bc1-SIN
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 66add352-7cc2-45f8-a049-d28b7b4d89e2
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 66add352-7cc2-45f8-a049-d28b7b4d89e2
last-modified: Mon, 18 Dec 2023 17:07:06 UTC
server: cloudflare
etag: W/"8d0d43ba9e333894d9c5e9471d2657d0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-9gm2w
cf-ray: 83fb5205886b6bd5-SIN
x-amz-cf-id: KsmEBuH_IXsvdZYvtgEdSEm401jeTtzYN2DZW7Q9T1UKq-dO1Va_Sw==
x-hs-target-asset: adsscriptloaderstatic/static-1.504/bundles/pixels-release.js

GET
H2 200 142972.js Show response
js.hs-analytics.net/analytics/1704285600000/ 67 KB
21 KB 877ms
385ms Script
text/javascript 104.16.76.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1704285600000/142972.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.76.186 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7821e7e6a8bb38c6e9dbeed3bd0c1c1f55ac58c678cba2a356391d3c4851467

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:13 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 472QMMEY3QR2SAZJ
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 42945aab-c725-41fd-be21-902c14e4fca2
x-envoy-upstream-service-time: 23
x-amz-id-2: hUtx5jXTrqDCZ0V6Vf6jcT4wL2O3NgzxDwG92u/8XAl7qYE0/5CADsM6hBaENt3cP0HY+ivEJLA=
x-evy-trace-listener: listener_https
x-request-id: 42945aab-c725-41fd-be21-902c14e4fca2
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 15 Nov 2023 17:11:52 GMT
server: cloudflare
etag: W/"5bb56f353717247b382e933a6717ecb7"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-qdt7s
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 83fb5205dc6f3dc9-SIN
expires: Wed, 03 Jan 2024 12:47:12 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 84 KB
24 KB 667ms
136ms Script
application/javascript 104.17.251.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.251.168 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08f09e95e50ae9c0181382558ff935903a7b273b4a8e5006788e85ae1c72c7c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
x-amz-version-id: KYDl9V0le_8eNyhqu8y2yzPaUoKjKmsM
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 529
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.15030/bundles/project.js&cfRay=83fb45181e4787c9-SIN
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 2163845c-617e-4c58-9683-95b418192519
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2163845c-617e-4c58-9683-95b418192519
last-modified: Wed, 20 Dec 2023 17:16:05 UTC
server: cloudflare
etag: W/"64e2daa01b1349fee44794df69e776a8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-qqq7r
cf-ray: 83fb5206de6e87f9-SIN
x-amz-cf-id: fmaYHzjovbQIeerE_qmiPZzPnB6Fmrxin7scnESM7uvQuldz_XLdPQ==
x-hs-target-asset: conversations-embed/static-1.15030/bundles/project.js

GET
H2 200 ipv
cdn.bizible.com/ 43 B
304 B 89ms
88ms Image
image/gif 152.195.58.59
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=0e0a1bdb093448218fa51344583c8f84&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&_biz_t=1704285731728&_biz_i=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&_biz_n=0&rnd=187249&cdn_o=a&_biz_z=1704285731729

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.58.59 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (sgc/56D7) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:11 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Tue, 02 Jan 2024 17:44:20 GMT
server: ECS (sgc/56D7)
age: 68272
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
204 B 74ms
70ms Image
image/gif 152.195.58.59
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=0e0a1bdb093448218fa51344583c8f84&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&_biz_t=1704285731738&_biz_i=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&rnd=415832&cdn_o=a&_biz_z=1704285731738

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.58.59 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (sgc/56C1) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:12 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Tue, 02 Jan 2024 17:44:20 GMT
server: ECS (sgc/56C1)
age: 68273
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 8 B
353 B 494ms
64ms XHR
text/plain 142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2019109-1&cid=1212712299.1704285731&jid=1441434584&gjid=1448699365&_gid=1086626213.1704285731&_u=aCDAAEAiAAAAACAAI~&z=639899979

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f157.1e100.net

Software

Golfe2 /

Resource Hash

17bd1c297a7fd1221272d080053f887bb97c03bfc16d6f96bdd7f08bf87dbbd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 03 Jan 2024 12:42:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 262 KB
86 KB 81ms
80ms Script
application/javascript 142.251.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

e9ae5dc953a145ce60342fcbbaf5cd9c73a6896aefe39fdcdbf1f19d701edf6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87449
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 Jan 2024 12:42:11 GMT

GET
H2 200 179650485736885 Show response
connect.facebook.net/signals/config/ 141 KB
36 KB 66ms
65ms Script
application/x-javascript 157.240.15.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/179650485736885?v=2.9.138&r=stable&domain=www.varonis.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.15.13 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-03-sin6.fbcdn.net

Software

Resource Hash

b247a1a3cda5afc293925aff46e0012a88d69c26bb3cf813baf4e3b81459bc8e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 03 Jan 2024 12:42:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 37050
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: oZDwntYNZgyaqToasFSdTLtAK9yXut6LgOfOhDq33Mhabu3Msi8nFlP3NDBd2h4rmWdV4eSItJy9iKHHINY5lw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 298 KB
85 KB 490ms
59ms Script
application/x-javascript 157.240.15.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=7a7072d08a74dc8edfce1ae08d5dd2ff

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.15.13 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-03-sin6.fbcdn.net

Software

Resource Hash

089c67c1b157f3cf1bfe7c144179187bd9821c7f137eeee9ee66af05b476c6b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 12:42:12 GMT
content-md5: 9x7zhxfnnuEbcZMcVRJk7g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86303
reporting-endpoints
x-fb-debug: Qe1S9vT3iQ2ErcQlMflexTpxpE5eoQa8JugVyMwBr+kYcozceS2trrJMFPX3mkBRNgL6bYHhp6SLExu3AtCVqw==
x-fb-content-md5: 27990dc31dfef2ef81244536a99a5f21
cross-origin-opener-policy: same-origin-allow-popups
etag: "3e1e79fb5f814c81146c927a872f72e2"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 02 Jan 2025 12:11:33 GMT

GET
H2 200 widget_iframe.2f70fb173b9000da126c79afe2098f02.html Show response
platform.twitter.com/widgets/ Frame 60BE 319 KB
103 KB 233ms
232ms Document
text/html 151.101.108.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.108.157 Tokyo, Japan, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105429
content-type: text/html; charset=utf-8
date: Wed, 03 Jan 2024 12:42:11 GMT
etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified: Mon, 11 Dec 2023 17:19:49 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-served-by: cache-iad-kjyo7100176-IAD, cache-tyo11945-TYO

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
324 B 284ms
284ms Script
text/javascript 152.195.58.59
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=0e0a1bdb093448218fa51344583c8f84&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.12.14

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.58.59 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (sgc/56A9) /

Resource Hash

14de22de4d5ab1c4eb363e7ffa5dc73a22f4ec13d8f2351c8d5ea302329be699

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
server: ECS (sgc/56A9)
etag: 35DB3A6E
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 217

GET
H2 200 async-ads.js Show response
cse.google.com/adsense/search/ 142 KB
52 KB 80ms
80ms Script
text/javascript 74.125.68.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/3bd4ac03c21554b3/cse_element__en.js?usqp=CAI%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.68.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f113.1e100.net

Software

sffe /

Resource Hash

7df0df8b3df8c42634ecc71d7ab35e197c61777eb5b41a3e14239322b5804f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "13376431191049311150"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Wed, 03 Jan 2024 12:42:11 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
117 B 500ms
54ms Image
text/plain 64.233.170.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.170.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sg-in-f101.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 204 collect
analytics.google.com/g/ 0
254 B 621ms
65ms Ping
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-36XYNTY1LS&_ono=1&gtm=45je3bt0v9139046520&_p=1704285729026&_gaz=1&gcd=11l1l1l1l2&dma=0&ul=en-us&sr=1600x1200&cid=1212712299.1704285731&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&sid=1704285731&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=4909
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 58ms
57ms Ping
text/plain 142.251.12.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-36XYNTY1LS&cid=1212712299.1704285731&gtm=45je3bt0v9139046520&aip=1&dma=0&gcd=11l1l1l1l2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.12.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: se-in-f157.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.sg/ads/ 42 B
107 B 68ms
67ms Image
image/gif 172.253.118.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-36XYNTY1LS&cid=1212712299.1704285731&gtm=45je3bt0v9139046520&aip=1&dma=0&gcd=11l1l1l1l2&z=531234031

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 477ms
56ms Image
text/plain 157.240.15.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=179650485736885&ev=PageView&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&rl=&if=false&ts=1704285732036&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1704285732033.1551908867&cs_est=true&ler=empty&it=1704285731762&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.15.35 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-03-sin6.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 03 Jan 2024 12:42:12 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 118ms
112ms XHR
text/html 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-54-118-48.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
282 B 603ms
111ms XHR
text/html 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-54-118-48.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:12 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.varonis.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: null
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1704285732491_389446864_1192265907_22_632_69_88_219";dur=1
content-length: 4
expires: Wed, 03 Jan 2024 12:42:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 586ms
581ms Image
image/gif 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=e4e24264-247b-4b45-8094-01ffa5595741&session=db5a9666-716c-49e6-831a-9286284c30df&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A12%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=e8a57815-d604-4517-835a-5a4dc12ecf18&v=1.1.14

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-54-118-48.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:13 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 551ms
551ms Image
image/gif 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=e4e24264-247b-4b45-8094-01ffa5595741&session=db5a9666-716c-49e6-831a-9286284c30df&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2003%20Jan%202024%2012%3A42%3A12%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2208f833d2e9af1f124e201163df927e7c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2003%20Jan%202024%2012%3A42%3A12%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2003%20Jan%202024%2012%3A42%3A12%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c1b0175dc2b2ae319cf32b1dec3db9836bdaea3e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2003%20Jan%202024%2012%3A42%3A12%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2003%20Jan%202024%2012%3A42%3A12%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=e8a57815-d604-4517-835a-5a4dc12ecf18&v=1.1.14

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-54-118-48.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:13 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 891ms
260ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=50a2023e-8e0e-46a4-828b-b84eb936ba07&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=4bc9c6a7-4c06-4646-895a-4b0c833d6879&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_p /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-response-time: 5
date: Wed, 03 Jan 2024 12:42:13 GMT
strict-transport-security: max-age=0
server: tsa_p
content-type: image/gif;charset=utf-8
x-transaction-id: 14eca587bf983d50
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 420a4b636f8fa1a47391a2c3611c2e2fe450882438a9465d39f23322fb39476d
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
725 B 750ms
244ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=50a2023e-8e0e-46a4-828b-b84eb936ba07&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=4bc9c6a7-4c06-4646-895a-4b0c833d6879&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_p /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-response-time: 7
date: Wed, 03 Jan 2024 12:42:13 GMT
strict-transport-security: max-age=631138519
server: tsa_p
content-type: image/gif;charset=utf-8
x-transaction-id: bd2ca519798918c2
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 1a25e81b4b09384bc9d234938284a87ed0918c10e4328d893b8f5cb6b485d277
content-length: 43

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 60BE 870 B
660 B 1618ms
1087ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=639879a2bc0ec9f5cc2d780ad58db3cc1a4081b6

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_p /

Resource Hash

8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-response-time: 5
date: Wed, 03 Jan 2024 12:42:11 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Wed, 03 Jan 2024 12:42:12 GMT
server: tsa_p
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 248587b7ce84a67a
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7469935968
x-connection-hash: 66f7c9a36806f843e1f354a92385f54582d8766d92495c2b829a969b87e86fd8
content-length: 338

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
780 B 735ms
301ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 453059802CB34AF690B12D9C762BDE02 Ref B: SGEEDGE0506 Ref C: 2024-01-03T12:42:12Z
linkedin-action: 1
vary: Origin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.varonis.com
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYOCfGyLuKaByjg57V3Lg==

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732152&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732152&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1704285732152%26url%3Dhttps%253A%252F%252Fwww.varonis....
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732152&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true

0
383 B

321ms
320ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732152&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:13 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 71AA7894854049F2B471B3ACDB81E8CD Ref B: SGEEDGE0506 Ref C: 2024-01-03T12:42:13Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYOCfHE3/yXyeCuNEBm+A==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 12:42:13 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYOCfHAJV5//GRdhKa9XQ==
pragma: no-cache
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 6880A35FAA9C4925BAD36EA1AFB032EE Ref B: SGEEDGE0506 Ref C: 2024-01-03T12:42:13Z
x-frame-options: sameorigin
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732152&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732154&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732154&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1704285732154%26url%3Dhttps%253A%252F%252Fwww.varonis....
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732154&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true

0
365 B

341ms
341ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732154&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:13 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 80BE8E1602064BB1AFD4AB4396CFF036 Ref B: SGEEDGE0506 Ref C: 2024-01-03T12:42:13Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYOCfHFRJmkSWziGXgbcA==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 12:42:13 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYOCfHAeUdc1E7jnY4FtQ==
pragma: no-cache
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D5DD8AED2AAB451D935DDFA59AF898D3 Ref B: SGEEDGE0506 Ref C: 2024-01-03T12:42:13Z
x-frame-options: sameorigin
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1704285732154&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 591ms
135ms Preflight 52.69.165.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.69.165.214 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-69-165-214.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Wed, 03 Jan 2024 12:42:12 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: ap-northeast-1a

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 1 KB
834 B 525ms
237ms XHR
application/json 52.69.165.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.69.165.214 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-69-165-214.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3a49f2a95627277003309d3891df4ef069e6da9505ddbae1170ecaf4add0c640

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
Authorization: Token c1b0175dc2b2ae319cf32b1dec3db9836bdaea3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
X-6s-CustomID: WebTag1.0 08f833d2e9af1f124e201163df927e7c

Response headers

date: Wed, 03 Jan 2024 12:42:13 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
x-6si-region: ap-northeast-1a
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 548

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 91ms
90ms Image
image/gif 74.125.130.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2019109-1&cid=1212712299.1704285731&jid=1441434584&_u=aCDAAEAiAAAAACAAI~&z=356462282

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.130.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sb-in-f103.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.sg/ads/ 42 B
107 B 71ms
71ms Image
image/gif 172.253.118.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2019109-1&cid=1212712299.1704285731&jid=1441434584&_u=aCDAAEAiAAAAACAAI~&z=356462282

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 148008183.js Show response
bat.bing.com/p/action/ 0
118 B 92ms
92ms Script
text/plain 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/148008183.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

a-0001.a-msedge.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 03 Jan 2024 12:42:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BE3FFEBDC2C94C8A8B5E123A1B126153 Ref B: SIN30EDGE0513 Ref C: 2024-01-03T12:42:12Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
360 B 153ms
153ms Image
text/plain 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=148008183&tm=gtm002&Ver=2&mid=2920a876-a708-47c7-935a-65f1e3b2957b&sid=842ba550aa3511eeb52a2b71328287f9&vid=842bc030aa3511ee900133a8e6f55571&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&p=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&r=&lt=4596&evt=pageLoad&sv=1&rn=304515

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

a-0001.a-msedge.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 03 Jan 2024 12:42:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2FD07CE5D31A4B54BD9C23C4C5AA99AD Ref B: SIN30EDGE0513 Ref C: 2024-01-03T12:42:12Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 552ms
550ms Stylesheet
text/css 54.197.68.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.68.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-68-230.compute-1.amazonaws.com
Software: /
Resource Hash: 759806d08195cc159c1b1ee0ce422ce7fd38fccb5ccc99fcd81064b1458c12b3

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 03 Jan 2024 12:42:12 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 979ms
345ms Fetch
image/jpeg 54.197.68.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.68.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-68-230.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 03 Jan 2024 12:42:13 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 977ms
343ms Fetch
image/jpeg 54.197.68.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.68.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-68-230.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 03 Jan 2024 12:42:13 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
464 B 634ms
634ms XHR
application/json 52.54.13.234
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.54.13.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-54-13-234.compute-1.amazonaws.com

Software

Resource Hash

efd2f2e5486cac262fc0b4270a29867aa7603bf4da1c3e04a25b90208d55d5d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 6c8e283e5a80316e46cae4a9eb73f8bc

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
310 B 311ms
311ms XHR
text/plain 54.197.68.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=_9vH_OIoGoaDi4-zdBz9Vg&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&tip=lwTVhN7CBp4Iv6tYbBVKtW4U9DtHFfefVyAU4hsBHAQ&host=https%3A%2F%2Fwww.varonis.com&sa-user-id-v3=s%253AAQAKIKn5KSJODtwgEjVbC_yrRPESZEDJ1ENjBpj7J2WbfO44EAEYAyCkrNWsBjABOgT90vuTQgTCA5D1.kvPN1zzQWvt4wb1eQbEciVtPoEO1JzAKCw%252Blzd9Uxvw&sa-user-id-v2=s%253AZao6ydpdVjZCIEnes0Me3XNCr5g.ct9tw%252FgMxlXMaro3cx3u9G6%252BoyOKvPG2CKu8NyLBZy0&sa-user-id=s%253A0-65aa3ac9-da5d-5636-4220-49deb3431edd.awEdFr%252FTXBBwFCeIJP2UNraIRmbM9bXFqojw54DR80k
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.68.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-68-230.compute-1.amazonaws.com
Software: /
Resource Hash: 8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.varonis.com
date: Wed, 03 Jan 2024 12:42:12 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
332 B 546ms
546ms XHR
text/plain 54.197.68.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=7DZRzfkZdpma72wkdfbzjA&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&tip=lwTVhN7CBp4Iv6tYbBVKtW4U9DtHFfefVyAU4hsBHAQ&host=https%3A%2F%2Fwww.varonis.com&sa-user-id-v3=s%253AAQAKIKn5KSJODtwgEjVbC_yrRPESZEDJ1ENjBpj7J2WbfO44EAEYAyCkrNWsBjABOgT90vuTQgTCA5D1.kvPN1zzQWvt4wb1eQbEciVtPoEO1JzAKCw%252Blzd9Uxvw&sa-user-id-v2=s%253AZao6ydpdVjZCIEnes0Me3XNCr5g.ct9tw%252FgMxlXMaro3cx3u9G6%252BoyOKvPG2CKu8NyLBZy0&sa-user-id=s%253A0-65aa3ac9-da5d-5636-4220-49deb3431edd.awEdFr%252FTXBBwFCeIJP2UNraIRmbM9bXFqojw54DR80k
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.68.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-68-230.compute-1.amazonaws.com
Software: /
Resource Hash: 4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-origin: https://www.varonis.com
date: Wed, 03 Jan 2024 12:42:13 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 138
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

OPTIONS
H2 200 tp2
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ Frame 0
0 1056ms
337ms Preflight 18.214.223.204
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.223.204 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-223-204.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.varonis.com
access-control-max-age: 600
content-length: 0
date: Wed, 03 Jan 2024 12:42:13 GMT
server: nginx

POST
H2 200 tp2 Show response
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ 2 B
335 B 431ms
431ms XHR
text/plain 18.214.223.204
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.223.204 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-223-204.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://www.varonis.com
date: Wed, 03 Jan 2024 12:42:14 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
H2

200

v1
c2.ktxlytics.io/com.snowplowanalytics.iglu/
Redirect Chain

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=3879257910671555679
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=3879257910671555679&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs

43 B
387 B

534ms
534ms

Image
image/gif

18.214.223.204
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=3879257910671555679&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Server: 18.214.223.204 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-223-204.compute-1.amazonaws.com
Software: nginx /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:14 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 43

Redirect headers

date: Wed, 03 Jan 2024 12:42:13 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
location: https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=3879257910671555679&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 0

GET
H2 200 widget Show response
www.varonis.com/_hcms/livechat/ 290 B
2 KB 383ms
382ms XHR
application/json 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_hcms/livechat/widget?portalId=142972&conversations-embed=static-1.15030&mobile=false&messagesUtk=e10c2d2c3dc74559839c78b144ff1382&traceId=e10c2d2c3dc74559839c78b144ff1382

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cca2bf9b0e9f7de5afcf4282c87d26301ed0ebca7cbd30feedb0a4da3108b153

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
X-HubSpot-Messages-Uri: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:13 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 789e0926-7122-4a43-b311-b2a6ba7c17ef
x-iinfo: 9-134256843-134256880 PNNy RT(1704285726555 5895) q(0 0 0 -1) r(3 3) U24
x-envoy-upstream-service-time: 18
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 789e0926-7122-4a43-b311-b2a6ba7c17ef
server: cloudflare
x-trace: 2BD7B5BBEF75E536B43C49FB06B0E38711913A2C03000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-lxtwz
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGB2w%2Fdy3QW7KxoWmYPjcsYP6JjRFscrjBBOyX9kCIigcCj2StRs4B%2BjPVeo6kqCN3BXKFj6Wrybx%2FbiJwiGgdhJ4JE5rmBXKGVoFN4QkUK9KbQP0UUhFBDzj3S%2FluXheA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 83fb5207cc0a44a9-SIN
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 925ms
393ms Preflight
application/octet-stream 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 83fb520b1acc40ea-SIN
content-length: 0
content-type: application/octet-stream
date: Wed, 03 Jan 2024 12:42:13 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-z9bm5
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 05f498ff-a213-47cc-9009-6252b86079f3
x-request-id: 05f498ff-a213-47cc-9009-6252b86079f3

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 432ms
430ms Fetch 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/142972/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.153.27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 Jan 2024 12:42:14 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: c3e3633c-b73f-4417-b3f4-a729eacea77b
x-envoy-upstream-service-time: 29
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: c3e3633c-b73f-4417-b3f4-a729eacea77b
server: cloudflare
x-trace: 2B176DF8155EFADCCDF1F31D16DED0E2CCCC189E3D000000000000000000
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-7cbbfffcc5-bskr6, iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-qdt7s
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 83fb520d8e2840ea-SIN

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 572ms
572ms Image
image/gif 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=e4e24264-247b-4b45-8094-01ffa5595741&session=db5a9666-716c-49e6-831a-9286284c30df&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A12%20GMT%22%2C%22timeSpent%22%3A%221041%22%2C%22totalTimeSpent%22%3A%221041%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=e8a57815-d604-4517-835a-5a4dc12ecf18&v=1.1.14

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-54-118-48.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:13 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 586ms
586ms Image
image/gif 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=e4e24264-247b-4b45-8094-01ffa5595741&session=db5a9666-716c-49e6-831a-9286284c30df&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A13%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222043%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=e8a57815-d604-4517-835a-5a4dc12ecf18&v=1.1.14

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-54-118-48.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:14 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 479ms
159ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:15 GMT
x-amz-version-id: lFoq_FZJwJ3rDVe9.7kNMZjc5YKK6r5L
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 11 Dec 2023 12:17:02 GMT
server: cloudflare
via: 1.1 52c5ddb029eae46cd9dad0cfd50b5b8e.cloudfront.net (CloudFront)
x-amz-cf-pop: HKG54-C1
etag: W/"15c02cdee0df6c26ba3d8c62d912c66c"
age: 32697
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cf-ray: 83fb5213fa23a123-SIN
x-amz-cf-id: Fwavn8Zm2Vk8RUCboT8rrpM3l_F2Nf4ojt4atJzDlPsSvjAuqa8Ebw==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
600 B 391ms
380ms Image
image/gif 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2815483069&v=1.1&a=142972&pi=53575261302&ct=blog-post&ccu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&cpi=53575261302&cgi=740355147&lpi=53575261302&lvi=53575261302&lvc=en&pu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How+to+Investigate+NTLM+Brute+Force+Attacks&cts=1704285734690&rv=1&vi=1eccd4ad5671cc880e5a5cb6996fa209&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 65b273de-3c7e-4eb2-8418-27d999f3d72e
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 3
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 65b273de-3c7e-4eb2-8418-27d999f3d72e
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0qQNG0z0Fy70g%2BFncUSiSFBLBI1Br2cYH09YAXAciD6lb9SvTn7SCu%2Bx6HrlnXNP%2BQ4YtbXy4cJ5FqmfUpIsA8GJhdTcsgiEke3KXqMelwN%2BfdTSUG4rgD%2FhX0PBoPJv035"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7484b4bf59-2tcbn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 83fb5212296d5f4e-SIN
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
428 B 421ms
418ms Image
image/gif 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=40a8f297-80c2-4c34-9572-8648458abed5&fci=f8541955-0e4b-496d-9454-3351de854e9f&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2815483069&v=1.1&a=142972&pi=53575261302&ct=blog-post&ccu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&cpi=53575261302&cgi=740355147&lpi=53575261302&lvi=53575261302&lvc=en&pu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How+to+Investigate+NTLM+Brute+Force+Attacks&cts=1704285734693&rv=1&vi=1eccd4ad5671cc880e5a5cb6996fa209&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 277be1b3-2dd8-463a-b942-fd790232e42a
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 15
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 277be1b3-2dd8-463a-b942-fd790232e42a
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9ge97W9671oIkb%2B9qSxndkCQbk1vdE9cf5Ds8UNN9Tljd%2BvYWIsJPMzk9qLN0LwVYS0Y5VHjmHCguZpWNsD6Omo%2FvuKIUbLuaUUY1No6uCTHR59zZWHNFbNGTs%2FGqwpM0Pw"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7484b4bf59-qbpgm
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 83fb5212296c5f4e-SIN
x-robots-tag: none

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 565ms
565ms Image
image/gif 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=e4e24264-247b-4b45-8094-01ffa5595741&session=db5a9666-716c-49e6-831a-9286284c30df&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A14%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223044%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=e8a57815-d604-4517-835a-5a4dc12ecf18&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-54-118-48.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:15 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
385 B 349ms
348ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 944bdd33516741976ae00a527f1d4c15ce4dd88adfbc3d327a61ad4cc651e655

Request headers

visited_url: https://www.varonis.com/blog/investigate-ntlm-brute-force
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
Authorization: Bearer f17f1ae9341679920418
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 Jan 2024 12:42:16 GMT
via: 1.1 884565e44bd03047bbadc5b86c50509c.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-amz-cf-pop: SIN5-C1
x-powered-by: Express
etag: W/"92-lI40p13yGMQNWWFyK+0pOo8PFs4"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 83fb521949ca5fe4-SIN
x-amz-cf-id: 83ifW-pt4o3jJnOreM0cyexG5XuC95oK9lOI9MOq5Wz_SS1nvnM4fg==
apigw-requestid: Q9pmSjQFvHcESWA=

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 645ms
348ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: Q9pmPiN4vHcESkQ=
cf-cache-status: DYNAMIC
cf-ray: 83fb52171da55fe4-SIN
date: Wed, 03 Jan 2024 12:42:15 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 884565e44bd03047bbadc5b86c50509c.cloudfront.net (CloudFront)
x-amz-cf-id: FPB_7rIbSYs5v8qdQjuaIBefaQ3o-4jHDdeOoanf6FA4i6NxFv3EkA==
x-amz-cf-pop: SIN5-C1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 574ms
573ms Image
image/gif 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=e4e24264-247b-4b45-8094-01ffa5595741&session=db5a9666-716c-49e6-831a-9286284c30df&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A15%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224045%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=e8a57815-d604-4517-835a-5a4dc12ecf18&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-54-118-48.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:16 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 / Show response
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ 3 KB
2 KB 1041ms
481ms Fetch
text/javascript 104.16.137.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.137.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

23a61e3a2adf92a1a4cff6e49780d7538d3707b7426f47fce09598e0e417b709

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://www.varonis.com/blog/investigate-ntlm-brute-force
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
_vtok: MTE1LjY2LjE3NS4xNTI=
_zitok: b54fe5e9e7ef2f6077f31704285735
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/javascript

Response headers

date: Wed, 03 Jan 2024 12:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 83fb52256d7906ab-SIN

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ Frame 0
0 1030ms
435ms Preflight
text/html 104.16.137.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.137.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.varonis.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 83fb521f2d123fda-SIN
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 03 Jan 2024 12:42:17 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 578ms
577ms Image
image/gif 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=e4e24264-247b-4b45-8094-01ffa5595741&session=db5a9666-716c-49e6-831a-9286284c30df&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A17%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A16%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225046%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=e8a57815-d604-4517-835a-5a4dc12ecf18&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-54-118-48.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:17 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 625ms
625ms Image
image/gif 23.54.118.48
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=e4e24264-247b-4b45-8094-01ffa5595741&session=db5a9666-716c-49e6-831a-9286284c30df&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A18%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A17%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%226048%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=e8a57815-d604-4517-835a-5a4dc12ecf18&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.54.118.48 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-54-118-48.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 12:42:18 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
54 B 133ms
133ms Ping
text/plain 142.251.175.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-PCF2HBX32M&gtm=45je3bt0v9102029281z8846391121&_p=1704285729026&gcd=11l1l1l1l1&dma=0&cid=1212712299.1704285731&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1704285731&sct=1&seg=0&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&en=6sense&ep.employee_count=7&_et=1984&up.company_name=Legal%20Labs%20Recruitment%20Pte%20Ltd&up.country=Singapore&up.city=Singapore&up.zip=068914&up.employee_range=0%20-%209&up.revenue_range=%241M%20-%20%245M&up.buying_stage=Target&upn.intent_score=0&up.confidence=Low&up.profile_fit=Weak&tfd=11220
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.175.139 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sh-in-f139.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 12:42:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=e4e24264-247b-4b45-8094-01ffa5595741&session=db5a9666-716c-49e6-831a-9286284c30df&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2003%20Jan%202024%2012%3A42%3A18%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227049%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=e8a57815-d604-4517-835a-5a4dc12ecf18&v=1.1.14

Verdicts & Comments Add Verdict or Comment

124 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

69 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.varonis.com/	1970-01-20 17:24:47	Name: __cf_bm Value: C0vzp1jNNwd8C8XCnPXG4UOYPlBu.JjRuLTlBnqkv9Q-1704285727-1-AUY8PdS8TfCsdZEHUTJj6S3wmpOoAoAIRhoYRUM4D3kRe/PeeRxoyrls01Ge4zTwGZYKWxH02A4NvKNRHlHhK7g=
.www.varonis.com/	1969-12-31 23:59:59	Name: __cfruid Value: f6d3eb906d269ad727997afe24dce0c19e0bf567-1704285727
.varonis.com/	1970-01-21 02:09:05	Name: visid_incap_2074238 Value: PYLHaH2SSuCb6E/yqVPatR5WlWUAAAAAQUIPAAAAAACs2C62XycvnSVjIe6BPPX3
.varonis.com/	1969-12-31 23:59:59	Name: nlbi_2074238 Value: 0uX0CWOGtDK1rBehV8um7wAAAABI5nYlebXVemjUchc4Eoar
.varonis.com/	1969-12-31 23:59:59	Name: incap_ses_1219_2074238 Value: T09XUftCRD7zxidl6sLqEB5WlWUAAAAAww4AYzjjoz0ljXCK92DcYA==
.info.varonis.com/	1969-12-31 23:59:59	Name: __cfruid Value: f6d3eb906d269ad727997afe24dce0c19e0bf567-1704285727
.info.varonis.com/	1970-01-20 17:24:47	Name: __cf_bm Value: XigJDr0XbSvkT56ca35yQ3m1O5OVtKji5fYlprBLzWk-1704285727-1-AdLG1aQ0Mhz1I7+20Am3zb6kswB0sxmsWSI5gP/btrTpe7Ioitw5voVzK7CNdTmVVlPC9tEJuR4V8qX2+Jm6sgA=
.varonis.com/	1970-01-20 19:34:21	Name: _gcl_au Value: 1.1.301211712.1704285731
.varonis.com/	1970-01-20 19:34:21	Name: _rdt_uuid Value: 1704285731379.8a464ca0-b2e4-479c-82ad-2d0f60ae6e90
.varonis.com/	1970-01-21 03:00:45	Name: _ga Value: GA1.2.1212712299.1704285731
.varonis.com/	1970-01-20 17:26:12	Name: _gid Value: GA1.2.1086626213.1704285731
.varonis.com/	1970-01-20 17:24:45	Name: _gat_UA-2019109-1 Value: 1
.varonis.com/	1970-01-21 02:10:21	Name: _biz_uid Value: 0e0a1bdb093448218fa51344583c8f84
.varonis.com/	1970-01-21 02:10:21	Name: _biz_nA Value: 1
.bizible.com/	1970-01-21 02:10:21	Name: _BUID Value: 0e0a1bdb093448218fa51344583c8f84
.varonis.com/	1970-01-21 02:10:21	Name: _biz_pendingA Value: %5B%5D
.adsrvr.org/	1970-01-21 02:11:48	Name: TDID Value: 2167b4c1-042d-4140-9d72-95717bd5a8b7
.varonis.com/	1970-01-20 19:34:21	Name: _fbp Value: fb.1.1704285732033.1551908867
www.varonis.com/	1970-01-21 03:00:45	Name: _gd_visitor Value: e4e24264-247b-4b45-8094-01ffa5595741
www.varonis.com/	1970-01-20 17:25:00	Name: _gd_session Value: db5a9666-716c-49e6-831a-9286284c30df
.adnxs.com/	1970-01-20 19:34:21	Name: uuid2 Value: 3879257910671555679
.varonis.com/	1970-01-20 17:26:12	Name: _uetsid Value: 842ba550aa3511eeb52a2b71328287f9
.varonis.com/	1970-01-21 02:46:21	Name: _uetvid Value: 842bc030aa3511ee900133a8e6f55571
tags.srv.stackadapt.com/	1970-01-21 02:10:21	Name: sa-user-id Value: s%3A0-65aa3ac9-da5d-5636-4220-49deb3431edd.awEdFr%2FTXBBwFCeIJP2UNraIRmbM9bXFqojw54DR80k
.srv.stackadapt.com/	1970-01-21 02:10:21	Name: sa-user-id Value: s%3A0-65aa3ac9-da5d-5636-4220-49deb3431edd.awEdFr%2FTXBBwFCeIJP2UNraIRmbM9bXFqojw54DR80k
tags.srv.stackadapt.com/	1970-01-21 02:10:21	Name: sa-user-id-v2 Value: s%3AZao6ydpdVjZCIEnes0Me3XNCr5g.ct9tw%2FgMxlXMaro3cx3u9G6%2BoyOKvPG2CKu8NyLBZy0
.srv.stackadapt.com/	1970-01-21 02:10:21	Name: sa-user-id-v2 Value: s%3AZao6ydpdVjZCIEnes0Me3XNCr5g.ct9tw%2FgMxlXMaro3cx3u9G6%2BoyOKvPG2CKu8NyLBZy0
tags.srv.stackadapt.com/	1970-01-21 02:10:21	Name: sa-user-id-v3 Value: s%3AAQAKIKn5KSJODtwgEjVbC_yrRPESZEDJ1ENjBpj7J2WbfO44EAEYAyCkrNWsBjABOgT90vuTQgTCA5D1.kvPN1zzQWvt4wb1eQbEciVtPoEO1JzAKCw%2Blzd9Uxvw
.srv.stackadapt.com/	1970-01-21 02:10:21	Name: sa-user-id-v3 Value: s%3AAQAKIKn5KSJODtwgEjVbC_yrRPESZEDJ1ENjBpj7J2WbfO44EAEYAyCkrNWsBjABOgT90vuTQgTCA5D1.kvPN1zzQWvt4wb1eQbEciVtPoEO1JzAKCw%2Blzd9Uxvw
www.varonis.com/	1970-01-21 02:10:21	Name: sa-user-id Value: s%253A0-65aa3ac9-da5d-5636-4220-49deb3431edd.awEdFr%252FTXBBwFCeIJP2UNraIRmbM9bXFqojw54DR80k
www.varonis.com/	1970-01-21 02:10:21	Name: sa-user-id-v2 Value: s%253AZao6ydpdVjZCIEnes0Me3XNCr5g.ct9tw%252FgMxlXMaro3cx3u9G6%252BoyOKvPG2CKu8NyLBZy0
www.varonis.com/	1970-01-21 02:10:21	Name: sa-user-id-v3 Value: s%253AAQAKIKn5KSJODtwgEjVbC_yrRPESZEDJ1ENjBpj7J2WbfO44EAEYAyCkrNWsBjABOgT90vuTQgTCA5D1.kvPN1zzQWvt4wb1eQbEciVtPoEO1JzAKCw%252Blzd9Uxvw
.adnxs.com/	1970-01-20 19:34:21	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E?_enBPo!]tbP6j2F-XstGt!@DmA$sCv<
.bing.com/	1970-01-21 02:46:21	Name: MUID Value: 21C559336BE468930CA44AC86AE569C8
.bat.bing.com/	1970-01-20 17:34:50	Name: MR Value: 0
.bizibly.com/	1970-01-21 02:10:21	Name: _BUID Value: bd1eb919fb755e906463848a9182ab70
.varonis.com/	1970-01-21 02:10:21	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22XDomain%22%3A%221%22%2C%22ViewThrough%22%3A%221%22%7D
www.varonis.com/	1970-01-20 17:34:50	Name: slireg Value: https://scout.us1.salesloft.com
.rubiconproject.com/	1970-01-21 02:10:21	Name: khaos Value: LQXRPZPK-1I-9RR0
.rubiconproject.com/	1970-01-21 02:10:21	Name: audit Value: 1\|0uImMtjMfrTlRJdhvYYt5S4Aa3IH46Us6UZ7hW/yMjYb3TXfVYL0mMfENjk/EJIbgMKKY/DmBUEwHTRO1/p4iHX0qfg68IpFQAPcN3ARK84KoWjh6u9vf7d4wDHOvEDGoXOL0MgVl3h8vdEWruw4L8Gt6Fcu2RpNXygXASyPJEPREvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.linkedin.com/	1970-01-21 02:10:21	Name: bcookie Value: "v=2&e3a348b1-e624-48f4-80c6-623135833a93"
.linkedin.com/	1970-01-20 17:26:12	Name: lidc Value: "b=VGST07:s=V:r=V:a=V:p=V:g=2813:u=1:x=1:i=1704285732:t=1704372132:v=2:sig=AQFRd1cuGd4K6dSkryQy8Yg80bL_BShY"
.varonis.com/	1970-01-20 17:24:47	Name: _sp_ses.1082 Value: *
.varonis.com/	1970-01-21 03:00:45	Name: _sp_id.1082 Value: 23bb3424-3fdf-4888-9e74-656ba6f075e1.1704285733.1.1704285733.1704285733.8756f1a0-7a01-40ce-8c01-bc0f76ed5acb
www.varonis.com/	1970-01-21 02:10:21	Name: sliguid Value: 344fadeb-1879-4ed1-b5ee-358c2c2124c4
www.varonis.com/	1970-01-21 02:10:21	Name: slirequested Value: true
.hubspot.com/	1970-01-20 17:24:47	Name: __cf_bm Value: zuXHb0VtaWD3gqnbDEk1zc1t3eYQpt3bD5Fj4y6NogU-1704285733-1-AdvgFsdDyRqL9afDQzGNoS4dY117gZgIXIFvtm945oqNxNowFa7kES8RqW20QfwllI2cRwxmqClKhb1IEFm2WH4=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Xg3uc8WLSbP84iTHmo_OQmsD7UwwuBlSlpSGWjhNJ58-1704285733038-0-604800000
.doubleclick.net/	1970-01-21 03:00:45	Name: IDE Value: AHWqTUlYzviomJLYHjPwU6LT4_kke-2IvUaf--JKwB2P2zA6auAf4OaTbcJ4X90nONE
.linkedin.com/	1970-01-20 19:34:21	Name: li_sugr Value: 6fe4b216-dd49-4c0e-a9d6-17c0c1b585a6
.adsrvr.org/	1970-01-21 02:11:48	Name: TDCPM Value: CAESFgoHcnViaWNvbhILCMaInIjumMY8EAUSFQoGZ29vZ2xlEgsI9tH-k-6YxjwQBRIZCgpyaWdodG1lZGlhEgsImPD-k-6YxjwQBRgFIAIoATILCIDpnrWEmcY8EAVCDyINCAESCQoFdGllcjIQAVoHNzE2Nzl1M2ABcgpyaWdodG1lZGlh
.varonis.com/	1970-01-21 03:00:45	Name: _ga_PCF2HBX32M Value: GS1.1.1704285731.1.0.1704285733.0.0.0
.linkedin.com/	1970-01-20 18:07:57	Name: UserMatchHistory Value: AQJB0f-AYNciVQAAAYzPWIH1lE38czBDevbinXgADwKKlTysH6xS7Exw4dd6GTHvRCFgXhmZBuapdw
.linkedin.com/	1970-01-20 18:07:57	Name: AnalyticsSyncHistory Value: AQKrRNdxkb4DDgAAAYzPWIH2s_7MxZHZhPAScCRZgpJ6F_V9AuOHEOhmaIQc58BC89hr21wo1QE-nh1y7Opcxw
.yahoo.com/	1970-01-21 02:10:43	Name: A3 Value: d=AQABBCVWlWUCEMUbAftODOQzy0ohjcVX95kFEgEBAQGnlmWfZa9C8HgB_eMAAA&S=AQAAAh1OZ1-hNHF9jvOMIWElhqI
.twitter.com/	1970-01-21 03:00:45	Name: guest_id_marketing Value: v1%3A170428573353488267
.twitter.com/	1970-01-21 03:00:45	Name: guest_id_ads Value: v1%3A170428573353488267
.twitter.com/	1970-01-21 03:00:45	Name: personalization_id Value: "v1_2sVxonRLNz6kGdqGHe8J4Q=="
.twitter.com/	1970-01-21 03:00:45	Name: guest_id Value: v1%3A170428573353488267
.6sc.co/	1970-01-21 03:00:45	Name: 6suuid Value: d07c361702a61c00255695654f020000f03a0d00
.analytics.yahoo.com/	1970-01-21 02:10:21	Name: IDSYNC Value: "1769~2fz0:19e0~2fz0"
.t.co/	1970-01-21 03:00:45	Name: muc_ads Value: 2dbbd0bb-625a-4dfd-965b-55dc245063fd
.www.linkedin.com/	1970-01-21 02:10:21	Name: bscookie Value: "v=1&2024010312421345186d96-92fe-4b9d-8376-56b698d6c539AQEPifPIXZLz7YixvKvyFVavQSPUMAhS"
.hb.yahoo.net/	1970-01-20 21:43:57	Name: visitor-id Value: 3472873345016868000V10
.hb.yahoo.net/	1970-01-20 17:44:55	Name: data-ttd Value: 2167b4c1-042d-4140-9d72-95717bd5a8b7~~63
.ktxlytics.io/	1970-01-21 02:10:21	Name: sp Value: 3973f65c-ee9d-4723-ad68-8e9a3f011360
.www.varonis.com/	1970-01-21 02:10:21	Name: _zitok Value: b54fe5e9e7ef2f6077f31704285735
.zoominfo.com/	1970-01-20 17:24:47	Name: __cf_bm Value: Ob5HxvNaHmiOZUtF7IDI5YGPScnLgipfN2bEZr2aXA0-1704285738-1-ASVsEY24/aIBU54L55V6IE7aO8qqXhPWGcFALUklLyPvXrXWlNSSuFy7tNxNrI5VjF+M1vCDhEPNKLRvARrogy0=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: aeb1ifh11gAozvWwM5oHHMONzjbR.xkE63M9HEBtFm8-1704285738223-0-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://connect.facebook.net/signals/config/179650485736885?v=2.9.138&r=stable&domain=www.varonis.com(Line 137) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

142972.fs1.hubspotusercontent-na1.net
alb.reddit.com
analytics.google.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
bat.bing.com
c.6sc.co
c2.ktxlytics.io
cdn.bizible.com
cdn.bizibly.com
cdn2.hubspot.net
cdnjs.cloudflare.com
clients1.google.com
cm.g.doubleclick.net
connect.facebook.net
cse.google.com
epsilon.6sense.com
fonts.googleapis.com
forms-na1.hsforms.com
forms.hsforms.com
googleads.g.doubleclick.net
hb.yahoo.net
ib.adnxs.com
info.varonis.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.usemessages.com
js.zi-scripts.com
match.adsrvr.org
pixel.rubiconproject.com
platform.linkedin.com
platform.twitter.com
plausible.io
px.ads.linkedin.com
scout-cdn.salesloft.com
scout.salesloft.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
tags.srv.stackadapt.com
track.hubspot.com
trackit.ktxlytics.io
ups.analytics.yahoo.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.sg
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.varonis.com
b.6sc.co
103.43.90.21
104.16.109.209
104.16.137.15
104.16.137.206
104.16.191.89
104.16.76.186
104.17.1.41
104.17.229.163
104.17.24.14
104.17.251.168
104.18.176.125
104.18.192.125
104.18.37.212
104.18.41.124
104.18.95.253
104.19.155.83
104.244.42.195
104.244.42.5
104.244.42.72
13.107.42.14
13.228.126.19
142.250.4.95
142.251.10.157
142.251.12.157
142.251.12.97
142.251.175.139
151.101.108.157
151.101.129.140
151.101.193.140
152.195.58.59
152.199.40.67
157.240.15.13
157.240.15.35
172.253.118.94
172.64.153.27
18.214.223.204
18.65.159.50
184.27.122.64
204.79.197.200
216.239.34.181
23.54.118.48
3.33.220.150
42.99.140.139
45.60.158.169
52.54.13.234
52.69.165.214
54.197.68.230
64.233.170.101
64.233.170.155
69.173.158.64
74.125.130.103
74.125.68.113
84.17.37.217
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94
0233342795c86e2079f7406bce72c481918b9ce416aedeb6b37044abae50fc8d
0420b36738d9457c3f40a67c69135b170861becd9bac983563b3aeada5287aa4
089c67c1b157f3cf1bfe7c144179187bd9821c7f137eeee9ee66af05b476c6b0
08f09e95e50ae9c0181382558ff935903a7b273b4a8e5006788e85ae1c72c7c6
0b4639302db82b725feb2fb5b7c2f16d1ef8abe70409c496fe0dc777e143f45d
0d514e3fc3d638136890b4a1f61d2f861af3bbd8f997ca15685efbd22554538c
10426b160a932ef2b98908d2f32aca756777f9d0a90ee2d7bc334cb1629e0ddd
12eca6d41ac5b6b6f68c6309fd26134d2db7ba3b5e9179a5ac2849b00a084093
12feece8311f076308c2bbd3d8de66155192ea9df9a705a486f8e4684c45c5c5
14de22de4d5ab1c4eb363e7ffa5dc73a22f4ec13d8f2351c8d5ea302329be699
1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
17bd1c297a7fd1221272d080053f887bb97c03bfc16d6f96bdd7f08bf87dbbd5
188c1e20523e1ab17f7628b260d17e9d92d8b7442e6c068fb450fed7ce067768
196d92bf5816c956d998e5e2eb9579e8169d427dc9e6c19b07ef3c304c950686
1d6f87cdfc17be0d49a2e26dac149338c8663574ef0a145e775ab4684a194118
1dc5ff8e8d54854daa72a30a2bf8345b75255597251028dad23e18510e635b98
1de712ef3b1f05963d2167fc404772d048bf323d336184fb2a96736fdb48d3cd
1f31e1ce1202bc0ee8105deb5885a4b7b389b2cf936bff83f05032c8a2cafd0a
1f5e45ba0c943167a203ccff2d9b3065c7767b1c32c33e6b21af38da1738b8a7
23a61e3a2adf92a1a4cff6e49780d7538d3707b7426f47fce09598e0e417b709
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd
2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2ef71ca3de1b4e89664ec102fe490b2abfbc80350253421c50a31bd3b22b9722
2f24b7fa64d8f44ddd36d64d9a647d13caea3756513d97abd40e3c8754efc63b
2fe74f47043e8dd59d0efcf0c663ddfc1c0c0e2037c9f4be0adb67b6f9df7736
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
35aa863dd1dd4c9588068b4661b33da6bc2e2ea25e953cd41e5de614ab86396b
376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c
3a49f2a95627277003309d3891df4ef069e6da9505ddbae1170ecaf4add0c640
3daf9b6a39281fdc04a57bdabe589d9aa970719d22733e04fc1ab799b7a5db49
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3f08978088fd2635efee64efe38bdf155d6258f8b547fca43381435d0048ce46
3ffd7ab24503a28bb9eb6137b4d1e1664ed138dca5d1ced6d1a98ff841a24541
418ffe5db334b8d460cb846ee44b26448c47c239883447d8fe2dfb3f169b2b1e
42222ea51046de258be17a4b61f802c94c29d8feeacaaa4ae194c590198ad002
4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a
456766b19e4bca3d3e998e25a416376f2158061b925f28f32527aee2ff1e28db
45c7614c18a99d6d92d12cd7f4f06a07ce88256882a8889574d265fc32eace0b
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8
4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67
4e2924c80f612bf59a0cb21d31b05f0575ed143922e412e3e061bf02f5d5960a
50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589
53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70
5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49
579b9f734819f583199cd70b03c4e919430a74dd7698921ef16465b41d934769
5869f8ae61b66d78a6de0c52b94436d47899e11d112bee6445b5aedbc5868970
5a074c8ee602a0b3416f69defbab28371abb92ce73f934afa6e58ecec72b9256
5db5a02e960dde70bbf77fb6d28c61d4f6b5c291b3dd08d76a678d17c2d96420
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5ea31af1ae38b9f8194f93234449262a79af7a7bdac0938c740c62f0eae9d85b
5fb849a169f3b5ec132c50c2fbf85053671e849aa6421d55a5eab5d22feb75b3
6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e
651bb2dc3a4634b30334a27eee2ce53901b2750f0ab8c091f2e25e93a52aee3f
6a1f86c63c2ee772b07a6f678e7f8cd51b3aea064d83423eb213fb1df9d6b34c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bc3c3712e26de83ecb08d0360e70ff826b4fda86e8348a3ee2208b4ab2ebad1
6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
72e8aa11120d22eddafdee660ecc72d141bff2ab7c42c04bbf50399b83e1645c
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
7448175084bac35748586b504207f8b7c371f6f751ef435f4b0569421a794db6
759806d08195cc159c1b1ee0ce422ce7fd38fccb5ccc99fcd81064b1458c12b3
768a72ae7750a9b5b29c1330fb6f14a725b55017a8a6921d7b572249e7c5896f
777fa3c67f6d7d7be4840b6bf52240adf3efb13f0c4a9f367f8cf8c0f1c5d31a
7a5034e01d5b47ec7eee2b3a45a23919684146c27b715f4fd863037b11b2abff
7c0fbbadde40aed1e86f4c46ea2fc1a26749994e48dc90a5bce7fd466712d99e
7df0df8b3df8c42634ecc71d7ab35e197c61777eb5b41a3e14239322b5804f7b
7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238
7f6b8b612b0090fdd0032dfd7071745a0b99149bc01a55cd24b40086ede2b8d7
842abfe134599c5d48d4ddd88bde8d24bd36b32b22bea540837311364b7ce2c7
843cc74e4d2e2ba92294d12ded85baf059fb5eee64c0431dee6640cc759f31ec
8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e648da8a366d494100d90e0af69a2945f34e53a2c70432ea12c0303039f2351
8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
944bdd33516741976ae00a527f1d4c15ce4dd88adfbc3d327a61ad4cc651e655
957a85939578fa14d2371922b58dcbf67f9b769e459f38699ceee6a84751134d
95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4
97f04fa82ba3917eb12728a7e3b4d4057923bdf90f44d325932a0d61dee59ce8
9b15ab10a2a109c8e59d604cd4101cebe7aab42ec227f8f521398e063bfe0217
9ed2a2edca25cc1dd846e20cab22088d9c5b7991f52ff78f8ed21930fe92ad46
a04f7efa05c1f9212a79b715568b9976977a4d8e8f0c7ee571ab4f71bf32ccc3
a1a1846f2d4d1abd1379f703e256e92f3b4b138f6dc90fdd8c99c58b7ca43457
a281330b7c2282a20565d51663b28ed618b8b6ddb4eb8242cefdd8283eb13cb7
a40943594d5eaaa010c66254e2dc4a83d8bc53104602afda2e3b622b8e78e2f0
a4450600125b5cdb5761654bbe725c5b4fcbc8e1a89f0a14b20f77157afc5715
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
a6cc38542df851f8b331cdd5ac0dbe9929c7968d347c62d93c22b91ef560a931
a8499144a67d70c01a19de99fb20ca5e7da3337e44814419b9a9c867da619b2e
a98e6573aa43aa760480589e09e812b6c094ff4f6c47cc2c6ed20160e8431e06
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adc1888f05786d618ba9904a8f0aff48c7bf6e84fe3842e417a55dd0c3df687a
ae925eb57e9822aec57086375bcf93fe910d7c6c0d83cf10bf448c5348aaf0b0
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b247a1a3cda5afc293925aff46e0012a88d69c26bb3cf813baf4e3b81459bc8e
b2c5c92cd55477571c7e757c4105315c813e710586cf1f334f809e8c93d845c1
b40e79c5d412914e928d19e3cda375d940ed037dd6a1f6d7613b894e39898094
b46cf928be95b8e0f24c718b850ef2898c6c137e96661d33b7a6f7514ad76581
b5ec6b8d820581f2d04713d3bea37883b0e5c2881f7bb108e13a3d63249c4867
b7821e7e6a8bb38c6e9dbeed3bd0c1c1f55ac58c678cba2a356391d3c4851467
b7dcf1ed0e0a9dad981e5c38f1e12cef3acb43c52e1511bd68daa7ffc91ec6a6
ba1b3f329ba47639a8586777bb19db73a9c3e37954b5e72ff97df8e0ea931062
bc2e1c7db0ffa63e5333bc3771c96bf5c5d704332d79dfcfbff8bc16187b1abf
bd6a2c2e6967a14b880413da005bf9e57a394669242cd4dcf91855df7d4337ee
bdde1f0d01b521be372fe477b7439f6b72f22849c6dd79ed066d14786056a896
bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01
c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23
c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72
c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cca2bf9b0e9f7de5afcf4282c87d26301ed0ebca7cbd30feedb0a4da3108b153
cda8a0ab9bd5461151a18173515c5a597af845054d6c5476f85c2a01d1b6160e
ce52d3c9ed8217ae0ca3dd0479d5ced16baf2de6625e0c81166471aaa956136d
cf31d510ed313a8566d08e9b4fdbf94a0a51b35718372bc4bc75d6ff5c8282a5
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
db1e2dc64218b7044da50d01d0ffb83bcdca49a35b1ab7ffcdef6736863986cc
dbc0f30e58b2a906e2bdbdf999ce1d8352660f5e59204c6c47efc3ed98b57cb1
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95
e7b88bddc6c757b2fc8cb113e2469801ab14a78ec1a8fada4d6391e3573f5f9f
e95568becfa0171d1990a4941bffcbe470ac34deafa67bd3dbfb4a5c63414878
e9ae5dc953a145ce60342fcbbaf5cd9c73a6896aefe39fdcdbf1f19d701edf6d
eb5c1eacb3376ceb006a8f0684532a2cb4b55f9877964d4ce228fcc2d52b6d7f
ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd2f2e5486cac262fc0b4270a29867aa7603bf4da1c3e04a25b90208d55d5d0
f0adb972147098e0e4d6abbd7b83952363c8eab82429760136816142d675e321
f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.varonis.com Open in urlscan Pro 45.60.158.169 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

181 Requests

97 %HTTPS

0 %IPv6

44 Domains

63 Subdomains

50 IPs

5 Countries

5228 kBTransfer

8546 kBSize

69 Cookies

36 Outgoing links

Redirected requests

181 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.varonis.com Open in urlscan Pro
45.60.158.169 Public Scan

Screenshot
Live screenshot

Full Image

181
Requests

97 %
HTTPS

0 %
IPv6

44
Domains

63
Subdomains

50
IPs

5
Countries

5228 kB
Transfer

8546 kB
Size

69
Cookies

181 HTTP transactions
2 data transactions