urlscan.io logo urlscan.io
SecurityTrails logo

www.horizon3.ai Open in urlscan Pro
104.197.16.226  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mdr.esentire.com/e/651833/-and-indicators-of-compromise-/2prwxj/954496554?h=XS-yr_q5Bxn_GjrttiKgRB9NZSvjgjUGlKhQA...
Effective URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Submission: On June 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 25 IPs in 3 countries across 22 domains to perform 67 HTTP transactions. The main IP is 104.197.16.226, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.horizon3.ai. The Cisco Umbrella rank of the primary domain is 977092.
TLS certificate: Issued by R3 on May 31st 2023. Valid for: 3 months.
This is the only time www.horizon3.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.208.125.13 14618 (AMAZON-AES)
2 104.197.16.226 396982 (GOOGLE-CL...)
13 151.139.128.10 20446 (STACKPATH...)
2 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
1 54.147.131.114 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:600... 54113 (FASTLY)
3 3.92.120.28 14618 (AMAZON-AES)
1 2.21.20.141 20940 (AKAMAI-ASN1)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 151.101.129.140 54113 (FASTLY)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 34.111.234.236 396982 (GOOGLE-CL...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:237... 16509 (AMAZON-02)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
4 2a00:1450:400... 15169 (GOOGLE)
8 2.17.100.202 20940 (AKAMAI-ASN1)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
2 18.198.112.158 16509 (AMAZON-02)
67 25
1    18.208.125.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-125-13.compute-1.amazonaws.com
mdr.esentire.com
2    104.197.16.226 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 226.16.197.104.bc.googleusercontent.com
www.horizon3.ai
13    151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net
p7i3u3x3.rocketcdn.me
2    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
8    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    54.147.131.114 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-131-114.compute-1.amazonaws.com
boards.greenhouse.io
1    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
1    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    3.92.120.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-120-28.compute-1.amazonaws.com
pi.pardot.com
go.horizon3.ai
1    2.21.20.141 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-141.deploy.static.akamaitechnologies.com
snap.licdn.com
3    2606:4700:20::681a:c98 (United States)

ASN13335 (CLOUDFLARENET, US)
io.clickguard.com
2    2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    151.101.129.140 (United States)

ASN54113 (FASTLY, US)
alb.reddit.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    34.111.234.236 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.234.111.34.bc.googleusercontent.com
ml314.com
1    2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
1    2600:9000:237d:7a00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.linkedin.oribi.io
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
4    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
8    2.17.100.202 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-202.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
1    2a02:26f0:7100::210:180 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
ipv6.6sc.co
2    18.198.112.158 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-112-158.eu-central-1.compute.amazonaws.com
epsilon.6sense.com
Apex Domain
Subdomains		 Transfer
13 rocketcdn.me
p7i3u3x3.rocketcdn.me
585 KB
9 6sc.co
j.6sc.co — Cisco Umbrella Rank: 6484
c.6sc.co — Cisco Umbrella Rank: 9628
ipv6.6sc.co — Cisco Umbrella Rank: 6605
b.6sc.co — Cisco Umbrella Rank: 4269
14 KB
8 gstatic.com
fonts.gstatic.com
207 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 408
www.linkedin.com — Cisco Umbrella Rank: 563
px4.ads.linkedin.com — Cisco Umbrella Rank: 6542
5 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 60
22 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 4835
625 B
3 google.com
www.google.com — Cisco Umbrella Rank: 3
region1.analytics.google.com — Cisco Umbrella Rank: 2890
816 B
3 clickguard.com
io.clickguard.com — Cisco Umbrella Rank: 48046
4 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 57
stats.g.doubleclick.net — Cisco Umbrella Rank: 124
2 KB
3 horizon3.ai
www.horizon3.ai — Cisco Umbrella Rank: 977092
go.horizon3.ai
56 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 10859
584 B
2 ml314.com
ml314.com — Cisco Umbrella Rank: 1986
11 KB
2 pardot.com
pi.pardot.com — Cisco Umbrella Rank: 4599
4 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 82
167 KB
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1027
370 B
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 5104
2 KB
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1590
637 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 960
5 KB
1 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1426
8 KB
1 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 1129
63 KB
1 greenhouse.io
boards.greenhouse.io — Cisco Umbrella Rank: 47101
2 KB
1 esentire.com
mdr.esentire.com
998 B
67 22
Domain Requested by
13 p7i3u3x3.rocketcdn.me www.horizon3.ai
p7i3u3x3.rocketcdn.me
8 fonts.gstatic.com www.horizon3.ai
6 b.6sc.co
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 px.ads.linkedin.com 3 redirects
3 www.google.de www.horizon3.ai
3 io.clickguard.com www.googletagmanager.com
io.clickguard.com
2 epsilon.6sense.com j.6sc.co
2 ml314.com p7i3u3x3.rocketcdn.me
ml314.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 www.google.com www.horizon3.ai
2 pi.pardot.com www.horizon3.ai
pi.pardot.com
2 www.googletagmanager.com www.horizon3.ai
www.googletagmanager.com
2 www.horizon3.ai p7i3u3x3.rocketcdn.me
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 j.6sc.co www.horizon3.ai
1 go.horizon3.ai pi.pardot.com
1 px4.ads.linkedin.com www.horizon3.ai
1 www.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io snap.licdn.com
1 ws.zoominfo.com p7i3u3x3.rocketcdn.me
1 region1.analytics.google.com www.googletagmanager.com
1 alb.reddit.com www.horizon3.ai
1 snap.licdn.com www.horizon3.ai
1 www.redditstatic.com www.googletagmanager.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 www.googleoptimize.com www.googletagmanager.com
1 boards.greenhouse.io www.horizon3.ai
1 mdr.esentire.com 1 redirects
67 30
Subject Issuer Validity Valid
www.horizon3.ai
R3		 2023-05-31 -
2023-08-29		 3 months crt.sh
*.rocketcdn.me
R3		 2023-04-07 -
2023-07-06		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.greenhouse.io
R3		 2023-05-01 -
2023-07-30		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-12 -
2023-10-08		 6 months crt.sh
pi.pardot.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-13 -
2023-09-12		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-15 -
2024-04-14		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-19 -
2023-10-15		 6 months crt.sh
ml314.com
GTS CA 1D4		 2023-06-07 -
2023-09-05		 3 months crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3		 2023-04-04 -
2024-04-03		 a year crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01		 2023-06-08 -
2024-07-07		 a year crt.sh
go.horizon3.ai
R3		 2023-05-10 -
2023-08-08		 3 months crt.sh
6sc.co
R3		 2023-05-25 -
2023-08-23		 3 months crt.sh
*.google.de
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.6sense.com
Amazon RSA 2048 M01		 2023-05-01 -
2024-05-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Frame ID: 6DBE1E039A198DC2C2A55E8408DBCE5C
Requests: 86 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise – Horizon3.ai

Page URL History Show full URLs

  1. https://mdr.esentire.com/e/651833/-and-indicators-of-compromise-/2prwxj/954496554?h=XS-yr_q5Bxn_Gjrtt... HTTP 301
    https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

67
Requests

96 %
HTTPS

58 %
IPv6

22
Domains

30
Subdomains

25
IPs

3
Countries

1155 kB
Transfer

2455 kB
Size

36
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mdr.esentire.com/e/651833/-and-indicators-of-compromise-/2prwxj/954496554?h=XS-yr_q5Bxn_GjrttiKgRB9NZSvjgjUGlKhQA9fg688 HTTP 301
    https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3527860%26time%3D1686741032140%26url%3Dhttps%253A%252F%252Fwww.horizon3.ai%252Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&cookiesTest=true&liSync=true&e_ipv6=AQJapUAgeCU0tgAAAYi5mZ9jE0fJUpZ2y9kQYwQ0hOQnWVo-178c3T9eTezOWEcwKD6Hfv4y0RhI2G9z-NkWQpiJPir_YQ

67 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Redirect Chain
  • https://mdr.esentire.com/e/651833/-and-indicators-of-compromise-/2prwxj/954496554?h=XS-yr_q5Bxn_GjrttiKgRB9NZSvjgjUGlKhQA9fg688
  • https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
288 KB
51 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
226.16.197.104.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
7bb29298653d75ed72fe8ed24d08f9b75a55f7e994208acefe850134933aa050
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=600, must-revalidate
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 14 Jun 2023 11:10:31 GMT
last-modified
Mon, 12 Jun 2023 13:42:33 GMT
link
<https://www.horizon3.ai/wp-json/>; rel="https://api.w.org/" <https://www.horizon3.ai/wp-json/wp/v2/posts/5758>; rel="alternate"; type="application/json" <https://www.horizon3.ai/?p=5758>; rel=shortlink
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 1
x-cache-group
normal
x-cacheable
SHORT
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
WP Engine
x-xss-protection
"1; mode=block"

Redirect headers

Connection
keep-alive
Content-Length
151
Content-Type
text/html; charset=UTF-8
Date
Wed, 14 Jun 2023 11:10:30 GMT
Server
PardotServer
X-Pardot-Route
e8229a0ff18ebffc83a98010d2521dd5
cache-control
max-age=63072000
content-encoding
gzip
expires
Fri, 13 Jun 2025 11:10:30 GMT
location
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
vary
Accept-Encoding,User-Agent
e2296702c65a92e15e7a6852aef33cb0.css
p7i3u3x3.rocketcdn.me/wp-content/cache/min/1/ 		167 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/cache/min/1/e2296702c65a92e15e7a6852aef33cb0.css
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
561482436496d38f42b6c8293a955abfe2c692b591d6c989ba72f8b07e69505b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
25924
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 31 May 2023 16:26:29 GMT
server
nginx
etag
W/"64777535-29bb4"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds248.fr8.c
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/cache/min/1/e2296702c65a92e15e7a6852aef33cb0.css>; rel="canonical"
et-divi-dynamic-tb-4381-5758-late.css
p7i3u3x3.rocketcdn.me/wp-content/et-cache/5758/ 		23 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/5758/et-divi-dynamic-tb-4381-5758-late.css?ver=1686605894
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
afc773edaeca56353506ee949f72f767157a073b258dfb8e3112cea5485bc4ab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
3233
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Jun 2023 21:38:14 GMT
server
nginx
etag
W/"64879046-5acb"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds006.fr8.c
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/et-cache/5758/et-divi-dynamic-tb-4381-5758-late.css>; rel="canonical"
jquery.min.js
p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
31283
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 08 Mar 2023 18:37:33 GMT
server
nginx
etag
W/"6408d5ed-15ed7"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds163.fr8.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-includes/js/jquery/jquery.min.js>; rel="canonical"
gtm.js
www.googletagmanager.com/ 		224 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
64d012be65cf64981489c5ec31fe9e9160a863e6cddc679f26f10b0b08777d21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81813
x-xss-protection
0
last-modified
Wed, 14 Jun 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 14 Jun 2023 11:10:31 GMT
Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
12820
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 03 Aug 2022 00:00:29 GMT
server
nginx
etag
"62e9ba9d-3214"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds321.fr8.c
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp>; rel="canonical"
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2
fonts.gstatic.com/s/rubik/v26/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v26/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ece9d22203d0bc59232a7ff5bc7b4df4342c89630387b0366595ba92b724957e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 01:39:01 GMT
x-content-type-options
nosniff
age
34290
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24396
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 21:57:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 13 Jun 2024 01:39:01 GMT
modules.woff
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/modules/all/ 		90 KB
91 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
88795f28bb66a45f9c32245dd21d6319ed5d26a45bf5afa31d91a0f83ee855f7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
92476
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 28 Apr 2023 13:15:58 GMT
server
nginx
etag
"644bc70e-1693c"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds323.fr8.hn,1686741031.cds204.fr8.c
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff>; rel="canonical"
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-2Y-FWUU1.woff2
fonts.gstatic.com/s/rubik/v26/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v26/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-2Y-FWUU1.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74ff14698bb5bd83b46e81c4ae5000cb16dbae3d83f0552cac3928356d4c5d87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 17:34:44 GMT
x-content-type-options
nosniff
age
63347
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24416
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 21:57:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 17:34:44 GMT
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUU1.woff2
fonts.gstatic.com/s/rubik/v26/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v26/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUU1.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c01f34c6b6aa0aa840ad43bbb5c0b98bf14c92f9737ebe650ac3a7af257ea369
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 04:00:39 GMT
x-content-type-options
nosniff
age
25792
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24376
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 22:06:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 13 Jun 2024 04:00:39 GMT
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
acea434b7791be1f26bd44489bfb79a4a81986aff1698e07ee64a95ee561ebc7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
38daf69e497d23162543d48d58baed56fb30e6b6de3f24e5f7c893a6d42ce02d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0057bb1a3a5d9ab15297a2012d2bca1daa8f2dd2ea284836697ed0919d747789

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ce3131baccc4eac55c6a6360dde7bb144f77dc51e86078de4a23b0f1d7f16ed5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a95c48d2b57290d6f44d4d2addaddec4418565862d8e957a1a02bf262ed9fa0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
74676dc3ccbdd8a0a8c95e29f8dca15806618e1830a59d07f00bee3b4948bf03

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1efa67a976f08bd96b97975995ec994241268afc645b6e91d9ab87635405680a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc522b00be10685e80689daa1411e97aa08f9264026916aee92ff7704f5222f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89ca920446810cd3f246559ab02b14bf052c615f88ddc8afafee873ae6477b73

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c927f99c466397ff70d7276a61433c5dad75c8a50d6b858968018e34d1eb014b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
34b66d80026e4ba6a007c7a109a7941fbbecdcbac8cc0501325b27c3cc9e4c5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3101ce467dbdff0398ff396dc7f4810a111d1d47603e4c29414b26100ab2595b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		67 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aa410c56afcd045d30aeeeb29179181af9ede207abfb707155cf60fb59384160

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d53ca03f906c9869ca85e1eaaf9c713af72c6de1e7130c56ef5203ecde27f2f4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e548b514e50c5cd3b24f3d18ffd24e4345165b7c07d9442c8346c27fad48e74

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fbfa6d56f91b0196ea5c1fdcd0aa0ff44e2cc37a288e8fcc5ea9bf2739d3f0ba

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
71fcc37bd3e0f4c90ff75146611f77f8260fff9b9ed9df5478cbeb4e5e11017d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		67 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
047347a84de6f7255239ea37891645936bce8a0801f8cdee9df11c608dbc47bd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		66 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8453e1519330acc3672c4e36d794345c5d73694c9c6f697697160ef06a6c46a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1.woff2
fonts.gstatic.com/s/rubik/v26/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v26/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3cc674e2a6c5205be79a73673f5b9b43be9072b4899b28c8d2c39eb8c2c59a74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 06:08:53 GMT
x-content-type-options
nosniff
age
363698
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24008
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 21:57:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 09 Jun 2024 06:08:53 GMT
truncated
/ 		67 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a6573f3119e669f076691dace74b1c2587a7904c59c90bdd186c4587ead4ff0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
js
boards.greenhouse.io/embed/job_board/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://boards.greenhouse.io/embed/job_board/js?for=horizon3
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.147.131.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-131-114.compute-1.amazonaws.com
Software
/
Resource Hash
141ff8c7aafbacc156f54a9e1364cd767c8d7e58c0009a9abf4e3c146e1c1517
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-runtime
0.012196
date
Wed, 14 Jun 2023 11:10:31 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
etag
W/"141ff8c7aafbacc156f54a9e1364cd76"
x-download-options
noopen
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=0, private, must-revalidate
x-xss-protection
1; mode=block
x-request-id
60c67741d69088edd5481d73e8bda752
lazyload.min.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
3055
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 28 Apr 2023 12:55:23 GMT
server
nginx
etag
W/"644bc23b-22bc"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds261.fr8.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js>; rel="canonical"
6762f76090a9b7ff935c52e7fac6fb9c.js
p7i3u3x3.rocketcdn.me/wp-content/cache/min/1/ 		363 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/cache/min/1/6762f76090a9b7ff935c52e7fac6fb9c.js
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
e3a102bfd18798f0932405268afe25905a21ad8244b5c6cb231fb5c358c00be7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
101835
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Jun 2023 11:32:16 GMT
server
nginx
etag
W/"64870240-5aaa0"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds325.fr8.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/cache/min/1/6762f76090a9b7ff935c52e7fac6fb9c.js>; rel="canonical"
Red-Team-Blog-BG.jpg
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/ 		51 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/Red-Team-Blog-BG.jpg
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
6555189a58cede3f19c2269dfa21e1e86734f122f0e190bfaaee35895dcbd9fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
52684
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 14 Oct 2022 18:21:09 GMT
server
nginx
etag
"6349a895-cdcc"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds265.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/uploads/2022/10/Red-Team-Blog-BG.jpg>; rel="canonical"
S6uyw4BMUTPHjxAwXg.woff2
fonts.gstatic.com/s/lato/v24/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXg.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
386a206aade080bb0045005cfdbb660430ed46d652039eef6bc299d54d7c43ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 22:27:31 GMT
x-content-type-options
nosniff
age
391380
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25284
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 08 Jun 2024 22:27:31 GMT
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUUz.woff
fonts.gstatic.com/s/rubik/v26/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v26/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUUz.woff
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b8be6afbe320bcef91fdab1255e696c52b28d7654135eaf8ce1f1d47e2a7828
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 22:55:02 GMT
x-content-type-options
nosniff
age
303329
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31376
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 21:57:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 09 Jun 2024 22:55:02 GMT
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUUw.ttf
fonts.gstatic.com/s/rubik/v26/ 		65 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v26/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUUw.ttf
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8b3692f91bcff6edd02cdca952c40a18aabc36f5a26e56414c1f62edd203962
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 09:20:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
93007
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35335
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 21:57:32 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 09:20:24 GMT
optimize.js
www.googleoptimize.com/ 		169 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-M6CGZHN
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
754ecc8d25f075f7e7d7b42d387a7399ad6766adfa1e764dedb462ee39c4cb79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
63992
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 14 Jun 2023 11:10:31 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10792903506/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10792903506/?random=1686741031707&cv=11&fst=1686741031707&bg=ffffff&guid=ON&async=1&gtm=45He36c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&hn=www.googleadservices.com&frm=0&tiba=MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai&auid=1131736978.1686741032&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
195672c9ea698b3e9e3cbb34291550673b1b63ded8a874762683195706e3ab92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1393
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Mon, 23 Jan 2023 21:56:14 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"03d5db9dfd00a5719bb4c9261e6fa1bb"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
7356
pd.js
pi.pardot.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/pd.js
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-120-28.compute-1.amazonaws.com
Software
PardotServer /
Resource Hash
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 14 Jun 2023 11:10:32 GMT
content-encoding
gzip
X-Pardot-Route
16b0ab393667a33fe86adedc3141e88c
last-modified
Tue, 13 Jun 2023 05:28:35 GMT
Server
PardotServer
etag
"15f4-gzip"
vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
cache-control
max-age=63072000
Connection
keep-alive
accept-ranges
bytes
Content-Length
1988
expires
Fri, 13 Jun 2025 11:10:32 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.141 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-141.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Jan 2023 17:22:56 GMT
x-cdn
AKAM
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=50864
accept-ranges
bytes
content-length
4777
PLwGhTJP
io.clickguard.com/s/cHJvdGVjdG9y/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://io.clickguard.com/s/cHJvdGVjdG9y/PLwGhTJP
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:c98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0377ca8e3517fd48f2bd7ad72e3be7fdd72d2651e5ab2d3ee0d543a3dbcb15f6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 14 Jun 2023 11:10:31 GMT
via
1.1 google
Content-Encoding
br
CF-Cache-Status
DYNAMIC
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
x-powered-by
Express
etag
W/"1eb0-/TiUUG9wydBAxKhASnSKRk72pOI"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttjmi9LXnA4BdHDREuzR7T71uVTxuJIeX9EZEFqUuYBxPlrczF%2BlHyBERh2NwfwfXKivzrcXfEt3IZgYc%2BaSfI302utM1to16tpLyJgh9x6%2FSA2bmVPG6qxwINyjjXwZ9too0paL%2B98V9fm3SK4j"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript; charset=utf-8
access-control-allow-origin
*
Connection
keep-alive
CF-RAY
7d7220988c2b365b-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
js
www.googletagmanager.com/gtag/ 		265 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b06d1735ee9378ae1ebc7c3789667483fb973ce5993eff7aa3fcd9e2ddef9dc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88312
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 14 Jun 2023 11:10:31 GMT
/
www.google.com/pagead/1p-user-list/10792903506/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10792903506/?random=1686741031707&cv=11&fst=1686740400000&bg=ffffff&guid=ON&async=1&gtm=45He36c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&frm=0&tiba=MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai&fmt=3&is_vtc=1&random=1591100333&rmt_tld=0&ipr=y
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10792903506/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10792903506/?random=1686741031707&cv=11&fst=1686740400000&bg=ffffff&guid=ON&async=1&gtm=45He36c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&frm=0&tiba=MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai&fmt=3&is_vtc=1&random=1591100333&rmt_tld=1&ipr=y
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1686741031818&id=t2_rwb6eefi&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&uuid=f5dc4094-9687-4c24-a0ba-9fdbc1e1099e&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_65e23bc4
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:32 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
Screen-Shot-2023-06-12-at-7.23.50-AM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/06/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/06/Screen-Shot-2023-06-12-at-7.23.50-AM.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
5e32aa23e2c51cfcf305a65efef5d92a0eab55df3ae60916ef211c2105b50cfd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
79630
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Jun 2023 11:25:46 GMT
server
nginx
etag
"648700ba-1370e"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds228.fr8.c
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/uploads/2023/06/Screen-Shot-2023-06-12-at-7.23.50-AM.png.webp>; rel="canonical"
Screen-Shot-2023-06-09-at-7.45.34-AM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/06/ 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/06/Screen-Shot-2023-06-09-at-7.45.34-AM.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
99937569740584f1ba90390f7a996c539133128d34021bcdb26ed79b18cbc7d3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
67804
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 09 Jun 2023 11:47:57 GMT
server
nginx
etag
"6483116d-108dc"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds141.fr8.c
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/uploads/2023/06/Screen-Shot-2023-06-09-at-7.45.34-AM.png.webp>; rel="canonical"
UserGetUsersWithEmailAddress-1.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/06/ 		101 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/06/UserGetUsersWithEmailAddress-1.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
c822a15698ed5027803ef43817d1147d11509ffdf4708cb151b843c891aa4f61
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:31 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
103026
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 09 Jun 2023 12:55:11 GMT
server
nginx
etag
"6483212f-19272"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741031.cds333.fr8.c
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/uploads/2023/06/UserGetUsersWithEmailAddress-1.png.webp>; rel="canonical"
collect
region1.analytics.google.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-V462VSRXXS&gtm=45je36c0&_p=572270471&_gaz=1&cid=77644518.1686741032&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1686741031&sct=1&seg=0&dl=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&dt=MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:32 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.horizon3.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
245 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-V462VSRXXS&cid=77644518.1686741032&gtm=45je36c0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:32 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.horizon3.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V462VSRXXS&cid=77644518.1686741032&gtm=45je36c0&aip=1&z=1533702907
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:31 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tag.aspx
ml314.com/ 		31 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/tag.aspx?145
Requested by
Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-content/cache/min/1/6762f76090a9b7ff935c52e7fac6fb9c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
236.234.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 10:44:37 GMT
content-encoding
br
age
1555
x-guploader-uploadid
ADPycdux7AhY8_7dqRLXPG9VWwVD2o3xOoGUs_O2i4ACj-iEkdnatSf_1qOrmYeubUjgfOdRTsJqvxoGqYYpdYXeyvBq03ilIfDS
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10515
last-modified
Mon, 10 Apr 2023 17:13:24 GMT
server
UploadServer
etag
W/"b0965f051977c0dd95ffe2c736cac352"
vary
Accept-Encoding
x-goog-generation
1681146804366265
x-goog-hash
crc32c=wVdAwA==, md5=sJZfBRl3wN2V/+LHNsrDUg==
content-type
application/javascript
cache-id
FRA-1209ea83
cache-control
public,max-age=3600
x-cache-hit
hit
x-goog-stored-content-length
32213
accept-ranges
none
61eaf806342d59001e8ed916
ws.zoominfo.com/pixel/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/61eaf806342d59001e8ed916
Requested by
Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-content/cache/min/1/6762f76090a9b7ff935c52e7fac6fb9c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
69c7f6986ce7e8bc4f2a787dced203a626167394c2b8c781cbd70da1f36e841f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
7d72209a492991f6-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok
alt-svc
h3=":443"; ma=86400
et-divi-dynamic-tb-4381-5758-late.css
www.horizon3.ai/wp-content/et-cache/5758/ 		23 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.horizon3.ai/wp-content/et-cache/5758/et-divi-dynamic-tb-4381-5758-late.css
Requested by
Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-content/cache/min/1/6762f76090a9b7ff935c52e7fac6fb9c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
226.16.197.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
afc773edaeca56353506ee949f72f767157a073b258dfb8e3112cea5485bc4ab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:32 GMT
content-security-policy
upgrade-insecure-requests
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Jun 2023 21:38:14 GMT
server
nginx
etag
W/"64879046-5acb"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
83ff020a4883eb87a2f38179cc8b9db9e867a2bd97e17aef3dcd03857369bf12
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:32 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
7616
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 03 Aug 2022 00:00:29 GMT
server
nginx
etag
"62e9ba9d-1dc0"
x-frame-options
SAMEORIGIN
x-hw
1686741031.cds246.fr8.hn,1686741032.cds290.fr8.c
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png>; rel="canonical"
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-WYiFWUU1.woff2
fonts.gstatic.com/s/rubik/v26/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v26/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-WYiFWUU1.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9531b76ea4f070907bf50c65dbbd4231c4615922d9da555d6d4eef4b6439030b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 20:07:37 GMT
x-content-type-options
nosniff
age
313375
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22064
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 21:57:34 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 09 Jun 2024 20:07:37 GMT
utsync.ashx
ml314.com/ 		62 B
309 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=81430&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&pv=1686741032134_ue7sv6qg0&bl=en-us&cb=3800576&return=&ht=&d=&dc=&si=1686741032134_ue7sv6qg0&cid=6cde07f1-6e0d-4162-bf0a-d382a9285bc8&s=1600x1200&rp=&v=2.5.3.49
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
236.234.111.34.bc.googleusercontent.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:31 GMT
via
1.1 google
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
application/javascript; charset=utf-8
p3p
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62
expires
0
token
cdn.linkedin.oribi.io/partner/3527860/domain/horizon3.ai/ 		36 B
370 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.linkedin.oribi.io/partner/3527860/domain/horizon3.ai/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:7a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:32 GMT
content-encoding
gzip
via
1.1 826a64379fff05f157845c418fee53d2.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
vary
accept-encoding
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=3600
x-amz-cf-id
pCTREFn7Qm2xYgyrg65CT9X0y4DtVIxFFSix7MTEaTF2DrSv8nFYag==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&cookiesTes...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3527860%26time%3D1686741032140%26url%3Dhttps%253A%252F%252Fwww.horizon3.ai%252Fmo...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&cookiesTes...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&cookiesTe...
0
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&cookiesTest=true&liSync=true&e_ipv6=AQJapUAgeCU0tgAAAYi5mZ9jE0fJUpZ2y9kQYwQ0hOQnWVo-178c3T9eTezOWEcwKD6Hfv4y0RhI2G9z-NkWQpiJPir_YQ
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:32 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 343D14AA63C24533B8C2C92DE07E556F Ref B: FRAEDGE1213 Ref C: 2023-06-14T11:10:32Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX+FQAZyI7M0gs8ekAusQ==

Redirect headers

date
Wed, 14 Jun 2023 11:10:32 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 87176BF410F24159A887EF31A8354BAF Ref B: FRAEDGE1507 Ref C: 2023-06-14T11:10:32Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1686741032140&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&cookiesTest=true&liSync=true&e_ipv6=AQJapUAgeCU0tgAAAYi5mZ9jE0fJUpZ2y9kQYwQ0hOQnWVo-178c3T9eTezOWEcwKD6Hfv4y0RhI2G9z-NkWQpiJPir_YQ
x-li-proto
http/2
content-length
0
x-li-uuid
AAX+FQAWgpIgGYS4YjFKSQ==
analytics
pi.pardot.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17120&account_id=972073&title=MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&referrer=
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-120-28.compute-1.amazonaws.com
Software
PardotServer /
Resource Hash
8d1b09e97186d1e29de5ae6670b6ca6f2a015e4d97b50da064fef66fb9ea95ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
Date
Wed, 14 Jun 2023 11:10:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Pardot-Route
9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp
0/0/1
Server
PardotServer
vary
Accept-Encoding,User-Agent
Content-Type
text/javascript; charset=utf-8
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
532
expires
Thu, 19 Nov 1981 08:52:00 GMT
PLwGhTJP
io.clickguard.com/r/cHJvdGVjdG9y/ 		0
670 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://io.clickguard.com/r/cHJvdGVjdG9y/PLwGhTJP
Requested by
Host: io.clickguard.com
URL: https://io.clickguard.com/s/cHJvdGVjdG9y/PLwGhTJP
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:c98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Date
Wed, 14 Jun 2023 11:10:32 GMT
via
1.1 google
CF-Cache-Status
DYNAMIC
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
x-powered-by
Express
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP77nkw8h9PYnMA%2BA3tZTVAHvTj6fQXB4JDzORHTPmcWzgwmJJOuDtHHvpWhL5f4frxl%2FCkQk7SdxbFlKKWhhVPx%2FyTr7XsZVAlpxdKFw6UU%2FTvYRSoV%2F5aYQCRk%2BuakbZd38Vo59NlKyTlVnA1a"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
Connection
keep-alive
CF-RAY
7d72209be9aa2c18-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
0
PLwGhTJP
io.clickguard.com/r/cHJvdGVjdG9y/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://io.clickguard.com/r/cHJvdGVjdG9y/PLwGhTJP
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:c98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.horizon3.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
7d72209b08a42c18-FRA
Connection
keep-alive
Content-Encoding
br
Content-Type
text/html; charset=utf-8
Date
Wed, 14 Jun 2023 11:10:32 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Nl6kquJ4f%2BHOZjoyHadmYta86q6oXaAb%2FmbmHQc4y96gJI6lgJ3K%2Bmz69iQk3e2IJk9cvaqqhdtQEWrhQn8tePhn8RpNnH5IX9rCk084g2Ha6PuvfX%2FZNu%2FWy4uhyxbm1zFoulj1%2Fl8mh2znzrT"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST
via
1.1 google
x-powered-by
Express
analytics
go.horizon3.ai/ 		50 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.horizon3.ai/analytics?conly=true&visitor_id=63785440&visitor_id_sign=126e99bad8b9d4563482cc0afb926ea18be205f747039592a7aa0a28ddddd58d3c14fcab99c93875f3f836468702022ec7025955&pi_opt_in=&campaign_id=17120&account_id=972073&title=MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai&url=https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/&referrer=
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17120&account_id=972073&title=MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai&url=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-92-120-28.compute-1.amazonaws.com
Software
PardotServer /
Resource Hash
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
Date
Wed, 14 Jun 2023 11:10:32 GMT
X-Pardot-Route
9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp
0/0/1
Server
PardotServer
vary
User-Agent
Content-Type
text/javascript; charset=utf-8
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control
no-store, no-cache, must-revalidate
Connection
keep-alive
x-pardot-canary
true
Content-Length
50
expires
Thu, 19 Nov 1981 08:52:00 GMT
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 14 Jun 2023 11:04:48 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
345
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Wed, 14 Jun 2023 13:04:48 GMT
6si.min.js
j.6sc.co/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.202 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 17 May 2023 00:27:16 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"64641f64-8a3f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
11052
expires
Wed, 14 Jun 2023 11:10:33 GMT
Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/ 		0
0
Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp
Requested by
Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
nginx / RocketCDN
Resource Hash
70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:33 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN
content-length
12820
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 03 Aug 2022 00:00:29 GMT
server
nginx
etag
"62e9ba9d-3214"
x-frame-options
SAMEORIGIN
x-hw
1686741033.cds246.fr8.hn,1686741033.cds321.fr8.c
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
vary
Accept-Encoding
accept-ranges
bytes
link
<https://www.horizon3.ai/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp>; rel="canonical"
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 10:54:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
976
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 14 Jun 2023 11:54:17 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=572270471&t=pageview&_s=1&dl=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&ul=en-us&de=UTF-8&dt=MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAEAjQAAAACAAI~&jid=1451501160&gjid=1561049229&cid=77644518.1686741032&tid=UA-158035514-1&_gid=1304534534.1686741033&_r=1&_slc=1&gtm=45He36c0n81NXGBH9M&z=1783979741
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.horizon3.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
c.6sc.co/ 		7 B
193 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.202 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:33 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.horizon3.ai
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/ 		36 B
330 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::210:180 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
34b2338a03a123f963a0658bf4bb4ec2adfa73a2019448d65a5d777685786e2e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:33 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.horizon3.ai
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a02:6ea0:c71b:0:1012:6c7b:d337:a5bf
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468539_34603388_603419746_24_996_5_0_-";dur=1
content-length
36
expires
Wed, 14 Jun 2023 11:10:33 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
483 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b8f835c48eb4789133c47b08c1e1e9b2&svisitor=null&visitor=2eeebd2b-632a-4876-867c-ea48ac79ac54&session=4f303c8b-eda8-4d09-8a15-bbf101eef78e&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A33%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2011%3A10%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b8f835c48eb4789133c47b08c1e1e9b2%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2011%3A10%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22f85e8e69ebdb261b02991e6a2a384d26f215cd42%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2011%3A10%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2011%3A10%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2011%3A10%3A33%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Technical%20Deep-Dive%20and%20Indicators%20of%20Compromise%20for%20MOVEit%20Transfer%20CVE-2023-34362%20SQL%20Injection%20to%20Remote%20Code%20Execution%20Vulnerability%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&pageViewId=749031d9-3180-4e48-8869-beeae189842e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.202 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:33 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
151 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-158035514-1&cid=77644518.1686741032&jid=1451501160&gjid=1561049229&_gid=1304534534.1686741033&_u=aCDAAEAiQAAAACAAI~&z=1470780600
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 14 Jun 2023 11:10:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.horizon3.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-158035514-1&cid=77644518.1686741032&jid=1451501160&_u=aCDAAEAiQAAAACAAI~&z=1759545540
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:33 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-158035514-1&cid=77644518.1686741032&jid=1451501160&_u=aCDAAEAiQAAAACAAI~&z=1759545540
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 11:10:33 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
483 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b8f835c48eb4789133c47b08c1e1e9b2&svisitor=null&visitor=2eeebd2b-632a-4876-867c-ea48ac79ac54&session=4f303c8b-eda8-4d09-8a15-bbf101eef78e&event=ipv6&q=%7B%22address%22%3A%222a02%3A6ea0%3Ac71b%3A0%3A1012%3A6c7b%3Ad337%3Aa5bf%22%7D&isIframe=false&m=%7B%22description%22%3A%22Technical%20Deep-Dive%20and%20Indicators%20of%20Compromise%20for%20MOVEit%20Transfer%20CVE-2023-34362%20SQL%20Injection%20to%20Remote%20Code%20Execution%20Vulnerability%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&pageViewId=749031d9-3180-4e48-8869-beeae189842e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.202 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:33 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
details
epsilon.6sense.com/v3/company/ 		746 B
584 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.112.158 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-112-158.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9b2dc2a6592abd91e0dee577ef85461138e643d96bf3f3756f7c6d856d8d5e8b

Request headers

Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
accept-language
de-DE,de;q=0.9
Authorization
Token f85e8e69ebdb261b02991e6a2a384d26f215cd42
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:33 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.horizon3.ai
access-control-allow-credentials
true
content-length
399
details
epsilon.6sense.com/v3/company/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.112.158 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-112-158.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://www.horizon3.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.horizon3.ai
access-control-max-age
1800
date
Wed, 14 Jun 2023 11:10:33 GMT
server
nginx
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=572270471&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&ul=en-us&de=UTF-8&dt=MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aCDAAEAjQAAAACAAI~&jid=&gjid=&cid=77644518.1686741032&tid=UA-158035514-1&_gid=1304534534.1686741033&gtm=45He36c0n81NXGBH9M&cd1=&cd2=Germany&cd3=Hesse&cd4=&cd5=&cd6=&cd7=&cd8=&cd9=&cd10=&cd11=&cd12=&z=847769507
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 13 Jun 2023 15:44:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
69975
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b8f835c48eb4789133c47b08c1e1e9b2&svisitor=null&visitor=2eeebd2b-632a-4876-867c-ea48ac79ac54&session=4f303c8b-eda8-4d09-8a15-bbf101eef78e&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A33%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Technical%20Deep-Dive%20and%20Indicators%20of%20Compromise%20for%20MOVEit%20Transfer%20CVE-2023-34362%20SQL%20Injection%20to%20Remote%20Code%20Execution%20Vulnerability%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&pageViewId=749031d9-3180-4e48-8869-beeae189842e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.202 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:34 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b8f835c48eb4789133c47b08c1e1e9b2&svisitor=null&visitor=2eeebd2b-632a-4876-867c-ea48ac79ac54&session=4f303c8b-eda8-4d09-8a15-bbf101eef78e&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A34%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Technical%20Deep-Dive%20and%20Indicators%20of%20Compromise%20for%20MOVEit%20Transfer%20CVE-2023-34362%20SQL%20Injection%20to%20Remote%20Code%20Execution%20Vulnerability%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&pageViewId=749031d9-3180-4e48-8869-beeae189842e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.202 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:35 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b8f835c48eb4789133c47b08c1e1e9b2&svisitor=null&visitor=2eeebd2b-632a-4876-867c-ea48ac79ac54&session=4f303c8b-eda8-4d09-8a15-bbf101eef78e&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A35%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%223007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Technical%20Deep-Dive%20and%20Indicators%20of%20Compromise%20for%20MOVEit%20Transfer%20CVE-2023-34362%20SQL%20Injection%20to%20Remote%20Code%20Execution%20Vulnerability%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&pageViewId=749031d9-3180-4e48-8869-beeae189842e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.202 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:36 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
483 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b8f835c48eb4789133c47b08c1e1e9b2&svisitor=null&visitor=2eeebd2b-632a-4876-867c-ea48ac79ac54&session=4f303c8b-eda8-4d09-8a15-bbf101eef78e&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A36%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Technical%20Deep-Dive%20and%20Indicators%20of%20Compromise%20for%20MOVEit%20Transfer%20CVE-2023-34362%20SQL%20Injection%20to%20Remote%20Code%20Execution%20Vulnerability%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&pageViewId=749031d9-3180-4e48-8869-beeae189842e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.202 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 11:10:37 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
p7i3u3x3.rocketcdn.me
URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png
Domain
b.6sc.co
URL
https://b.6sc.co/v1/beacon/img.gif?token=b8f835c48eb4789133c47b08c1e1e9b2&svisitor=null&visitor=2eeebd2b-632a-4876-867c-ea48ac79ac54&session=4f303c8b-eda8-4d09-8a15-bbf101eef78e&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2014%20Jun%202023%2011%3A10%3A37%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225008%22%7D&isIframe=false&m=%7B%22description%22%3A%22Technical%20Deep-Dive%20and%20Indicators%20of%20Compromise%20for%20MOVEit%20Transfer%20CVE-2023-34362%20SQL%20Injection%20to%20Remote%20Code%20Execution%20Vulnerability%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22MOVEit%20Transfer%20CVE-2023-34362%20Deep%20Dive%20and%20Indicators%20of%20Compromise%20%E2%80%93%20Horizon3.ai%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.horizon3.ai%2Fmoveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise%2F&pageViewId=749031d9-3180-4e48-8869-beeae189842e

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend object| dataLayer object| et_animation_data function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| DIVI object| et_builder_utils_params object| et_frontend_scripts object| et_pb_custom object| et_pb_box_shadow_elements object| lazyLoadOptions undefined| $ function| jQuery object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| GooglebQhCsO function| rdt string| piAId string| piCId string| piHostname string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels function| LazyLoad function| onYouTubeIframeAPIReady object| gaGlobal object| google_optimize object| Grnhse object| _grnhse object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker function| sixteenNine function| getParam function| getExpiryRecord function| addGclid string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| _ml function| Waypoint function| et_pb_debounce function| et_pb_smooth_scroll function| et_pb_form_placeholders_init function| et_duplicate_menu function| et_pb_remove_placeholder_text function| et_fix_fullscreen_section function| et_bar_counters_init function| et_fix_pricing_currency_position function| et_pb_set_responsive_grid function| et_pb_set_tabs_height function| et_pb_box_shadow_apply_overlay function| et_pb_init_nav_menu function| et_pb_toggle_nav_menu function| et_pb_apply_sticky_image_effect function| et_pb_menu_inject_inline_centered_logo function| et_pb_menu_inject_item function| et_pb_reposition_menu_module_dropdowns boolean| et_load_event_fired boolean| et_is_transparent_nav boolean| et_is_vertical_nav boolean| et_is_fixed_nav boolean| et_is_minified_js boolean| et_is_minified_css boolean| et_force_width_container_change function| et_pb_init_woo_star_rating function| et_pb_wrap_woo_attribute_fields_in_span function| et_calculate_fullscreen_section_size function| et_pb_init_modules function| etFixDividerSpacing function| etInitWooReviewsRatingStars boolean| et_calculating_scroll_position boolean| et_side_nav_links_initialized function| et_calculate_header_values function| et_change_primary_nav_position function| et_fix_page_container_position function| et_pb_window_side_nav_scroll_init function| et_pb_side_nav_page_init object| images boolean| is_image object| iframes boolean| is_iframe object| rocket_lazy object| _0xf102 function| _0x20fb object| CG function| _cg_convert function| cg_convert string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| srcReplaceableElms function| et_pb_slider_init function| et_pb_image_lightbox_init function| et_countdown_timer function| et_countdown_timer_labels function| et_pb_tabs_init function| et_pb_circle_counter_update function| et_apply_parallax function| et_parallax_set_height function| et_apply_builder_css_parallax function| et_pb_play_overlayed_video function| et_pb_resize_section_video_bg function| et_pb_center_video function| et_pb_adjust_video_margin function| et_fix_slider_height function| et_pb_submit_newsletter function| et_fix_testimonial_inner_width function| et_pb_video_background_init function| et_animate_element function| et_process_animation_data function| et_has_animation_data function| et_get_animation_classes function| et_remove_animation function| et_remove_animation_data function| et_reinit_waypoint_modules function| et_calc_fullscreen_section function| debounced_et_apply_builder_css_parallax function| et_pb_parallax_init function| et_pb_fullwidth_header_scroll function| et_pb_search_init function| et_pb_search_percentage_custom_margin_fix function| et_pb_comments_init function| et_pb_shop_add_hover_class boolean| _already_called_lintrk function| checkNamespace function| getPardotUrl function| piTracker function| piGetParameter function| piGetCookie function| piSetCookie string| piVersion number| piScriptNum object| piScriptObj object| pi number| c_start string| property object| ziws function| piResponse string| et_location_hash function| et_pb_init_woo_custom_button_icon string| waypointContextKey function| processEpsilonData string| epsilonName boolean| enabled function| callback number| version object| _6si object| gaplugins object| gaData boolean| _storagePopulated

36 Cookies

Domain/Path Name / Value
mdr.esentire.com/ Name: visitor_id651833
Value: 498220641
mdr.esentire.com/ Name: visitor_id651833-hash
Value: b0d7206179a02ba09925a4c5d82f74e4db23cf577a2212ea9b865824c065baaf44196ff606cd92328278404d17d445e4333ef80c
.horizon3.ai/ Name: _gcl_au
Value: 1.1.1131736978.1686741032
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.horizon3.ai/ Name: _rdt_uuid
Value: 1686741031817.f5dc4094-9687-4c24-a0ba-9fdbc1e1099e
.horizon3.ai/ Name: _ga_V462VSRXXS
Value: GS1.1.1686741031.1.0.1686741031.60.0.0
www.horizon3.ai/ Name: cookielawinfo-checkbox-necessary
Value: yes
www.horizon3.ai/ Name: cookielawinfo-checkbox-functional
Value: no
www.horizon3.ai/ Name: cookielawinfo-checkbox-performance
Value: no
www.horizon3.ai/ Name: cookielawinfo-checkbox-analytics
Value: no
www.horizon3.ai/ Name: cookielawinfo-checkbox-advertisement
Value: no
www.horizon3.ai/ Name: cookielawinfo-checkbox-others
Value: no
.ws.zoominfo.com/ Name: visitorId
Value: 653ee3f8bb5d1ebc4f42f54c4d1eed39b109188867e8984404e29c6878ced108
.zoominfo.com/ Name: __cf_bm
Value: 9yUqcZ_9mavjWnnyGdnKY5X9kiypZZgpKewpqC9Yfs8-1686741032-0-AVH6aTsCsidRY4eCCt21dYIpBRugI4Mk1qvLM84hAd6oxq7/HepxaaBsyabKAicYrTR8npqxXMsgB6fG+HzdEVc=
.zoominfo.com/ Name: _cfuvid
Value: 7LeBidDJfT7kg6WLmH8QKaom_hElmiEU_na9Bf_B5u8-1686741032184-0-604800000
.linkedin.com/ Name: li_sugr
Value: b5831ef7-9039-4c5e-8198-7c464763d0f9
.linkedin.com/ Name: bcookie
Value: "v=2&81b05119-6fb7-46d3-81bc-1db22f770762"
.linkedin.com/ Name: lidc
Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2580:u=1:x=1:i=1686741032:t=1686827432:v=2:sig=AQGF5thBfSy5ZmOhUp4IHetsKa3KH9-3"
www.horizon3.ai/ Name: ln_or
Value: eyIzNTI3ODYwIjoiZCJ9
.pardot.com/ Name: visitor_id971073
Value: 63785440
.pardot.com/ Name: visitor_id971073-hash
Value: 126e99bad8b9d4563482cc0afb926ea18be205f747039592a7aa0a28ddddd58d3c14fcab99c93875f3f836468702022ec7025955
pi.pardot.com/ Name: lpv971073
Value: aHR0cHM6Ly93d3cuaG9yaXpvbjMuYWkvbW92ZWl0LXRyYW5zZmVyLWN2ZS0yMDIzLTM0MzYyLWRlZXAtZGl2ZS1hbmQtaW5kaWNhdG9ycy1vZi1jb21wcm9taXNlLw%3D%3D
www.horizon3.ai/ Name: visitor_id971073
Value: 63785440
www.horizon3.ai/ Name: visitor_id971073-hash
Value: 126e99bad8b9d4563482cc0afb926ea18be205f747039592a7aa0a28ddddd58d3c14fcab99c93875f3f836468702022ec7025955
.linkedin.com/ Name: UserMatchHistory
Value: AQL-fPzFsJ_NHAAAAYi5mZ34k2q7p05XtemdyFNp9tYSqagpA-z9OU6IsHIwYzUuZL3t5US_s20l8w
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLIups_QM1S6AAAAYi5mZ34-1awZyGPrYupxAXUVpCdJlVgK05pWIQ1Fu0arAAhn_nIg_x7wBcASM5oGacg2A
.www.linkedin.com/ Name: bscookie
Value: "v=1&202306141110321a2644e3-f011-496b-8807-06df7930864cAQF4D6Nf3bY0rOqvYbNOPjact6CNfpFs"
.linkedin.com/ Name: li_gc
Value: MTswOzE2ODY3NDEwMzI7MjswMjHSRfBQ4PQQHy6xf/SOm8Ss4Ger7Ws5JXXdH29FQPh0gA==
go.horizon3.ai/ Name: visitor_id971073
Value: 63785440
go.horizon3.ai/ Name: visitor_id971073-hash
Value: 126e99bad8b9d4563482cc0afb926ea18be205f747039592a7aa0a28ddddd58d3c14fcab99c93875f3f836468702022ec7025955
.horizon3.ai/ Name: _ga
Value: GA1.2.77644518.1686741032
.horizon3.ai/ Name: _gid
Value: GA1.2.1304534534.1686741033
.horizon3.ai/ Name: _gat_UA-158035514-1
Value: 1
www.horizon3.ai/ Name: _gd_visitor
Value: 2eeebd2b-632a-4876-867c-ea48ac79ac54
www.horizon3.ai/ Name: _gd_session
Value: 4f303c8b-eda8-4d09-8a15-bbf101eef78e
.6sc.co/ Name: 6suuid
Value: c6641102dcab010029a089640402000012170b00

13 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'wake-lock'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
b.6sc.co
boards.greenhouse.io
c.6sc.co
cdn.linkedin.oribi.io
epsilon.6sense.com
fonts.gstatic.com
go.horizon3.ai
googleads.g.doubleclick.net
io.clickguard.com
ipv6.6sc.co
j.6sc.co
mdr.esentire.com
ml314.com
p7i3u3x3.rocketcdn.me
pi.pardot.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
stats.g.doubleclick.net
ws.zoominfo.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.horizon3.ai
www.linkedin.com
www.redditstatic.com
b.6sc.co
p7i3u3x3.rocketcdn.me
104.197.16.226
13.107.42.14
151.101.129.140
151.139.128.10
18.198.112.158
18.208.125.13
2.17.100.202
2.21.20.141
2001:4860:4802:34::36
2600:9000:237d:7a00:2:53b2:240:93a1
2606:4700:20::681a:c98
2606:4700::6810:650c
2620:1ec:21::14
2a00:1450:4001:800::2008
2a00:1450:4001:810::2004
2a00:1450:4001:813::2003
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200e
2a00:1450:400c:c07::9c
2a02:26f0:7100::210:180
2a04:4e42:600::396
3.92.120.28
34.111.234.236
54.147.131.114
0057bb1a3a5d9ab15297a2012d2bca1daa8f2dd2ea284836697ed0919d747789
0377ca8e3517fd48f2bd7ad72e3be7fdd72d2651e5ab2d3ee0d543a3dbcb15f6
047347a84de6f7255239ea37891645936bce8a0801f8cdee9df11c608dbc47bd
0b8be6afbe320bcef91fdab1255e696c52b28d7654135eaf8ce1f1d47e2a7828
141ff8c7aafbacc156f54a9e1364cd767c8d7e58c0009a9abf4e3c146e1c1517
195672c9ea698b3e9e3cbb34291550673b1b63ded8a874762683195706e3ab92
1a6573f3119e669f076691dace74b1c2587a7904c59c90bdd186c4587ead4ff0
1efa67a976f08bd96b97975995ec994241268afc645b6e91d9ab87635405680a
23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4
3101ce467dbdff0398ff396dc7f4810a111d1d47603e4c29414b26100ab2595b
34b2338a03a123f963a0658bf4bb4ec2adfa73a2019448d65a5d777685786e2e
34b66d80026e4ba6a007c7a109a7941fbbecdcbac8cc0501325b27c3cc9e4c5d
386a206aade080bb0045005cfdbb660430ed46d652039eef6bc299d54d7c43ed
38daf69e497d23162543d48d58baed56fb30e6b6de3f24e5f7c893a6d42ce02d
3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791
3cc674e2a6c5205be79a73673f5b9b43be9072b4899b28c8d2c39eb8c2c59a74
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
561482436496d38f42b6c8293a955abfe2c692b591d6c989ba72f8b07e69505b
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5e32aa23e2c51cfcf305a65efef5d92a0eab55df3ae60916ef211c2105b50cfd
64d012be65cf64981489c5ec31fe9e9160a863e6cddc679f26f10b0b08777d21
6555189a58cede3f19c2269dfa21e1e86734f122f0e190bfaaee35895dcbd9fe
69c7f6986ce7e8bc4f2a787dced203a626167394c2b8c781cbd70da1f36e841f
6e548b514e50c5cd3b24f3d18ffd24e4345165b7c07d9442c8346c27fad48e74
70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334
71fcc37bd3e0f4c90ff75146611f77f8260fff9b9ed9df5478cbeb4e5e11017d
74676dc3ccbdd8a0a8c95e29f8dca15806618e1830a59d07f00bee3b4948bf03
74ff14698bb5bd83b46e81c4ae5000cb16dbae3d83f0552cac3928356d4c5d87
754ecc8d25f075f7e7d7b42d387a7399ad6766adfa1e764dedb462ee39c4cb79
7a95c48d2b57290d6f44d4d2addaddec4418565862d8e957a1a02bf262ed9fa0
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7bb29298653d75ed72fe8ed24d08f9b75a55f7e994208acefe850134933aa050
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83ff020a4883eb87a2f38179cc8b9db9e867a2bd97e17aef3dcd03857369bf12
8453e1519330acc3672c4e36d794345c5d73694c9c6f697697160ef06a6c46a5
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88795f28bb66a45f9c32245dd21d6319ed5d26a45bf5afa31d91a0f83ee855f7
89ca920446810cd3f246559ab02b14bf052c615f88ddc8afafee873ae6477b73
8d1b09e97186d1e29de5ae6670b6ca6f2a015e4d97b50da064fef66fb9ea95ef
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9531b76ea4f070907bf50c65dbbd4231c4615922d9da555d6d4eef4b6439030b
99937569740584f1ba90390f7a996c539133128d34021bcdb26ed79b18cbc7d3
9b2dc2a6592abd91e0dee577ef85461138e643d96bf3f3756f7c6d856d8d5e8b
a8b3692f91bcff6edd02cdca952c40a18aabc36f5a26e56414c1f62edd203962
aa410c56afcd045d30aeeeb29179181af9ede207abfb707155cf60fb59384160
acea434b7791be1f26bd44489bfb79a4a81986aff1698e07ee64a95ee561ebc7
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
afc773edaeca56353506ee949f72f767157a073b258dfb8e3112cea5485bc4ab
b06d1735ee9378ae1ebc7c3789667483fb973ce5993eff7aa3fcd9e2ddef9dc5
c01f34c6b6aa0aa840ad43bbb5c0b98bf14c92f9737ebe650ac3a7af257ea369
c822a15698ed5027803ef43817d1147d11509ffdf4708cb151b843c891aa4f61
c927f99c466397ff70d7276a61433c5dad75c8a50d6b858968018e34d1eb014b
cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a
ce3131baccc4eac55c6a6360dde7bb144f77dc51e86078de4a23b0f1d7f16ed5
d53ca03f906c9869ca85e1eaaf9c713af72c6de1e7130c56ef5203ecde27f2f4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
e3a102bfd18798f0932405268afe25905a21ad8244b5c6cb231fb5c358c00be7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ece9d22203d0bc59232a7ff5bc7b4df4342c89630387b0366595ba92b724957e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
fbfa6d56f91b0196ea5c1fdcd0aa0ff44e2cc37a288e8fcc5ea9bf2739d3f0ba
fc522b00be10685e80689daa1411e97aa08f9264026916aee92ff7704f5222f0
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a