www.varonis.com Open in urlscan Pro
45.60.158.169 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.varonis.com/blog/investigate-ntlm-brute-force
Submission: On December 16 via api (December 16th 2023, 8:56:08 pm UTC) from SG — Scanned from SG

Summary HTTP 196 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 53 IPs in 4 countries across 45 domains to perform 196 HTTP transactions. The main IP is 45.60.158.169, located in United States and belongs to INCAPSULA, US. The main domain is www.varonis.com. The Cisco Umbrella rank of the primary domain is 336684.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2023 Q4 on December 3rd 2023. Valid for: 6 months.

This is the only time www.varonis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
52	45.60.158.169 45.60.158.169	19551 (INCAPSULA) (INCAPSULA)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
36	2606:4700::68... 2606:4700::6810:6dd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2404:6800:400... 2404:6800:4003:c1c::5f	15169 (GOOGLE) (GOOGLE)
2	2400:52e0:150... 2400:52e0:1502::1059:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2403:e800:e80... 2403:e800:e80b::2a63:8cc0	4637 (ASN-TELST...) (ASN-TELSTRA-GLOBAL Telstra Global)
1	2606:4700::68... 2606:4700::6810:8ace	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:b05d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2404:6800:400... 2404:6800:4003:c11::64	15169 (GOOGLE) (GOOGLE)
3	2404:6800:400... 2404:6800:4003:c00::61	15169 (GOOGLE) (GOOGLE)
3	2606:4700:440... 2606:4700:4400::ac40:9284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:eff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2404:6800:400... 2404:6800:4003:c11::6a	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f00... 2a03:2880:f00c:300:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:248... 2606:2800:248:2f:1d8a:787:dc7:17df	15133 (EDGECAST) (EDGECAST)
5	2404:6800:400... 2404:6800:4003:c1c::64	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4003:c00::9a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::396	54113 (FASTLY) (FASTLY)
4	152.195.58.59 152.195.58.59	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:bd59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:129	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	18.235.68.109 18.235.68.109	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.108.157 151.101.108.157	54113 (FASTLY) (FASTLY)
11	23.59.168.107 23.59.168.107	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2403:e800:e80... 2403:e800:e80b::2a63:8c8b	4637 (ASN-TELST...) (ASN-TELSTRA-GLOBAL Telstra Global)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	54.192.18.44 54.192.18.44	16509 (AMAZON-02) (AMAZON-02)
2 3	103.43.90.53 103.43.90.53	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.158.64 69.173.158.64	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	74.125.24.157 74.125.24.157	15169 (GOOGLE) (GOOGLE)
3 3	18.143.106.89 18.143.106.89	16509 (AMAZON-02) (AMAZON-02)
1	42.99.140.152 42.99.140.152	4637 (ASN-TELST...) (ASN-TELSTRA-GLOBAL Telstra Global)
1	2404:6800:400... 2404:6800:4003:c1a::65	15169 (GOOGLE) (GOOGLE)
2	2404:6800:400... 2404:6800:4003:c06::5e	15169 (GOOGLE) (GOOGLE)
2	52.71.156.47 52.71.156.47	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1413:b00... 2600:1413:b000:6::17d5:2bc6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8 9	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	18.208.65.209 18.208.65.209	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:e3a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4eba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:faa8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.79.10.210 35.79.10.210	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
2	2404:6800:400... 2404:6800:4003:c02::9b	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4003:c1a::5e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::181	15169 (GOOGLE) (GOOGLE)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	2a03:2880:f10... 2a03:2880:f10c:381:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:890f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
196	53

52 45.60.158.169 (United States)

ASN19551 (INCAPSULA, US)

www.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
info.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2606:4700::6810:6dd1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c1c::5f (Singapore, Singapore)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1502::1059:1 (Hong Kong)

ASN200325 (BUNNYCDN, SI)

plausible.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2403:e800:e80b::2a63:8cc0 (Hong Kong)

ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ace (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:b05d (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4003:c11::64 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4003:c00::61 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)

142972.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:eff9 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2404:6800:4003:c11::6a (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f00c:300:face:b00c:0:3 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:248:2f:1d8a:787:dc7:17df (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2404:6800:4003:c1c::64 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c00::9a (Singapore, Singapore)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.58.59 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:bd59 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:129 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.235.68.109 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-68-109.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.108.157 (Tokyo, Japan)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.59.168.107 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-59-168-107.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2403:e800:e80b::2a63:8c8b (Hong Kong)

ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.18.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-18-44.hkg62.r.cloudfront.net

trackit.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 103.43.90.53 (Singapore, Singapore) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 594.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.197.193.217 (Seattle, United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.158.64 (Singapore, Singapore) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.24.157 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: sf-in-f157.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.143.106.89 (Singapore, Singapore) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-143-106-89.ap-southeast-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 42.99.140.152 (Japan)

ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK)
PTR: ip-42-99-140-152.pacnet.net

hb.yahoo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c1a::65 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c06::5e (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.google.co.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.71.156.47 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-156-47.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1413:b000:6::17d5:2bc6 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2620:1ec:21::14 (United States) 8 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.208.65.209 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-65-209.compute-1.amazonaws.com

c2.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e3a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4eba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:faa8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.79.10.210 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-79-10-210.ap-northeast-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c02::9b (Singapore, Singapore)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c1a::5e (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.google.com.sg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f10c:381:face:b00c:0:25de (Singapore, Singapore)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:890f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	varonis.com www.varonis.com — Cisco Umbrella Rank: 336684 info.varonis.com — Cisco Umbrella Rank: 316910	3 MB
36	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8411	77 KB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 5657 c.6sc.co — Cisco Umbrella Rank: 8715 ipv6.6sc.co — Cisco Umbrella Rank: 5852 b.6sc.co — Cisco Umbrella Rank: 3994	22 KB
12	linkedin.com 8 redirects platform.linkedin.com — Cisco Umbrella Rank: 3771 px.ads.linkedin.com — Cisco Umbrella Rank: 327 www.linkedin.com — Cisco Umbrella Rank: 629 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	168 KB
10	google.com cse.google.com — Cisco Umbrella Rank: 3119 www.google.com — Cisco Umbrella Rank: 2 clients1.google.com — Cisco Umbrella Rank: 411 analytics.google.com — Cisco Umbrella Rank: 152	172 KB
6	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2618	11 KB
5	ktxlytics.io 1 redirects trackit.ktxlytics.io — Cisco Umbrella Rank: 47230 c2.ktxlytics.io — Cisco Umbrella Rank: 36065	99 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	22 KB
4	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 stats.g.doubleclick.net — Cisco Umbrella Rank: 75	3 KB
4	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1230 analytics.twitter.com — Cisco Umbrella Rank: 713 syndication.twitter.com — Cisco Umbrella Rank: 1549	132 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	177 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 9404	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2129	22 KB
3	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5546 track.hubspot.com — Cisco Umbrella Rank: 2246	2 KB
3	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 307	880 B
3	adsrvr.org 3 redirects insight.adsrvr.org — Cisco Umbrella Rank: 557 match.adsrvr.org — Cisco Umbrella Rank: 331	1 KB
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 478 ib.adnxs.com — Cisco Umbrella Rank: 229	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 329	14 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 9979 scout.salesloft.com — Cisco Umbrella Rank: 11992	4 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 6947	26 KB
3	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4435 forms-na1.hsforms.com — Cisco Umbrella Rank: 7062	5 KB
3	hubspotusercontent-na1.net 142972.fs1.hubspotusercontent-na1.net — Cisco Umbrella Rank: 430387	138 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	293 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	10 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4490	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9429	676 B
2	google.co.id www.google.co.id — Cisco Umbrella Rank: 7634	562 B
2	plausible.io plausible.io — Cisco Umbrella Rank: 9753	2 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 13567	205 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1387	637 B
1	google.com.sg www.google.com.sg — Cisco Umbrella Rank: 13820	408 B
1	t.co t.co — Cisco Umbrella Rank: 589	377 B
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4681	24 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2128	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3131	4 KB
1	yahoo.net hb.yahoo.net — Cisco Umbrella Rank: 866	663 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 339	916 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 763	15 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 678	15 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2326	1 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1266	9 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5536	6 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6767	171 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
196	45

	Domain	Requested by
43	info.varonis.com	www.varonis.com cdn2.hubspot.net
36	cdn2.hubspot.net	www.varonis.com
9	b.6sc.co	www.varonis.com
9	www.varonis.com	www.varonis.com cdn.bizible.com
7	px.ads.linkedin.com	6 redirects snap.licdn.com
6	tags.srv.stackadapt.com	www.varonis.com tags.srv.stackadapt.com cdn.bizible.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
5	www.google.com	cse.google.com www.varonis.com
4	c2.ktxlytics.io	1 redirects trackit.ktxlytics.io www.varonis.com
4	connect.facebook.net	www.varonis.com connect.facebook.net
3	js.zi-scripts.com	www.varonis.com js.zi-scripts.com
3	js.hs-banner.com	www.varonis.com js.hs-banner.com
3	ups.analytics.yahoo.com	3 redirects
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.varonis.com
3	cdn.bizible.com	www.googletagmanager.com www.varonis.com cdn.bizible.com
3	142972.fs1.hubspotusercontent-na1.net	cdn2.hubspot.net
3	www.googletagmanager.com	www.varonis.com www.googletagmanager.com www.google-analytics.com
3	cse.google.com	www.varonis.com www.google.com
3	cdnjs.cloudflare.com	www.varonis.com
2	ws.zoominfo.com	js.zi-scripts.com
2	track.hubspot.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	epsilon.6sense.com	j.6sc.co
2	px4.ads.linkedin.com	www.varonis.com
2	www.linkedin.com	2 redirects
2	scout.salesloft.com	scout-cdn.salesloft.com cdn.bizible.com
2	www.google.co.id	www.varonis.com
2	match.adsrvr.org	2 redirects
2	secure.adnxs.com	1 redirects www.varonis.com
2	platform.twitter.com	www.varonis.com platform.twitter.com
2	forms.hsforms.com	js.hsforms.net www.varonis.com
2	plausible.io	www.varonis.com plausible.io
1	syndication.twitter.com	platform.twitter.com
1	www.facebook.com	www.varonis.com
1	cdn.bizibly.com	www.varonis.com
1	alb.reddit.com	www.varonis.com
1	analytics.google.com	www.googletagmanager.com
1	www.google.com.sg	www.varonis.com
1	analytics.twitter.com	www.varonis.com
1	t.co	www.varonis.com
1	js.usemessages.com	www.varonis.com
1	js.hs-analytics.net	www.varonis.com
1	js.hsadspixel.net	www.varonis.com
1	ib.adnxs.com	1 redirects
1	app.hubspot.com	www.varonis.com
1	forms-na1.hsforms.com	www.varonis.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	clients1.google.com	www.varonis.com
1	hb.yahoo.net	www.varonis.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	insight.adsrvr.org	1 redirects
1	trackit.ktxlytics.io	www.varonis.com
1	snap.licdn.com	www.googletagmanager.com
1	j.6sc.co	www.varonis.com
1	static.ads-twitter.com	www.varonis.com
1	scout-cdn.salesloft.com	www.varonis.com
1	js.hs-scripts.com	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	static.hsappstatic.net	www.varonis.com
1	js.hsforms.net	www.varonis.com
1	platform.linkedin.com	www.varonis.com
1	fonts.googleapis.com	www.varonis.com
196	65

This site contains links to these domains. Also see Links.

Domain
info.varonis.com
ir.varonis.com
brand.varonis.com
my.varonis.com
aws.amazon.com
azuremarketplace.microsoft.com
varonis.com
docs.microsoft.com
www.linkedin.com
www.reddit.com
www.facebook.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q4	`2023-12-03` - `2024-05-31`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
plausible.io R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-05-17` - `2024-05-16`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-09-30` - `2024-09-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-25` - `2023-12-24`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-01` - `2024-07-01`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-04-18`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M03	`2023-09-09` - `2024-10-07`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
6sc.co R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
*.ktxlytics.io Amazon RSA 2048 M02	`2023-06-19` - `2024-07-16`	a year	crt.sh
*.google.co.id GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M02	`2023-05-04` - `2024-06-02`	a year	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-05` - `2024-12-04`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-14` - `2024-09-12`	a year	crt.sh
*.google.com.sg GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
syndication.twitter.com R3	`2023-12-06` - `2024-03-05`	3 months	crt.sh
zi-scripts.com GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.varonis.com/blog/investigate-ntlm-brute-force
Frame ID: A4D6593CBDA70D45842B4B9CFC5FF5B1
Requests: 191 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com
Frame ID: 35109AB4C8F161A06A23CCFA2AD939EB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

How to Investigate NTLM Brute Force Attackssearch

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Plausible (Analytics) Expand

Overall confidence: 100%
Detected patterns

plausible\.io/js/plausible\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

196
Requests

97 %
HTTPS

63 %
IPv6

45
Domains

65
Subdomains

53
IPs

4
Countries

5173 kB
Transfer

8502 kB
Size

68
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://info.varonis.com/en/price-quote-request?hsLang=en
Title: Request a quote

Search URL Search Domain Scan URL

URL: https://info.varonis.com/resource/t1/research-report/forrester-tei-study-2020?hsLang=en
Title: Measurable ROI

Search URL Search Domain Scan URL

URL: https://ir.varonis.com/
Title: Investor relations

Search URL Search Domain Scan URL

URL: https://brand.varonis.com/?hsLang=en
Title: Brand

Search URL Search Domain Scan URL

URL: https://my.varonis.com/Login
Title: Partner portal

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/pp/prodview-rwnjb5nrlmnx6?sr=0-1&ref_=beagle&applicationId=AWSMPContessa
Title: Buy on AWS marketplace

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.varonis-dsp?tab=overview
Title: Buy on Azure marketplace

Search URL Search Domain Scan URL

URL: https://my.varonis.com/login
Title: Community

Search URL Search Domain Scan URL

URL: https://info.varonis.com/securityfwd?hsLang=en
Title: SecurityFWD

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/demo-request?hsLang=en
Title: Get started

Search URL Search Domain Scan URL

URL: https://varonis.com/blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/secauthn/microsoft-ntlm
Title: NTLM

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/2019-07-15-16_45_00-idu24554-10_60_72_92_3389-Remote-Desktop-Connection.jpg?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-1.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-2.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-3.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-4.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-5.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-6.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-7.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-8-.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-10_png.jpg?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-12.jpg?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-11_png_jpg.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-13.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-14.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/great-saas-data-exposure-report?hsLang=en
Title: Download our free report

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&title=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks
Title: LinkedIn,

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&title=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks
Title: Reddit,

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force
Title: Facebook.

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/seller-profile?id=6ff5d0ae-b146-412d-b78a-d54d7e6a841a
Title: Buy on AWS marketplace

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.varonis-dsp?tab=overview&exp=ubp8
Title: Buy on Azure marketplace

Search URL Search Domain Scan URL

URL: https://www.facebook.com/VaronisSystems/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/varonis

Search URL Search Domain Scan URL

URL: https://twitter.com/varonis

Search URL Search Domain Scan URL

URL: https://www.instagram.com/varonislife/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 122

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=269843890 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D269843890

Request Chain 123

https://insight.adsrvr.org/track/pxl/?adv=71679u3&ct=0:ms2x9ot&fmt=3&gtmcb=246678367 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=6176d928-6d94-467e-8eb9-80ac5931bdb5&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NjE3NmQ5MjgtNmQ5NC00NjdlLThlYjktODBhYzU5MzFiZGI1&gdpr=0&gdpr_consent=&ttd_tdid=6176d928-6d94-467e-8eb9-80ac5931bdb5 HTTP 302
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=6176d928-6d94-467e-8eb9-80ac5931bdb5&google_gid=CAESEEIKlxlXpSmrHNlwThHAzKE&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=6176d928-6d94-467e-8eb9-80ac5931bdb5&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=6176d928-6d94-467e-8eb9-80ac5931bdb5&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=6176d928-6d94-467e-8eb9-80ac5931bdb5&gdpr=0&redir=true HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1wVlJlX3dORTJ1RVBWLkM1YmtDX0IwWEVGYjE2anRNQn5B&gdpr=0&ovsid=6176d928-6d94-467e-8eb9-80ac5931bdb5&dpid=55953

Request Chain 137

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1702760160495%26url%3Dhttps%253A%252F%252Fwww.varonis.com%252Fblog%252Finvestigate-ntlm-brute-force%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKfDVwkbJ1l9QAAAYx0aiMFc5pfQl8ez1zwre4xkKVS61jJnvORs37aJ-_R4C0XBtZbFPdL7TY

Request Chain 138

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1702760160498%26url%3Dhttps%253A%252F%252Fwww.varonis.com%252Fblog%252Finvestigate-ntlm-brute-force%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLlnweCfYrFnQAAAYx0aiOk86twFzbVj-0It1gevg1khcfzdgkpBP7Gwxv1RpeBdU2ZzUJnpT4

Request Chain 147

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=6814103536244065536 HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=6814103536244065536&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs

196 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request investigate-ntlm-brute-force Show response
www.varonis.com/blog/ 225 KB
55 KB 244ms
212ms Document
text/html 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

478574f99a81a68d85ec6de304a58755b7c03eeec6d69e78ef7168f14d10c2ae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 8369d4931df06be8-SIN
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sat, 16 Dec 2023 20:55:59 GMT
edge-cache-tag: CT-53575261302,CT-61509086319,CT-61509086320,CG-740355147,P-142972,CW-104582894481,CW-114784368718,CW-115642542216,CW-115948073012,CW-115948073023,CW-125777074029,CW-60280511003,CW-71662020467,CW-87397221683,CW-87930956413,CW-87944291354,CW-96126751858,CW-97266453797,E-100805726527,E-106410557973,E-108364953711,E-114794918156,E-115634408573,E-60279793823,E-60280511142,E-60281971978,E-60281971998,E-60281972084,E-73655310759,E-80785228186,E-87927120033,E-98046358057,MENU-87776709421,RA-60280510996,PGS-ALL,SW-2,B-740355147,GC-100803005043,GC-115636626695,GC-115977342816,GC-125774591019,GC-135490609319,GC-80785228207,GC-87929337765,GC-87930955017,GC-87944143779,TS-60284153915
etag: W/"6ca886543444aff2b8298c381c819787"
last-modified: Sat, 16 Dec 2023 08:41:16 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F4cgrtsJ%2BGenteD4lW68DSo%2BPIsBKgNg4o6kO%2F94zcoT2RxF8V%2FJZXFKn9JvP66Bdi8pp9MK%2FbFnC1Z4eiNPpYYoYVCN0LrJ%2F2yFIU4erjO2Tl94kWyI1FTFxNEoGtdU8w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cdn: Imperva
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-id: 53575261302
x-hs-https-only: worker
x-hs-hub-id: 142972
x-hs-prerendered: Sat, 16 Dec 2023 08:41:16 GMT
x-iinfo: 4-49834807-49834810 NNNN CT(1 7 0) RT(1702760158321 7) q(0 0 0 0) r(2 2) U24

GET
H2 200 project.js Show response
www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 33ms
27ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 2ba2ffa46f6a4bf7dd5bd07c9a0879ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 3281668
x-amz-cf-pop: SIN52-C3
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Miss from cloudfront
x-iinfo: 4-49834807-49834823 NNNY CT(1 17 0) RT(1702760158321 230) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZoJpb4S8XtvrnJDTRaP6PEcYooktdE5%2BgMCGKEpD1olSqZYYqIRb44IDf%2BC0yKP1HbNZgS0CGOr87ExQNbkkuJKSNLAbeTHoQXKyQZiAH6uvASehkkpAhuSB8z8kzN%2BkmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8369d49468d54a5f-SIN
x-amz-cf-id: SMWTRlYwHuvqFBqXNAqQnR30Gsk-UfSrycMF6zcz-vBYbLflbdkDKA==
expires: Sun, 15 Dec 2024 20:55:59 GMT

GET
H2 200 prism-okaidia.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/ 1 KB
1 KB 35ms
9ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/prism-okaidia.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf31d510ed313a8566d08e9b4fdbf94a0a51b35718372bc4bc75d6ff5c8282a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1455043
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 518
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-206"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVQfeslJfUO2ppeLxwu6yo%2FLmQB9qVGjLggUOCUeZr%2BkS0U73GdIfJCd1uNPeiHaG0ThBqbA8Wk6zzpGvHpuDojriMfi5ExOsAUy7JaLvkVIw7DfMsVWxrQMunwR4vj6Tnhx48LUd41SziASv2bLLXuM"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8369d494897340dc-SIN
expires: Thu, 05 Dec 2024 20:55:59 GMT

GET
H2 200 jquery-1.11.2.js Show response
www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 40ms
36ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 b4ef37917b36c601eeeeb55cdda4288c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 3194810
x-amz-cf-pop: SIN2-C1
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 4-49834807-49834827 NNNY CT(1 11 0) RT(1702760158321 236) q(0 0 0 -1) r(0 0) U24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xFzAaFVEHZIxAzpEZ8mEYCEAGiQO8ciO8TYbBrv9QAx7k4%2Fk6H6wlo7atw7hy7qEW8FHPbkd9wlHx6MjBaZubqEsZyLfVgmUFWhZ%2BF5t03s5e35OCVHq2exD1oYj1Kp9ew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8369d494786c7972-SIN
x-amz-cf-id: oUh9wZo0_91BEHl8Ye9IsMJhuvJOiH8Lk-A8sVZma8ZdZVDyZMLx4g==
expires: Sun, 15 Dec 2024 20:55:59 GMT

GET
H2 200 blog-no-code-styles.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/ 46 KB
8 KB 286ms
260ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ed2a2edca25cc1dd846e20cab22088d9c5b7991f52ff78f8ed21930fe92ad46

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1551260
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"ee303a3eadd35fd691e5a50c469af706"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779172809
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b27d4992-aadf-4ddf-b76a-5ba4028c6587
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 170
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: b27d4992-aadf-4ddf-b76a-5ba4028c6587
last-modified: Fri, 11 Aug 2023 18:39:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9g8EV4OrwP7PMBpo1b9gOJgLjfuY6wKnpcz3S8ZBoYv354w3YLpaNctF4A9RSAnm1Vlh%2FTkyST%2FB7j68Qei2ZiC1IHM0PH60WB%2FrZ6HvQdnwAChAuQDs01paQIRqzBCi65fR4Q2J07B%2FCIItEiQ%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray: 8369d49488833e2f-SIN

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 20ms
7ms Stylesheet
text/css 2404:6800:4003:c1c::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Mono:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1c::5f Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7c0fbbadde40aed1e86f4c46ea2fc1a26749994e48dc90a5bce7fd466712d99e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 16 Dec 2023 20:35:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 16 Dec 2023 20:55:59 GMT

GET
H2 200 main.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1702336745229/hook-www-varonis/css/ 106 KB
19 KB 504ms
479ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1702336745229/hook-www-varonis/css/main.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a97bdd40f83b7cf9276b4a6870fc0ce9bceda582ea14c1f2d79e52f3968b6c2

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 421765
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"6c1ac9ec385a033aaeffee817fd47cc1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702336746358
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 37e6f211-df26-49b3-bc25-03dca4bc7d76
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 200
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 37e6f211-df26-49b3-bc25-03dca4bc7d76
last-modified: Mon, 11 Dec 2023 23:19:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQygKfDIHojUsTRp54OzctzSDzqZYQJASHGgFZBM1vJBjOMxAvSCHL1%2FLN3gjWcblJtcU4ixEEptmYMHJ%2F1B%2Fqp9HXp%2BgNDUzvT4WHFy9O9css70jWJaX6l%2FnzNCTy9ZW%2FQsupdKnOlA8vsdM8A%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-57c4dd85ff-8jlkw
cf-ray: 8369d49488823e2f-SIN

GET
H2 200 fonts.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/ 2 KB
705 B 502ms
477ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/fonts.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1269212
x-amz-cf-pop: IAD66-C1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 13 Apr 2023 19:31:15 GMT
server: cloudflare
etag: W/"97e878d1ce8d38d99c26c5232d3e6c7a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681414274070
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D7ilohmA8iQ36rQgIQbaXVOQsdVHkUvxTTJadjiexOjeLcBbdRghobERz%2FAExxeys2lXupFCJmH4KLh8P71tqJ8grJG9Et%2FMUy%2BHAbaq1AMrT97nivdky6nh6UfWuY8GRZMzkTdyKvAIyhbbzDc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8369d49488813e2f-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_71662020467_Announcement_Banner.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114924139/ 1 KB
866 B 504ms
479ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114924139/module_71662020467_Announcement_Banner.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ffd7ab24503a28bb9eb6137b4d1e1664ed138dca5d1ced6d1a98ff841a24541

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 70197
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 30 Jan 2023 21:42:05 GMT
server: cloudflare
etag: W/"dc5b8e6da3be06320569bf90cfe1b4c6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1675114924139
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MOJmv7Eyng6zuRxp5OkaLqahxrMeOxm9wdtPPvSF7YPdvMY2Rjb8rnGQGqW5ilQJE%2FHnnhNvLfzDX%2FZKpZWluDe%2FOjdIA%2Fav0ygQYBU6yJvx%2FCc0ZqIMIjI%2F%2BgJOKZB8DcRGx67gh1Jdz%2Bs%2BKtY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8369d49488773e2f-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_97266453797_Remediation_Announcement_Banner.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550133721/ 2 KB
1 KB 292ms
267ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550133721/module_97266453797_Remediation_Announcement_Banner.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f31e1ce1202bc0ee8105deb5885a4b7b389b2cf936bff83f05032c8a2cafd0a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 178060
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"25e2f39fad365df55a45617ede2ed5ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550133721
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9e519d8a-8b78-494c-a47a-dfa413f7a1a4
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 184
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9e519d8a-8b78-494c-a47a-dfa413f7a1a4
last-modified: Mon, 03 Apr 2023 19:28:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5HPTqyweJu10EqNTgosFiuV3VWpUf2Tx%2BKSdqpHcLg2KlkHf22gBxkq8a8oJINM890kJDDzkNxQXgyfWQTGCZ7UyhYwdz0SUlXUj%2B7acbokhsMCEyUln1YA3jXfJyuqflFS0W46xr%2Bm9CsvlDU8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray: 8369d49488783e2f-SIN

GET
H2 200 module_96126751858_Site_Navigation.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030600211/ 14 KB
3 KB 258ms
234ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030600211/module_96126751858_Site_Navigation.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45c7614c18a99d6d92d12cd7f4f06a07ce88256882a8889574d265fc32eace0b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1561947
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"1e14b5836ec1ab1e8354d2661a31a88f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030600211
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c277c0a4-2c0b-4be1-9fd8-22314547cd49
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 178
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: c277c0a4-2c0b-4be1-9fd8-22314547cd49
last-modified: Thu, 03 Aug 2023 02:43:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lDDEjXvJjSfd4HyHEsfS2ldDByGl9MKN%2Br0qCicfttjvbyCESR7EzXGRHPwSsUZyJtCrd%2FYzQmBoq9i37r8s8hJPvhr3fhKj1VwS8GPe05irXsFMVlCFgYqh0fINTG1RmplTbrzWVzVo6lodOlA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-hml5r
cf-ray: 8369d49488793e2f-SIN

GET
H2 200 module_125777074029_Navigation_Submenu.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210033148/ 2 KB
1 KB 287ms
262ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210033148/module_125777074029_Navigation_Submenu.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ef71ca3de1b4e89664ec102fe490b2abfbc80350253421c50a31bd3b22b9722

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1452692
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"4d29d054ec06349f29591688037aa80f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210033148
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 4d55eb47-d623-435a-8413-256bb8a12d47
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 163
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4d55eb47-d623-435a-8413-256bb8a12d47
last-modified: Wed, 16 Aug 2023 18:20:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=10AzQxoS5FmBAvx7XVm4itsx8FRwWUGyNPSgnnHfJg%2B%2F%2B%2FYDsSqV7Raruyt8D57FhC58AtgjMdV8lTMEGRH4fuFB%2FijP8chyJ8e2LeU27JF6J%2FYgmBUDJt5B%2BQGimg5FVo8Wec9iVcTo0Wk21Sk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 8369d494887a3e2f-SIN

GET
H2 200 LanguageSwitcher.css
www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.11/sass/ 1 KB
1 KB 39ms
36ms Stylesheet
text/css 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.11/sass/LanguageSwitcher.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

957a85939578fa14d2371922b58dcbf67f9b769e459f38699ceee6a84751134d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 0676a5fe6935c768360b164abce6620e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 1383040
x-amz-cf-pop: SIN2-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: iXRaVI6gvNO5oDb7NS9VHG_l3VoXX6Hh
content-encoding: br
x-cache: RefreshHit from cloudfront
x-iinfo: 4-49834807-49834825 NNNY CT(1 14 0) RT(1702760158321 233) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 10 Mar 2020 17:42:28 GMT
server: cloudflare
etag: W/"116ce0ec359fc58e099de58c90ed35b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=virRahyfT3qUQQzN8zDCgJO1h%2FIDonIx3w0AUG3%2FBUjJgNRnyM3lBN%2FR8iHXFttEGPclZvKrOAHoTCxERRBW07eX6qAOxUyGpJzHH%2BzpvFWziYU1OQAFX%2BXphoT%2FhA576w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8369d494781b44b1-SIN
x-amz-cf-id: VYsGVsHva9ExruEJUJUhe6yJ5Dk8O8M42Xs4hWbGYvTm8vp44S2MUQ==
expires: Sun, 15 Dec 2024 20:55:59 GMT

GET
H2 200 module_115948073012_Blog_Post_Header.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073012/1697137854894/ 2 KB
1 KB 290ms
265ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073012/1697137854894/module_115948073012_Blog_Post_Header.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a1f86c63c2ee772b07a6f678e7f8cd51b3aea064d83423eb213fb1df9d6b34c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1545973
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f5bff8587da6703942d1e04601fb2ccc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1697137854894
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: e6ed99ec-5dcd-46db-88e1-4ff3a609190b
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 150
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: e6ed99ec-5dcd-46db-88e1-4ff3a609190b
last-modified: Thu, 12 Oct 2023 19:10:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jihc7%2BmOPC4ZbJQME4MrePCbmVzz0NV0FNn6f6bYbpoZsTD79qSanrL5ghTRCMjSvoTxITSi%2ForpNC%2B03qn441zK3%2FPWrebX2sA41dU9elllJSRt%2FBKf%2BX6D2YZwxgGb%2BgugZ7%2BCoKixkotQlp8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-q8s24
cf-ray: 8369d494887b3e2f-SIN

GET
H2 200 module_115948073023_Table_of_Contents_Sidebar_-_Global.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779300110/ 758 B
919 B 293ms
270ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779300110/module_115948073023_Table_of_Contents_Sidebar_-_Global.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0420b36738d9457c3f40a67c69135b170861becd9bac983563b3aeada5287aa4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 599040
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"af2e09f2a3860d065ab2b884c54bad8b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779300110
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 82a4b7a1-efe4-415c-b255-450589605d86
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 168
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 82a4b7a1-efe4-415c-b255-450589605d86
last-modified: Fri, 11 Aug 2023 18:41:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2FIixK%2BCAUHY7pZ19OHyc6wp3ofOGKMUXJXvXiBX6Lla7c5%2FgL4FjyXJrDHTcT0R7I0JW3ztz8rQnwQT9kPtY6rueFC1GOMoI9PLMR%2FuO8Jhxo%2FOQxbhC%2BF%2Bd%2BD3UfAQncgpXG827BQ5Qj2zRPc%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 8369d494887d3e2f-SIN

GET
H2 200 module_60280511003_blog-form.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832789186/ 3 KB
1 KB 251ms
227ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832789186/module_60280511003_blog-form.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e2924c80f612bf59a0cb21d31b05f0575ed143922e412e3e061bf02f5d5960a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1545973
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 14 Mar 2023 22:26:30 GMT
server: cloudflare
etag: W/"0beb1a886bb335c582b07556399b13e8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678832789186
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e8nrMfVY0BpBqcO5DZqirB4ZB8PLMi6tvsyJPVsIZoEBikwKgFXpD6lrM5gKnlSKHW3KBYneDk1aGMyDm%2BGf1Rx5EuNBhqhRMTR%2B17qb5PH%2FFQb9mn%2F300YPjaxhxMZ3Ji%2FMtY8wCH4z0ZOV85A%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8369d49488873e2f-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_104582894481_What_You_Should_Do_Now_-_Global.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/ 46 B
894 B 299ms
276ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/module_104582894481_What_You_Should_Do_Now_-_Global.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8499144a67d70c01a19de99fb20ca5e7da3337e44814419b9a9c867da619b2e

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

age: 1545973
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: "7e0b52d7773d1bdc69885fe97aa20285"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692928068437
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD66-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 169
alt-svc: h3=":443"; ma=86400
content-length: 46
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
last-modified: Fri, 25 Aug 2023 01:47:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ce5GiGrkrew6F2%2Bq8MgdgZB3rnLmRSlSub%2FgZiNjL038fw%2FzI64IqkD1u%2BVL1Q8Nhj5X59E6xL3RJQAfw2Af%2F6YN%2BZm6w86cmZylcKiBTgE1jHTq1ATZTLJHdDEi1mHUzogDc1B04%2BzBpBAIb84%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
accept-ranges: bytes
cf-ray: 8369d49488863e2f-SIN

GET
H2 200 module_115642542216_Blog_Post_Conversion_Panel.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115642542216/1684180718003/ 2 KB
1014 B 492ms
469ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115642542216/1684180718003/module_115642542216_Blog_Post_Conversion_Panel.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d514e3fc3d638136890b4a1f61d2f861af3bbd8f997ca15685efbd22554538c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1254668
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 175
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5119b3dc-4a97-4ee2-81e9-253064842a10
last-modified: Mon, 15 May 2023 19:58:39 GMT
server: cloudflare
etag: W/"688ebc7b9f5e3593cecd51eb92e4c6e6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1684180718003
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C86PbSS5I%2F%2B3uVkZkTYsBdVHpPTC4vrXHoTtMx06gqgUuk6owH12rTd4IHgoAm3%2BwDhi0XAjTzU4iV4FkgryFFkdNOqoCXKJqB4oh%2FRZ9bgUyHMiCCwF99SwI7DDZUrGAtr2cCWEOfCuhTqOBiM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-65zd4
cf-ray: 8369d49488853e2f-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_114784368718_Blog_Keep_Reading.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/114784368718/1684524759023/ 2 KB
1 KB 495ms
472ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/114784368718/1684524759023/module_114784368718_Blog_Keep_Reading.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1a1846f2d4d1abd1379f703e256e92f3b4b138f6dc90fdd8c99c58b7ca43457

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1453572
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 116
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 96dd81bb-9126-4eac-a5bc-abd140019136
last-modified: Fri, 19 May 2023 19:32:40 GMT
server: cloudflare
etag: W/"d922d55fec70ef38b027578f64a0010f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1684524759023
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xr%2ByaegApXSUoDx79MZ96KsLkT21lGGPO9PCvcxgH64h2yce5mjybf6ORgNW9Dei7vg%2BT2mGTPf4%2F2Znur%2F9wr73Ph2FTWD%2FxbG0WqtFutpyKGsbhkBzpR3lkV3YL5pagQdoTL%2FsQ4oPtFk9svU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-65zd4
cf-ray: 8369d49488843e2f-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_87397221683_Footer_Site_Directory.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310897/ 4 KB
2 KB 306ms
283ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310897/module_87397221683_Footer_Site_Directory.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 456766b19e4bca3d3e998e25a416376f2158061b925f28f32527aee2ff1e28db

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1536005
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"8853d36396f354f645f3057dfc260fb6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310897
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 360d6228-1ab6-4362-ab1f-c18abd614486
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 142
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 360d6228-1ab6-4362-ab1f-c18abd614486
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNBhiiximn1XwTDVm0KXKao7dkhTc4YWt9%2BfZHS8I1HcUOLI6Jy5xXFBgUAHA%2FsdXP65c95q7oRSdt03vEXfJ7EI3q05JnIuOPNH5LcqPfJm2LsUGWCRyQAYWLRdFMjGKRdZUAbYOSDJCCLu934%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-j7nft
cf-ray: 8369d494887c3e2f-SIN

GET
H2 200 module_87930956413_Footer_Legal_Links.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87930956413/1678467830039/ 207 B
864 B 494ms
471ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87930956413/1678467830039/module_87930956413_Footer_Legal_Links.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f08978088fd2635efee64efe38bdf155d6258f8b547fca43381435d0048ce46

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1545973
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 18
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 10 Mar 2023 17:03:51 GMT
server: cloudflare
etag: W/"96007886169fd0ec341d641653f4f98b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678467830039
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vTc6INiCCEQWNlHFsokOdEyNXyD%2BZ8jAZ9H2TTgUe4fV8CdbDyaXST9eehNt0jMSgF25b2%2FczYl9UdMyR2H9b1xSEV9bwWeQ%2FeRAXuSuHL0pqAdBI2%2Bjuoxy75dNIeg7pyK1xISej1r5NwoJAdE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8369d494887f3e2f-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 18

GET
H2 200 module_87944291354_Footer_Copyright.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87944291354/1674235657411/ 45 B
777 B 500ms
478ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87944291354/1674235657411/module_87944291354_Footer_Copyright.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce52d3c9ed8217ae0ca3dd0479d5ced16baf2de6625e0c81166471aaa956136d

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1453573
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 18
alt-svc: h3=":443"; ma=86400
content-length: 45
last-modified: Fri, 20 Jan 2023 17:27:38 GMT
server: cloudflare
etag: "c54f91357d03928424b38f6d19c9c224"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674235657411
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EHtErdGo5pNhLDEfu1%2FOh1B1kKwfAhTmGJ3GsD%2BJD0Z9jTHkLyYvjaFdUTtVZzvFl9uT%2Bi3UUKZh%2FXYJPbu4NXa3T0rGr92PdnmWoChZCoiFREv%2BLaU%2BWioiGUft4xDtVDqZaUCajWYpz7mPlss%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8369d494887e3e2f-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 18

GET
H2 200 plausible.js Show response
plausible.io/js/ 1 KB
1 KB 539ms
174ms Script
application/javascript 2400:52e0:1502::1059:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.io/js/plausible.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1502::1059:1 , Hong Kong, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-HK1-1059 /

Resource Hash

021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1059
cdn-cachedat: 12/16/2023 20:08:26
cdn-pullzone: 682664
cross-origin-resource-policy: cross-origin
application: 10.0.1.2
alt-svc: h3=":443"; ma=2592000
server: BunnyCDN-HK1-1059
cdn-proxyver: 1.04
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: public, max-age=3600
permissions-policy: interest-cohort=()
cdn-requestid: 6fd37b489297becad6d0d1cfa28ff66a
cdn-requestcountrycode: SG
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 43ms
9ms Script
text/javascript 2403:e800:e80b::2a63:8cc0
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2403:e800:e80b::2a63:8cc0 , Hong Kong, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),

Reverse DNS

Software

Play /

Resource Hash

4c42962a901819fd2c6b69555f1e115b90f3adbb7900c15b74d9685dd7a039ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
server: Play
x-li-pop: prod-ltx1-x
x-cdn: AKAM
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-ltx1
cache-control: public, max-age=3600
x-li-proto: http/1.1
content-length: 163638
x-li-uuid: AAYMpqvOwBseknQOEu50Kg==
expires: Sat, 16 Dec 2023 21:50:46 GMT

GET
H2 200 Frame%2036-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 59ms
51ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1372846
x-amz-request-id: YXXPSWSJZ440F6Y0
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834830 NNNN CT(2 9 0) RT(1702760158321 256) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"4a0280ec41a09339bc32b34cd26d66f3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428417394
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 32700c539a5f821aadd3624288c4aeb6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YmacvXukdtrqgcUXsZZPYD9p7.OCqpBh
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: deHgpuz3NXp7gHbUOn6qBSV3tdztyP6c+XjN1es/HvaYqPVFlh6UW0WVL40bogABRGj1VGJtrNk=
last-modified: Tue, 11 Apr 2023 21:05:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNWDG5w%2BrsAEUu8U2Nl%2BhW1vWfcZoknrlih3enlknFLhcVtZzn6IUEDOUvYQQVyaikjt%2FCUya6qx8ghT2m%2B761Aqy7sjzrzovTcUZqpOruBzh8eMvWwevDJaApdaf2jqWiE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: BSpQcuVTN3UmVx/yZ1zwBt4OfmUAAAAAD56x2kv+d5svOy0St1jpeA==
cf-ray: 8369d494a9b64b8c-SIN
x-amz-cf-id: rG_iues35VDh8bm-UXYw9kBe3EQ96RtJ3bLYJtKV-JODTOexHf-QyQ==

GET
H2 200 Frame%2036%20(2).svg
info.varonis.com/hubfs/ 2 KB
2 KB 60ms
54ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(2).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4450600125b5cdb5761654bbe725c5b4fcbc8e1a89f0a14b20f77157afc5715

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1374190
x-amz-request-id: 800W8BQQ3729N265
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834832 NNNN CT(2 11 0) RT(1702760158321 259) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"db75d74e33e96cccf27b2b6b95161418"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428486763
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 90cdff7228f895ed6ae34a9448571062.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nlQ.JNOv_1Z2QlY4vh553LM_j5Qk51Cs
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 09S2XyVPazzdAt7gFsOPFfg530f9fA2G4etwt7Xvzqs8niQcnkUYMmNqoXVcCHPrq2skL4vQ0q5Sc6YBdfHKQQ==
last-modified: Tue, 11 Apr 2023 21:05:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1roS%2BtJhSdS5mH8rHZnpz97QQL50k0ee0OFggySTMHRJK%2FJ%2BVNNPQLZ8NZ2wlJE6b1jugu2WlIQuh5xCMYkv6iV8tjIflBLnk7G2yUuSQ9lLAM3N3wVZl8LXzhQuDbbek94%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: xZq9A+w0JCwmVx/yZ1zwBt4OfmUAAAAAnNIlRreJTxA6OfmpTkOz2g==
cf-ray: 8369d494ad7a49ba-SIN
x-amz-cf-id: oDs4MJVk2RgkgoJSgP_DbCoWltXCrNMDzgJ8tvHl6T3PPgKgvJnVOA==

GET
H2 200 Frame%2036%20(1).svg
info.varonis.com/hubfs/ 1 KB
2 KB 34ms
33ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(1).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373676
x-amz-request-id: FGKVSE6GN16QZ165
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834832 PNNN RT(1702760158321 310) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"7cba335c1df43bbb31b831c70444dc5c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428464410
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 e93c671d969240be8a6839ba09d3b732.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: jQIVfYXDwJPgRyEKdz3rJ1BSaSxuz0vz
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: +DNZLBnVXbp9Ql4ibBIfYyHlnEhGuHzPs0s7BG6qePNfcVGqBRnKJ4/4Zfh/2vD7NpMbN86rhlY=
last-modified: Fri, 07 Apr 2023 16:37:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YmZUtFvqTL616wuKbPv%2F9aL5MZMnDNWNrf7X7ApKsyeTEx%2F9SQjjnBC%2FpjJzY96atf0N0vkzQ2ZmI95RaRi%2FoXHjEnJjlgMMuhfiyBVVp%2B4NYyFD5W9ZLbt%2FUhOq3Mm5lWo%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: IVGtJyej/D0mVx/yZ1zwBt4OfmUAAAAAyGPNF06+GKkjAXsOnhVkuA==
cf-ray: 8369d494ed9249ba-SIN
x-amz-cf-id: gZG1-rhdt6fan4iRcgftScRbi1nMAJrtYU7OCXDJe_X9rfhHPRE5Cg==

GET
H2 200 NavIcon_M365_2.svg
info.varonis.com/hubfs/ 6 KB
3 KB 34ms
34ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/NavIcon_M365_2.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373501
x-amz-request-id: 8GYCMN5BFDH47MD6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834830 PNNN RT(1702760158321 313) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8bcc6d027ad47e870fe16a237dc73bfe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674081974689
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 5482351e8bcb93be701264b475dd3018.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: zwSqLSU0xjuOBDaiT8xXQbFQQAf95O6P
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OThIQ9PNvZVOIOgI8wKHKKx8IwCG04B5um0cY2RdADMa2+/emOj/f+AsrzwNaxv5qssvpzNXyZE=
last-modified: Fri, 07 Apr 2023 16:33:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5EAvZ3J1d1J26kkpO%2FOdbpUAOHWWsaWwdd%2BTumNQ%2FZ%2FALPHO6CeTh4p%2Bd5w2tahqn1MGcqk1U8CxYvwCETqIYOpPb8VZfl1zfFO9VJqNoC46hcqozG%2BU0fKaMPcfA2KpmVk%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: wHswGS2lN0EmVx/yZ1zwBt4OfmUAAAAAiYsd+eHSepFr+Z8RxMtayg==
cf-ray: 8369d494f9d84b8c-SIN
x-amz-cf-id: l-5gKCyK4nnyvEZRKrdDVu-cQpNZ9o5h8y-Z5WneBasogtJs6oSWAg==

GET
H2 200 NavIcon_AzureFiles.svg
info.varonis.com/hubfs/Web%20Assets/Logos/ 2 KB
2 KB 28ms
27ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Web%20Assets/Logos/NavIcon_AzureFiles.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e648da8a366d494100d90e0af69a2945f34e53a2c70432ea12c0303039f2351

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1376190
x-amz-request-id: XTJPJB4EVKQVWA55
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834830 PNNN RT(1702760158321 345) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"39f1c52d2cc888b95c60463165cda36d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691417731365
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 bbdef00245eb23edcffbb5c502699edc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PQz0I5ZDy7h_rRyB67TOq3xY2tYQaD.k
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BamCQr1NOwwJvYW4495BlHIEfxX2ablpCT8w94PHz9ldYiZi9U8bSZ3miRQrO89BMQZialUMlRI=
last-modified: Mon, 07 Aug 2023 14:15:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vD973IwX%2FUCn0pSqsx9gjgOwjMrHJN1vF4eie9M6RJXoDHkN4%2BEGrcRCsqSjEJ69%2BN06h2WdYKjs4xFlDpgN%2FKnWhSVPZck2eXZI83M%2BJrcmwpV309%2Bg1cXwMPBMSNEyOOY%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: UX76CtCucWEmVx/yZ1zwBt4OfmUAAAAAYcwKWFSd/r0ojsSnEOqRHA==
cf-ray: 8369d49529e64b8c-SIN
x-amz-cf-id: QfoS17ali2be8p2LaQ3-UnG4DyrXT82zWc9Nh06k0cCLwQCzGBMyKg==

GET
H2 200 Logo_Windows_Full-Color-1.svg
info.varonis.com/hubfs/ 480 B
1 KB 42ms
32ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Windows_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db1e2dc64218b7044da50d01d0ffb83bcdca49a35b1ab7ffcdef6736863986cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1370220
x-amz-request-id: Z8ZMX1CGAEYEQJGP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834830 PNNN RT(1702760158321 770) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"d694fe76cecc0228afb418373de25fd7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429615523
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 b12493f4f82b360a236f87474564427a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .uN1VY8fE_6giU8Wl79_70fP6NJlVGUA
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dZX1fB60nVQdmCFq3ObKFVp4F0HgMWHXXgFt9hAinNSU8CfT2vnZAWKPmAQgz86my4keWYDXXds=
last-modified: Wed, 29 Mar 2023 16:37:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvxBypNm2F1y0LPUhXvBSTQbt98HcB77aelezCytLF1wDVoFWj7eEbI%2BRd5E%2BuNmmgvnJHXY2orlhWrLf65MKEDCpZgldlXFrbXb9ZNIIPb9WRo%2BH8O7pAZ3IzhW4v9jz1Y%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: ppvyCe4wSngmVx/yZ1zwBt8OfmUAAAAAQc/eMVzRaZ9ENHWb2oJ1iA==
cf-ray: 8369d497cb334b8c-SIN
x-amz-cf-id: xVPl5ABZUaLCCQ_z-_uCYpyLN428OnUdcLTLLfL2MJ8ZSbM0lrrmJQ==

GET
H2 200 Icon_Windows%20AD_Full-Color.svg
info.varonis.com/hubfs/ 308 B
1 KB 62ms
52ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_Windows%20AD_Full-Color.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a40943594d5eaaa010c66254e2dc4a83d8bc53104602afda2e3b622b8e78e2f0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373055
x-amz-request-id: YRPF1KTZRCVE17AM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834832 PNNN RT(1702760158321 771) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"cd83460848cbb057d8576e5cbd227359"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429626407
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 d5395aef0c58da123cbcc801b71e308c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: j0AZK7sFXh11TgqH_ROdfL.gi9gjKDU7
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: M5gAOG4YwpfGizhNZihddtDqVZlfXpMYjNrmrfJHdOmOPMHt+EsT6V0AS0CmflgGYV5efxBeKio=
last-modified: Fri, 07 Apr 2023 16:34:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uEEJ0fy1U8ZVCGLe90Os1E4EMJYRvaTG4YIMTzEiEnqv37NbHs8CRDslaW4SmKY3mXiq74aNzEmROsZc%2BvjfJdBjAhJcigPbhOuf58IoLnA93pWUMux5v8f0MaJGAqBX%2FAY%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: xmLNXS78tUomVx/yZ1zwBt8OfmUAAAAAHNSoaL0VHuOsvQujOokJOQ==
cf-ray: 8369d497cf4349ba-SIN
x-amz-cf-id: i5Bow0yPX344t6aR2V0aRVGypgNkt73xzpUIJwstduHrcRg8rXPoRQ==

GET
H2 200 Logo_GoogleDrive_icon.svg
info.varonis.com/hubfs/ 1 KB
1 KB 63ms
53ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_GoogleDrive_icon.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b40e79c5d412914e928d19e3cda375d940ed037dd6a1f6d7613b894e39898094

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 259130
x-amz-request-id: HNZ4WQZ03QAPZ669
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834891 NNNY CT(1 26 0) RT(1702760158321 772) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"5ed1993efba372d504a94f9cededf3ac"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429633320
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 84ca4da5a7ceb4bccfe9632e4992597c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: C55Z6MT7XpHwV8In.o_V0y0xhp5ppwr0
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: IUuWlNtU0sTZDi3IFUepoUyHu/5wkkLIQFRsawGJfrXLDw3sjqiYNixqQyJu56DQccIrT9OoQljCVW6sWTdeQw==
last-modified: Wed, 29 Mar 2023 16:35:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BtHjI3oV466bSSvGvwkJpSBMmk0HJnXhVHj1XkqQiL3yrsZNkDpg6TAmpVz872zqgli34CdPeJmNTeDWgyCC3KXPOUVtaFJO3cHtS4bwGdezwvSeRRI79j1bIINvB64g4E4%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: betncs9lD30mVx/yZ1zwBt8OfmUAAAAA1rwBGelf5slSQEyF8WYd9g==
cf-ray: 8369d497c8d540ea-SIN
x-amz-cf-id: S2AjK0YR11IPw4Cnh2FntpQS5k0EAl3mvDW5jyFaaQ-TWqe9ssbvvg==

GET
H2 200 Logo_Salesforce_Full-Color-1.svg
info.varonis.com/hubfs/ 12 KB
6 KB 135ms
125ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Salesforce_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f24b7fa64d8f44ddd36d64d9a647d13caea3756513d97abd40e3c8754efc63b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373750
x-amz-request-id: 2S400VZ0BZ8CZM41
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834893 NNNY CT(1 23 0) RT(1702760158321 773) q(0 0 0 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"be309990b75f168448dbfedb6fa65e11"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429638821
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 81ca2982b40de033ec660f6290bc0e20.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tAzo3ayGAIUKFNkzvo1.OA9IZRoodnWm
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9KQDMXbIn/oliODg2EcjtfE+V5vz/a92aG1tE1k4/CzA/t58pBh7LfJieziq6qY9l9W4Ck834kw=
last-modified: Wed, 29 Mar 2023 16:36:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c3UqsjmluJnkATiF4q4%2B8RIFi%2F%2FPRyMX37irJNODDIPeFEOjXfoJAeSDoI4AUK73rz5goH%2Fu0t3EcUi1FzMBBezrvE52dQVQo3MzjrUPhfbxPEJre04RoszoDTrvbz6pQ1w%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 3CgpSd2s3jkmVx/yZ1zwBt8OfmUAAAAAg1EgdfzJYAIsKcO2D8NX0Q==
cf-ray: 8369d497cb1e4acc-SIN
x-amz-cf-id: wpnU2WEANnSrHvYGx_BnPqig8a8BhGBoGufVDHJaFm3jfCAtSyoTXQ==

GET
H2 200 Icon_Nasuni_Full-Color-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 63ms
54ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_Nasuni_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10426b160a932ef2b98908d2f32aca756777f9d0a90ee2d7bc334cb1629e0ddd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1371095
x-amz-request-id: K1SZ2TYN1CVTSA12
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834895 NNNY CT(1 20 0) RT(1702760158321 774) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f0b0eaa5332ee7de29889d93840bfc0f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429645009
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
strict-transport-security: max-age=31536000
via: 1.1 90cdff7228f895ed6ae34a9448571062.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KGxnFvJWYxjnwQ.jwg9Mt9Io5nzlo9bc
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vv5Y7HaFTqOSpsBTSvLVwtxysYB+FLdhhJ/VSLVlkcoJS2vjNWUth/5tUmCO7sf7EqjqFXDOUaE=
last-modified: Mon, 03 Apr 2023 21:49:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSg7cbt7idPuPtdccGh0%2Fjjqj99sVY06fEhXKn494eX3NPJMSHPXpsjvtSUBn9cZp7HbwfKaHWBUQr2AvlE2%2BoeuHtdXPDNe%2BQiIni0gvQR6T%2FXXR53ZQPJaJ2SMy12ti0s%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: aIdJCF9SNE0mVx/yZ1zwBt8OfmUAAAAAmM2zHN6uQD1ITMpjk8/Rkg==
cf-ray: 8369d497db993dad-SIN
x-amz-cf-id: J4lOG-p4zub8XmqICbDSn3vlSpFMQWcnAS-F0vhVf04MEbXgJ2hRRA==

GET
H2 200 Icon_UNIX_Full-Color-1.svg
info.varonis.com/hubfs/ 13 KB
7 KB 65ms
57ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_UNIX_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5db5a02e960dde70bbf77fb6d28c61d4f6b5c291b3dd08d76a678d17c2d96420

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373749
x-amz-request-id: 5AFKJ57DKWB3NET4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834897 NNNY CT(1 17 0) RT(1702760158321 775) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f95d3f7607cf257b1cd570a34d5e7499"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429655074
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 43ea48c3f6365b58e0e610399bbffb40.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: TAyhZrsomXl28HGe2LLLazlL86PmY7x0
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 6v+ZroaifFUY0ZnBApGZ6i9+8adOqOXxhEq3oPyBe4IkWqtdWv/SAjM7vNNM05aYCjVZxNadfiI=
last-modified: Fri, 07 Apr 2023 16:34:48 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GFNysc6l8fH%2B7pIp7HFrda5bGc4fHlakajRV8AL2ikbHUGO%2FQvjoV7cEbvYhUDN6MuhgouHp4jza5hpMb3jV7f1MLIbFDjCqzZF%2BqqwnAsLavLejCwHgbAzukfC1wxRKCkE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: PTpxDEQvnFMmVx/yZ1zwBt8OfmUAAAAAryo2pSYbGK5giZa53utEbg==
cf-ray: 8369d497df6401f6-SIN
x-amz-cf-id: Ib2H5kIJpwWJMY5xb7WItcv944Neu2kDSyrDccNpoLo_v6cUXt1dUQ==

GET
H2 200 Logo_Box_Full-Color-1.svg
info.varonis.com/hubfs/ 2 KB
2 KB 79ms
71ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Box_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0adb972147098e0e4d6abbd7b83952363c8eab82429760136816142d675e321

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1370241
x-amz-request-id: HNZ54AR8A91XD3KA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834830 PNNN RT(1702760158321 776) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"12fad58f529b97c18d6081296d804d47"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429662187
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4bnH0nYJLrnJYB2scTeniXFFZf3HM_Ur
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GdKbjDYUquU87mC5gZ+JQiumkasapduRm3qMBq8RdjBLLYXfGoGgQJUv42VaSqQGBKOjvuuiRFw=
last-modified: Wed, 29 Mar 2023 16:36:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k47ONYyjH68vwFYYQr%2BjSpYgkV42WhTff0zHBaFCPs%2BcsoVe%2F%2BBD3BlnJgBHOSpFL9zRpO7URhJ0kk01boW5cl9kqs%2BDiahGn5%2F2Qc2Nb4Ns5XWyvhra7CybWM6wIKfw8h4%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Sl0VFuKJRn8mVx/yZ1zwBt8OfmUAAAAAi36ERolU1D0/ADKNAtrGjg==
cf-ray: 8369d4980b494b8c-SIN
x-amz-cf-id: JQcu14eFqMBxWhAa1yqKPNPsgXb-5Rb_T66vjdQE5hrjv0fvRBgJDg==

GET
H2 200 Logo_Amazon%20Web%20Services_Full-Color%201.svg
info.varonis.com/hubfs/ 6 KB
4 KB 78ms
70ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Amazon%20Web%20Services_Full-Color%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12feece8311f076308c2bbd3d8de66155192ea9df9a705a486f8e4684c45c5c5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1371096
x-amz-request-id: 3TGXC9VBVNZBG7DC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834895 PNNy RT(1702760158321 777) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"9ec8f05ec8b4bccf14856667c2f4af0e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429669382
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 cc308cac72966d971a24d7b2a41ddf70.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .hqD1QhDm8nt6xQNshEa2DyryB7lp9Y3
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 68aQAo8wyStuwWs5hnFqZShQai6qJPHrSNloHbEeqlhT53jKkoQCYeHHhk+dTE+yfU1I6E2Q3BlwYGnY5Qx1M1X6aKl06ErJfUqWPtucEOM=
last-modified: Wed, 29 Mar 2023 16:35:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ayveuiEoRBKW0DsZRCw%2F1mEXrGhUflJzlyLfdFaChp4XlsJqybx73xPc%2BhA5lAM9n%2B2KhnmQ8LSiy3m3C6iMlqLXXL77oHRKIDKM5OgplvUNNCL54VtM54nsFLi%2BDLOk9Q%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 2L90egVTNCAmVx/yZ1zwBt8OfmUAAAAAA6f+ORkrrrCH2WQDLdP8KQ==
cf-ray: 8369d4980bae3dad-SIN
x-amz-cf-id: 9ewwinAqCqMaI2KjLhYxKUB12DR1UEhFN1lIQFlPi6lecv-k-oCrxQ==

GET
H2 200 Logo_Okta_Full-Color-1.svg
info.varonis.com/hubfs/ 3 KB
2 KB 99ms
91ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Okta_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bc3c3712e26de83ecb08d0360e70ff826b4fda86e8348a3ee2208b4ab2ebad1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373675
x-amz-request-id: YRPCPESWYRJ6ZZ9Z
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834832 PNNN RT(1702760158321 778) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"6ae59b6e0ce4f86234daff364456a46c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429677378
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 5e51c2cb85f3832b4e4037f8dff6904c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5b0dmh0pwNv7XUyXYOrxaO9n9Ea4swdz
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lNWN3UsY+ymECDVtEF9SEQkayMuqwx/8AvNpX2VrSdGQfah2XFKx10oIidYmOLlGMQMImw4yVnk=
last-modified: Wed, 29 Mar 2023 16:35:58 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EsNbi3yGMviEhqBhVO8rR62jjZCvPpNNlP4ZT4FLvoeR7xh8weiVVNi13AjvWwf85i7NMPmcT85ISKDibibTcwQng%2FBw3ut9HuVnHSnnTggtQ2STDIPM9wXvj05imFpVqiA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Ck7tBToek1EmVx/yZ1zwBt8OfmUAAAAAvFAoIE6jG82JvWSwqn3y8g==
cf-ray: 8369d4980f7249ba-SIN
x-amz-cf-id: maoBwmxEObz-e32WIWEgn_ATRysoRbQbb5AJuYDMEnEXDD6aM6Ldcg==

GET
H2 200 Fill%201.svg
info.varonis.com/hubfs/ 1 KB
2 KB 97ms
89ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Fill%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a074c8ee602a0b3416f69defbab28371abb92ce73f934afa6e58ecec72b9256

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-cdn: Imperva
age: 1371096
x-amz-request-id: W3K2CGS98F96X8A7
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834891 PNNy RT(1702760158321 779) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"6980550af35925ac7c226d9e70c95932"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429684459
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 a28bec52c459f8c156729550b86ee066.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: T17L.OC3KO6B91DsAQ1bpeTtHFnJrWVM
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MfFJaLr4r6cP9JYhLtXvE7nHh4NP+cA0SIux3/EGCjMRAgzJVVTcQf29PxkT5sodepRvSTzHu6g=
last-modified: Mon, 27 Mar 2023 20:18:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nw5EeacLQ4JLDcVtq%2B%2BqEPIgfKTtJdzMH7IDtfCgDXSzeH8wsZQ7Zi7TWnRghmxMyPH5z8Xp1Aaw6ZUEC8KUAuRVRls6OtWOFB6mJ8arEJrdUqUJ4ECMfSr3BCXpuTWr8qk%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: uWlmbrBzZC8mVx/yZ1zwBt8OfmUAAAAACSkP7uj/jW4qhNGJUci3YA==
cf-ray: 8369d498090240ea-SIN
x-amz-cf-id: mqZwTmCeTb_GH2iqJlgt4hYXx3uGgmmoQJrSKrtVw2cTVC1_IfP7ZQ==

GET
H2 200 ed-lin.jpg
info.varonis.com/hubfs/ 6 KB
7 KB 134ms
126ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ed-lin.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd6a2c2e6967a14b880413da005bf9e57a394669242cd4dcf91855df7d4337ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: GE2C0TMYWQ77K7AF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834897 PNNy RT(1702760158321 780) q(0 0 0 -1) r(0 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="ed-lin.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "7050e00d88f77a2dc46031f138a5bbd6"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646951273866
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 2fa732230187764c42964d5b97126c0e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: P3H0.gP1tnVz9BcPSLW0qz0Ase06hoXp
x-amz-cf-pop: LAX50-P3
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=11595
x-cache: RefreshHit from cloudfront
cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 5674
x-amz-id-2: 53ucSxtjvV6/Am3p/I+367uSwwo0PtxNog9RYRxyHbVrsDVoBP00YeLxx/4aje0BJA25nkKtV9lN1Jwux/Zmng==
last-modified: Thu, 23 Mar 2023 21:22:16 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2jptNvhvnn1HPAvRPqd2CNXdxJtyl9uPY9YatlMJfBWLyHEzXF16ls%2F7oQqesAjnoi8oP%2F5hq4%2Fa5cvtQbHvAoScEhhFcedoEiZZAIrIVzmC1sZWcqqGiauEnzAM5Cyyclo%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: y8RaNzdDXwomVx/yZ1zwBt8OfmUAAAAA/kChHCTBQiu/9Sfu099QPA==
accept-ranges: bytes
cf-ray: 8369d4980f7d01f6-SIN
x-amz-cf-id: j_W6-1YPbZEjwkFaHgnyXwzBfNpvGDWp30TnCLMjv3qQqnY0qXkVmg==

GET
H2 200 Varonis-IR-Team-Hero.png
info.varonis.com/hubfs/Imported_Blog_Media/ 603 KB
604 KB 204ms
197ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Imported_Blog_Media/Varonis-IR-Team-Hero.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbc0f30e58b2a906e2bdbdf999ce1d8352660f5e59204c6c47efc3ed98b57cb1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-53579990612,FD-44912348718,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: T4YKFA9KEAK8F168
x-amz-server-side-encryption: AES256
edge-cache-tag: F-53579990612,FD-44912348718,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834830 PNNN RT(1702760158321 781) q(0 0 0 -1) r(0 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Varonis-IR-Team-Hero.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "1d5e5b5f6ac7b95785a2ec24b8b34f02"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1629751499546
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 dad0da2ca34fd3c27ca079cd27d2513a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1zRIXrh8Eao6OPKyBQYuLbybW_l5hNxj
x-amz-cf-pop: BCN50-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1188495
x-cache: RefreshHit from cloudfront
cache-tag: F-53579990612,FD-44912348718,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 617178
x-amz-id-2: F0OgQEZeETgy17pEk4pxeOLJ3clPxaSuakuBMpvImjvZCOjml0LfuOXZ/LqqOU3OwqiZP8nQeoA=
last-modified: Fri, 10 Feb 2023 22:29:48 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HKzeBoi%2FpVeROL%2BgRH0zWPqiWTKuPubhWYWX4yeb5wJ4n16yFnVSriA955QUDMhWh6xRVtH5%2BaK06gEa%2FMhiQJBb0dfW6RuYq2ZIQOas1Vb7k%2FcZMdMe8Tfn9I4NCp8ZHxg%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: BBfnRNNwr2YmVx/yZ1zwBt8OfmUAAAAAcruKAtp5RH5l+yP/o7W0Uw==
accept-ranges: bytes
cf-ray: 8369d4983b674b8c-SIN
x-amz-cf-id: dg9rILKYUd39lrl0TqAE07rCIZcQOq_dx0kxQlSPo6YloTGmpcSYVA==

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 532 KB
171 KB 37ms
16ms Script
application/javascript 2606:4700::6810:8ace
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bec065ae320fed4bb93d09440a473e82958293c8daf9371354588ece80588d15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 81
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4270/bundles/project-v2.js&cfRay=8369d299b94a9fa4-SIN
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"fc9d6a2cfcf42118865e200cd34d3672"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4270/bundles/project-v2.js
date: Sat, 16 Dec 2023 20:55:59 GMT
x-amz-version-id: RBYY3BIyY8WMd_yGkQbPFvGfcq.KKRed
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 6c68a653-59b8-4b1b-963d-37b277aa3741
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 6c68a653-59b8-4b1b-963d-37b277aa3741
last-modified: Mon, 11 Dec 2023 15:17:46 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bCVQ%2FUvTM%2BdxtXPNUkyhsgOEqVnz3SZiB0mXZbiKJroLOwWnIMQ9K4NC9yj%2FSpDTt%2BGBB%2Bhk1q38HWNj%2Fsp%2FyCWcJZai%2BVGdVIKmFm7yGCOm11Ygp6hXSbRYZbkLVCBNQOU6sgeM%2BAn0x5Dk"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-4shmr
cf-ray: 8369d4954efa9fa1-SIN
x-amz-cf-id: 3w0a7LmvmFpXm0LzgWUAHDMyX0-Jdyu9UxgxYYqRcU0Fq3kyMQGjZg==

GET
H2 200 Blog_CISOAdvicefromSpeedData_BlogHero_20231_FNL.png
info.varonis.com/hubfs/ 483 KB
485 KB 99ms
92ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_CISOAdvicefromSpeedData_BlogHero_20231_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

651bb2dc3a4634b30334a27eee2ce53901b2750f0ab8c091f2e25e93a52aee3f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-149920257173,P-142972,FLS-ALL
x-cdn: Imperva
age: 158786
x-amz-request-id: 22HJ0B1MGZ423HTF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-149920257173,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834895 PNNy RT(1702760158321 781) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_CISOAdvicefromSpeedData_BlogHero_20231_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "a571a0334199c3d6dd34a75a59c5300c"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1702565575165
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 cc308cac72966d971a24d7b2a41ddf70.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: LOXxTexu1aKIAmfL0veaRhOhzB97CTT.
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=671664
x-cache: RefreshHit from cloudfront
cache-tag: F-149920257173,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 494082
x-amz-id-2: gixRr5xQqAjzOyWmt8hUw5wCGIzJYSTcHb8vQ9WY64iPQeoFqtUXnMA9/IuTLz3DVokBs+YPZu0=
last-modified: Thu, 14 Dec 2023 14:52:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PJkWBTT%2BgwqmbfFzQdoZ6V0g4I9ROU%2FT1v%2BR3lLDINrpoq9jV5MLdDdbCDe8UO9uszYXim3kvAuGOO7PZdEip6KnrhgSJGu1rDK75wbGjkfH6mpIgTZN8Hr71AMsse726a0%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Joc8M6Ma0X0mVx/yZ1zwBt8OfmUAAAAACb7g56uK1mkPNmNn26DQqw==
accept-ranges: bytes
cf-ray: 8369d4983bdb3dad-SIN
x-amz-cf-id: _AuBRKC7eRW4_KOHO7Cy2jWmDGxhUk0R9AJSlrB6i2DI9Sa6QFhWtQ==

GET
H2 200 Megan_Author%20Photo.png
info.varonis.com/hubfs/ 33 KB
34 KB 145ms
138ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Megan_Author%20Photo.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb849a169f3b5ec132c50c2fbf85053671e849aa6421d55a5eab5d22feb75b3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-105894741257,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
age: 256613
x-amz-request-id: 09NWRNPQPVDY2TCK
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105894741257,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834891 PNNy RT(1702760158321 782) q(0 0 0 -1) r(0 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Megan_Author%20Photo.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "989355caeca6ff42e2f2ffb11828a9ca"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678400614926
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 5107abe805c079f90ed2ab4c60ef887a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: VUsiAQUInNsnX0B100DG9NupFL.VRVFi
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=67302
x-cache: RefreshHit from cloudfront
cache-tag: F-105894741257,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 33294
x-amz-id-2: IlSaSNB/1Ctxsy4vKpn/6rlP+Su7JPVtOIu05h9R+G2qdc3Q3t3chrA+NGBz11v1SK2T10BRjAp5kwjqxU3E/Kz1ebSTbjnp
last-modified: Wed, 29 Mar 2023 16:38:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IiNyafYjoI19FkZrjpsxDb%2FLEipZyUoYuL8ih4Nj%2FJSXbUwHrzXNtrRImwgnYDE3GNUH2WfBiV9iahBu4%2FameiZTXPvVlgiOTDdsMlCR2KtA%2FtcHodi8nkmmmMGkxcl2hXo%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: e+sQYnbMYGkmVx/yZ1zwBt8OfmUAAAAAEKVixgWff2EjnY6euWtmVQ==
accept-ranges: bytes
cf-ray: 8369d498594440ea-SIN
x-amz-cf-id: sVPJPm5Hp1vRAUGw1Oepf3va6u-pt6RxITCE__-DHfG-eeAnoDYWiw==

GET
H2 200 Blog_USPrivacyLaws_BlogHero_202208_FNL.png
info.varonis.com/hubfs/Blog/Graphics%20and%20Heroes/ 1 MB
1 MB 134ms
127ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog/Graphics%20and%20Heroes/Blog_USPrivacyLaws_BlogHero_202208_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cda8a0ab9bd5461151a18173515c5a597af845054d6c5476f85c2a01d1b6160e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-83823854760,FD-109375700770,P-142972,FLS-ALL
x-cdn: Imperva
age: 307733
x-amz-request-id: HCP8AHMWBH0ARMEX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83823854760,FD-109375700770,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834832 PNNN RT(1702760158321 783) q(0 0 0 -1) r(0 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_USPrivacyLaws_BlogHero_202208_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "263815ed47bd5cb02b1113b0e01863c3"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662146385978
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 ee464261ee466fae8314a91098b35372.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: pxlF0JnfoxWe9YEos5iM16LPqLsOjsdQ
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2302545
x-cache: RefreshHit from cloudfront
cache-tag: F-83823854760,FD-109375700770,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 1523056
x-amz-id-2: vbPvhPtZ/lBnv1ImI5BzpLQNleZXLDGcT4wqvLLdlI4hvJE/HsrqA69CIeWrqi8hXdhnuqz64z7uh8R36PBqaEEyCmOivNnBAOn5RG7acjI=
last-modified: Tue, 11 Apr 2023 21:10:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ErS46YV08lxnRiDnRzizPGfIKnFqXZr2xolTostvWXfzASUTPuxGDkpb8Srsd4UY84b1OcbspeLDNbM7oRbel9Ee2GavaBD3xdsnu0RO4HiT47nNidFXEdAuy5Zo%2FbPbOoE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: mNHmbsTCaicmVx/yZ1zwBt8OfmUAAAAArYqk/c4LNtCDUnI3ZkLjWQ==
accept-ranges: bytes
cf-ray: 8369d4985fa149ba-SIN
x-amz-cf-id: G6ASsG7k5vaT8UFYe4MAOw_w2zJXxh0QJOzfZV8CC8I75Zs51QYAmg==

GET
H2 200 MicrosoftTeams-image%20(1)-1.png
info.varonis.com/hubfs/ 12 KB
13 KB 172ms
166ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/MicrosoftTeams-image%20(1)-1.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5869f8ae61b66d78a6de0c52b94436d47899e11d112bee6445b5aedbc5868970

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-121885984550,P-142972,FLS-ALL
x-cdn: Imperva
age: 1365305
x-amz-request-id: 3P02158D3Z9VVGRC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-121885984550,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834897 PNNy RT(1702760158321 784) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="lexi-croisdale-headshot.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "056b0911eae4bb7e7924d7becbe495bd"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687455265218
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 ea6b6651a564f3c1a19b54389d1f51e8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ha.TpWDKzWlipeSVTZBWC1BYcTdNCIpu
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=69085
x-cache: RefreshHit from cloudfront
cache-tag: F-121885984550,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 11916
x-amz-id-2: XQNlHttPaXxWS5RnvVaCzXwEzxH4ZTq+IZ4roE63ojHRXsS48QXR8wvbKZu+iqWSyTE+TApylHQ=
last-modified: Thu, 03 Aug 2023 17:44:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lhQffNtMU4JUTZy4uxCrvlpWBqz07lMyrxS1dxD2WaU1WzgxruDLJjVjB8K1whtHhNFZJB2Lw5lZVGJz%2BOcIoo9miutEGqHzj5dAUm8qXTHAmQtG3IsOIb9naqXbJdAN61A%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: is/UGhmhpCImVx/yZ1zwBt8OfmUAAAAAPxDDXMPmO6iqGFa0ARaxJQ==
accept-ranges: bytes
cf-ray: 8369d4988faa01f6-SIN
x-amz-cf-id: Rvey0eGb1hZ3u7z1AdfWYLHRMuKGQtButf4hWDGE2uTPlfivtC3WHw==

GET
H2 200 Mark%20Weber_Speed%20Data%20Blog%20Hero.jpg
info.varonis.com/hubfs/ 51 KB
52 KB 165ms
159ms Image
image/jpeg 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Mark%20Weber_Speed%20Data%20Blog%20Hero.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a98e6573aa43aa760480589e09e812b6c094ff4f6c47cc2c6ed20160e8431e06

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-146273274881,P-142972,FLS-ALL
x-cdn: Imperva
age: 1456902
x-amz-request-id: 0XDY3HEKATYEVQA6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-146273274881,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834895 PNNy RT(1702760158321 785) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "51d5493bfb8611cbdbc52cbfc001387e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1700502642743
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 4d5db5d8b78e0b583e041b582e55cfc6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: IQUSFXjP0R6hlMHR4yLTUraHmIWW54zG
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: degrade=85, origSize=203364, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-146273274881,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 52286
x-amz-id-2: f7oyGE6MPpTWPzG7zvy+hTYebOe8rbdDsZEJ6g2XokWxzOHkHadm7LWYeIXrzZOqyHUOsRhdL/fjdLUasDNVb6oLzZ8HD+gD/ZCjRY4kAsA=
last-modified: Mon, 20 Nov 2023 17:50:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BpXOlJOn4lO9vsIsFr2GXwgaXD9CRziuaEN1ly0MmiB1cKO%2FkJg4AVqgQarkByyx92SuHVYYxS57EcVWQrsCIcQp2tzEs3hVKjKIBhAHMz3aAyDlelmT44P2VGXfugnRPr8%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 6PEUX5eIZh0mVx/yZ1zwBt8OfmUAAAAACe49atLKFvcsgHOs4JPtpw==
accept-ranges: bytes
cf-ray: 8369d4989c003dad-SIN
x-amz-cf-id: ZWCkhenk4YKAwC2nBTERgVC93sgDvRc5GTjYwQhps6fqW2XXUs5uQg==

GET
H2 200 Blog_GartnerLeader_202311_V2.png
info.varonis.com/hubfs/ 521 KB
523 KB 196ms
189ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_GartnerLeader_202311_V2.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8572b67ba938e549aebcdf8b0114b1dba18dfde1dcd1cc51627b7bfd7287cb27

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-144549714188,P-142972,FLS-ALL
x-cdn: Imperva
age: 1461371
x-amz-request-id: N34MD4GW7S86AJCS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-144549714188,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834893 PNNy RT(1702760158321 786) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_GartnerLeader_202311_V2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "d449d12dea9a903b1b874e7c86057bc6"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1699457512704
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 a70d15c0de6117f8c3e081ecba9408a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: T0gt.yqyAf60m2Z6F5F1c_.JCzBAQZWX
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=737548
x-cache: RefreshHit from cloudfront
cache-tag: F-144549714188,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 533092
x-amz-id-2: iiFwIi5jhn1/+VOuoT/OhpkMQHYgh5Vqnwdp15w2zozGpzOwKW+XU4c1Qk8SpgDlsTFi6JCkJfs=
last-modified: Wed, 08 Nov 2023 15:31:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qy6x40TqG%2Fomb5EgyU6SGcIPYvXafhhvOlq2zOY3wRLr4s3kf12msz8i3hYb66CkbIylB28Yy2TVsb%2Fb5cp1onlbnDlsHAbhJo9Z987KjNHqrt3kmeAKxJxcPy6rXTtFzoE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: r0UJaPpmVUYmVx/yZ1zwBt8OfmUAAAAA3369nNVvnrVzkdzr9xOzBA==
accept-ranges: bytes
cf-ray: 8369d4989b8a4acc-SIN
x-amz-cf-id: yGaW0xWU2hPPy2PcDvIUIz5Db18HZc4Pml1OSZaodmmsVsisHLdJPQ==

GET
H2 200 avia-navickas.jpg
info.varonis.com/hubfs/ 6 KB
7 KB 191ms
185ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/avia-navickas.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abcc14f81d36c556b1862b008c4398b4699fc7d6537fa54797f96d282975061f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68247605176,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
age: 1372447
x-amz-request-id: 8GY8GMXZCCW8JNW1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68247605176,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834891 PNNy RT(1702760158321 787) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="avia-navickas.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "18dce540be4cddbae502e4a76cf5064d"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646951076020
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 c5c1467e47aa14975ca9a42cf837f5ec.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: JyFHvm2WVnHSjsdnVbNDKLiwMTm_Vex6
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=12957
x-cache: RefreshHit from cloudfront
cache-tag: F-68247605176,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 6626
x-amz-id-2: nYkQIaicSKOXvhjxQDFSTDgEvddg3fwkY6CKbgQy4rxujL9ZuJ7NXnh7LGctg5Ctbd+YDh49HdokDpEEkmTmDaLmfhlgBOCEmAI/Z4R/cwk=
last-modified: Tue, 28 Feb 2023 20:47:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FMUgkvpJC0oBhYDtyupah%2Fc0SAEEL%2FNZulaGSXRUeXb5%2BfiAu59En2p5auHFaf3aHj8c%2FsHlq7c1YakjY4iaA6FkGQBeWns0SdukmYf4BXsAm27kpBSLFYEKyZIMZ3dw4SA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: xk6SQJO0wX8mVx/yZ1zwBt8OfmUAAAAA2Ji3oijVQdA5qba1tJsibg==
accept-ranges: bytes
cf-ray: 8369d498a9ed40ea-SIN
x-amz-cf-id: kkEAIwphB-nppLLfT9f_R5qcwE5aLV7pzzUVOH9tAyU4AgShAFuJVA==

GET
H2 200 prism.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/ 19 KB
7 KB 10ms
9ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7b88bddc6c757b2fc8cb113e2469801ab14a78ec1a8fada4d6391e3573f5f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1453428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6336
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-18c0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PAOBRcHuCR%2BZfTFqCpN%2BJY9teXRD%2B%2BnV2W4OKNXXYZPCEO4L621HVDPw9eDzK7wxQb%2FqAO%2F41MwANePhCdvuA7Tk1BG0vEbTacYxCW3yJAK8yt2y%2BmVmnZdViU44h3SHbWxMMqqPGsVwEtUn%2B58qiEas"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8369d49549dd40dc-SIN
expires: Thu, 05 Dec 2024 20:55:59 GMT

GET
H3 200 prism-autoloader.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/ 6 KB
3 KB 16ms
16ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0233342795c86e2079f7406bce72c481918b9ce416aedeb6b37044abae50fc8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3365554
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2202
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-89a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uf1%2FN8qG8S%2F00BctEcxZlf7dcalAr%2FEGaHIhk%2FYe74fsvMBlwaZvw3k5LMOt4K5Ypn2pSGeprRd1HLVRfksyQsdHrA7w5Ys3z4WludMN4X4%2FihCeRo1lWvOcVO6OyesLG1R8llvKbcuUB%2B8P5s%2F6IZE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8369d4956c14897c-SIN
expires: Thu, 05 Dec 2024 20:55:59 GMT

GET
H2 200 facebook.svg
info.varonis.com/hubfs/ 634 B
2 KB 209ms
203ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/facebook.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a5034e01d5b47ec7eee2b3a45a23919684146c27b715f4fd863037b11b2abff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373682
x-amz-request-id: A1ZVP2ZMN81GXTE8
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834895 PNNy RT(1702760158321 788) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"9667ebfd8e6880e7066c322b0b25a6c8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219654732
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 aa1a30846e0095e7119e3af834f718c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: WA7pU2leNpTprUjaVEZpDKXqPbClsTVp
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: jIGXvvZP7z93BPeNNyS8a4kH7SCBxVUu6e0+4S1iHK3q9TJWQrSP8mDr1VZUtIrln0Y88vRBhyIYToh1YZls/CWQNXUIIINfKCJH0ocpp3s=
last-modified: Mon, 03 Apr 2023 21:49:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BLWMOZI0AqI6Xdcs8TAKBpenMBcCelot424T%2BOFx7vP0cRW1fkN%2BdZO6taBKNTKMdADEz9D7l6EV4cxDrfga6y5Wy8KxwJYpoglnejrt9Fg%2FJ%2FI0o4HZ5zshjDnZMwpCqAU%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: iTGMEhWusVAmVx/yZ1zwBt8OfmUAAAAAhPhFcTYfjFB3n/qMWOGqXQ==
cf-ray: 8369d498bc223dad-SIN
x-amz-cf-id: fgl5j8ZQ8SnoONjxufewGVze-cgmaA9TleTNLJ8VMklDIURO0kOv_g==

GET
H2 200 linkedin.svg
info.varonis.com/hubfs/ 1 KB
1 KB 212ms
207ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/linkedin.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b4639302db82b725feb2fb5b7c2f16d1ef8abe70409c496fe0dc777e143f45d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1372977
x-amz-request-id: YRPABWP5C7MJ8NAH
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834897 PNNy RT(1702760158321 789) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"15f6f62efcbc0f51585cd41ce283b99a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219666618
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 d5395aef0c58da123cbcc801b71e308c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QNfQH6UicIJK0KK7LA52dQI3xwAuEigm
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: AcfQ19YBdeaTNNl/Y0SVIcoPa8t+Pq6gwBh4nK9/wFuG7+orx02f+qL77DciUJdZKtADT6CrWCw=
last-modified: Fri, 07 Apr 2023 16:33:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PF0irxpIxDpA4NE7Qhgibq7fw71exFHH7x6IljA%2FnaTxOmUseCQR2VdqfYEvg0Dl3Um1%2FjneOFsmVpqvHjCWDk69iGT2X2AveH%2F2qV45g%2BkGagjyIz1ZgnpBo0k%2B9o%2Bdl%2FM%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: jJwmUkVxhxQmVx/yZ1zwBt8OfmUAAAAACDz6IQWunfk4iBOifFRkMA==
cf-ray: 8369d498dfd101f6-SIN
x-amz-cf-id: WkCeJpDRJ2VltMBYx3HqrmHWhBv1GgQI9Yrl08CO5uv9-6wjmASB3A==

GET
H2 200 twitter.svg
info.varonis.com/hubfs/ 1 KB
2 KB 236ms
231ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/twitter.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3daf9b6a39281fdc04a57bdabe589d9aa970719d22733e04fc1ab799b7a5db49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373498
x-amz-request-id: YXXPFMH4QX1K120N
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834947 NNNY CT(1 16 0) RT(1702760158321 790) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3ce4a000e199a193e3e73cfac7b4e108"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219676422
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 84ca4da5a7ceb4bccfe9632e4992597c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5d9b1tur7umZsj9sMPaWqlWPAKNW7KFs
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: DstB5vpl9dVjn2G5agYxPxHnkni22xnDc1nspAeyIIryV8B5VqSdLVbpjTrSla4X2gd6trqvZIxot8WWSCTsyCSujaeCziV9C3l8sXCWoEA=
last-modified: Fri, 07 Apr 2023 13:49:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oT6%2B08kWCi3lG1YxkEmLnghKZKirA%2F9helg9aJA20uC93wYcfeWj4dO46cT08bTlananok%2Fjlx4CZz8Jjm%2F86PFWs3Rr81NbhVanPlT0Z1G6YXMhVkt%2B5FWWzHKejTZmH7Y%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: up78R6oSgzYmVx/yZ1zwBt8OfmUAAAAAPwFrH/rcupswuNwGqgrl3A==
cf-ray: 8369d498eb7e18ac-SIN
x-amz-cf-id: 1tDM0IrFa-WhFKvzTylVoh03l9cVjl9-kfib1DhZaLebSF20zdfhsQ==

GET
H2 200 instagram.svg
info.varonis.com/hubfs/ 3 KB
2 KB 239ms
234ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/instagram.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae925eb57e9822aec57086375bcf93fe910d7c6c0d83cf10bf448c5348aaf0b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373681
x-amz-request-id: 8GY3PMX7S25Z61EG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834832 PNNN RT(1702760158321 791) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"2eeffa913d57b77cfd604f3ef1fae9ed"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219687130
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 ab94358e0d2d36f8b4f6ff94645b8b38.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: meODPhL4FdcYRYplK87hLr86vudDDmQz
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9zcIoQu7odOdR/hIofoJ3KDgsdNyT3vR8J/hIBJqv/7Dgbe8NTw8hphaGk62hrje+meg/YzRUzssNqjHcvn9nw==
last-modified: Mon, 03 Apr 2023 21:29:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xUOC2JV5JPIuhVf3ST%2FvjAsPpDGZcbqQZBHaIZo09pWj1byYmrj%2FXL84fLcO1%2Fga9oVsKGY9qIJzDDq9GMBmREDjSb4YfYVmLOFu%2BPAV7sL%2Ff%2Ftv21vNwh6DTWL%2FypfpukM%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: JjnJaRBW7jImVx/yZ1zwBt8OfmUAAAAA1jtkJlHmj/0RrURDayuHMg==
cf-ray: 8369d498fff149ba-SIN
x-amz-cf-id: i8DvKqM54Xk9hSqSGYii_BiXrTj3-k559fNpzGzYOtaXyp95kFP4Qw==

GET
H2 200 ISO-27001-Logo%201.png
info.varonis.com/hubfs/ 2 KB
3 KB 238ms
233ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ISO-27001-Logo%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b15ab10a2a109c8e59d604cd4101cebe7aab42ec227f8f521398e063bfe0217

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1369724
x-amz-request-id: 8GY8VMFB1PG3J78J
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834895 PNNy RT(1702760158321 792) q(0 1 1 -1) r(1 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="ISO-27001-Logo%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "a413509b077bcf2faa7621b0d5d4de36"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604427281
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 876d78271929a83070970f4d8906b684.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: timIF1O_gxoEXq7s04ImeochSBRbmAhf
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2523
x-cache: RefreshHit from cloudfront
cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2066
x-amz-id-2: e1Zf9X9s3Eh1UXAqrAcJTArLqWfr/d6uoWfRFW2WW2o5b/Ubqq01paXbGNybC8eAhEEro/2vx60=
last-modified: Wed, 29 Mar 2023 16:10:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r7IWohgrQWNwJ7PTi%2F6UcSIgc%2By93str8qJ96z4hIbYgnVVrd1nGobzZR4o6N4NMyg5YWRSdqMOuYO4qmgjKB3XyC%2FOtC9YuuAs%2B0lGK1xTqWQW1vbz34XYJt4Ing50%2B3TI%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: KSalEFDpkHwmVx/yZ1zwBt8OfmUAAAAAsGnwvewAPD5mkr7MGuBROA==
accept-ranges: bytes
cf-ray: 8369d498fc453dad-SIN
x-amz-cf-id: cRyVEOhDxqt-1fjAEfwIMLzAxdg8TI7QoeB4N4qrCDgTmXvyZFybTw==

GET
H2 200 ISO-27001-Logo%20Copy%204%201.svg
info.varonis.com/hubfs/ 13 KB
11 KB 236ms
232ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ISO-27001-Logo%20Copy%204%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba1b3f329ba47639a8586777bb19db73a9c3e37954b5e72ff97df8e0ea931062

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1370240
x-amz-request-id: 81064GY6VWYF1BCM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834897 PNNy RT(1702760158321 794) q(0 1 1 -1) r(1 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3c29f40cae554dd8c7276ac63187dec1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604432436
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 91c831638d7245b2d89d0c60131ffd6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xgSkvj92cQLN2iNJZ_lFxRESVIwvyqH_
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 4H9JIE0/6wHJ0WsGsyyI6uBjKxZEO2giW03IMPu8mRfLZ5A5ox/j+K2kbBDEIm3Zmy7aSVgdLAA7jXKHC1SIWA==
last-modified: Wed, 29 Mar 2023 16:10:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=04B3DH%2FPQzFptZOgqxt4P2C9TQw%2BR%2B2xFIBM0CtivegSUIdKg9orc%2B0CUfuHqYdYTBO%2BcBxB643sXdbprTT7eTpynoQSGtatAZGNPcGIb6EFRZlXp9eojyj3UeXiWi1ftHE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: QF0ibucpABUmVx/yZ1zwBt8OfmUAAAAAp3tFtUQ3xMSpI7mbAvfwMg==
cf-ray: 8369d498ffe901f6-SIN
x-amz-cf-id: gnGdmrpo0Bm8w-U9xU_ZlzZaNe3tELo_1aC9LY2WmAHvUKi8djJl2g==

GET
H2 200 STAR-Level-1-badge%201.png
info.varonis.com/hubfs/ 730 B
2 KB 246ms
242ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/STAR-Level-1-badge%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ea31af1ae38b9f8194f93234449262a79af7a7bdac0938c740c62f0eae9d85b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-cdn: Imperva
age: 1368257
x-amz-request-id: 810BHCRERNXHXTMF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834830 PNNN RT(1702760158321 795) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="STAR-Level-1-badge%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "21b42231b455b1ad08b6ac53b5081df7"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604442982
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 eec53532cacf9ede8d0e014bc1ea9a88.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3t6QVHH7wvf.mxjXy3Y9twhVmeBu1ejQ
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1187
x-cache: RefreshHit from cloudfront
cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 730
x-amz-id-2: fWlAEJlP3TPeITp2B+5MOKdEEWsy/pmRZ/koS6X4vZqEuH+QcohA0vHC0HotTUb5uOBVCGPUJlg=
last-modified: Fri, 31 Mar 2023 14:59:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iMseDPG69GQQ44%2BWBSLQjNCHiGhZmSf7kpSoWxe6J8Kn8vAzjTB2zWHmk8b8RK4d78eHDmO6pwPtQtVflSRRcUO2pX5wq5%2FC9M0m8YQkEs2S1l7EQV64%2FRvySVT%2Bo569ElI%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: KR6hIViTawImVx/yZ1zwBt8OfmUAAAAAc22Sdz/sce7w4VQOx8ECLA==
accept-ranges: bytes
cf-ray: 8369d4991c204b8c-SIN
x-amz-cf-id: 3OyOAOmtPwp_7hArbKK6_yzeZUyTBxmhmDok5ykrznZvoc1URcHdOg==

GET
H2 200 AICPA_SOC_250x250%201.png
info.varonis.com/hubfs/ 2 KB
3 KB 271ms
267ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/AICPA_SOC_250x250%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42222ea51046de258be17a4b61f802c94c29d8feeacaaa4ae194c590198ad002

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373741
x-amz-request-id: 5AFZRX986HPCEY1H
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834893 PNNy RT(1702760158321 796) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="AICPA_SOC_250x250%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "3086eb0e182b996b1bd0e515cb8d5ddb"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604414374
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 c5e5a9ddc16b995cc90319b13f316f58.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QOLtmRwBZ0.MIDnZrV1Q2ii25CJ9jxJq
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2732
x-cache: RefreshHit from cloudfront
cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2104
x-amz-id-2: 0O+0X2oI8y45MXM42LyNvmnXKocUyQbcpa98aVps0+F+FCB+OTLbtJnqeCvYw8CeGeTCTgMI8BQ=
last-modified: Fri, 07 Apr 2023 16:34:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gu611qiWFWsrC0%2B69TYKb%2F8TJ%2FkhhlRK5Tt97tmVMhWs7WZPpJQgfUWXRL2OXP1bxoxPT5pFsfr5mmTbkNyhuccjjgltm6%2BHLuz88egiOgq7UaRUNRYIqqgi7t7ovz83Xms%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: ankVAn4wYw0mVx/yZ1zwBt8OfmUAAAAAMtPaDfjUCS664HhvY/8Blg==
accept-ranges: bytes
cf-ray: 8369d4992c214acc-SIN
x-amz-cf-id: CQ843P9z-7rmo2Paw3q5vhfDDpQ5dmUZ8DEXc4qu8SmVHBVRF3RpIQ==

GET
H2 200 niap_logo%202.svg
info.varonis.com/hubfs/ 11 KB
9 KB 263ms
259ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/niap_logo%202.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2c5c92cd55477571c7e757c4105315c813e710586cf1f334f809e8c93d845c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1369701
x-amz-request-id: NHJXPNZW180D4W3J
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834947 PNNy RT(1702760158321 797) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f7049a9fa4c9ccda9202bfdca55095ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604438044
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 73dfb2192db76ab224b20f9d76621a72.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: i_ozlwX4ZN4wsFQgd.1gm.ZEAGKJ9w6P
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0+wl9SeI3zakPLlGOUaSj0u/ssNdvOvWIXZF1Rh6nQRm3PF9WICV4Eig4Mhc6QaX7yr2kxQjFBA=
last-modified: Fri, 31 Mar 2023 01:17:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSWENuheVHnx5oVVQQ0oz26blQKcZpy9go4JU6m2JNtDWvmXAjLWDlXyYubZ%2BksuA1N4ubX8EESgmZrowk8ZkBuIWJZpjrLii7kwW%2F7eaPipZ63F3H8kzBwXxYHBY%2FHudz8%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: E9dLLDrBzTQmVx/yZ1zwBt8OfmUAAAAAc+d+Rb6BHsniSSCxpvGBdw==
cf-ray: 8369d4992bac18ac-SIN
x-amz-cf-id: vABzwE5Nus7NApm43I06Wi7tLm-WmzNBteotlOpsLy_8U-QcP7tdYA==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 33ms
13ms Script
application/javascript 2606:4700::6812:b05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 0d27db90763171c209c634582825563c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: KUL50-P2
age: 1460392
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WYVID1ENZX5w7MuEcicsX25up5OlJkHpwZLEkRgwdULEX7%2BqEfvtg3iL%2FlqyMnnM8h1mMIJXWJkmiJExVjuvutRYFqtGcAYRNhOUsolGlGnZh6tjM76%2FQNC22crKuVzEUM63pq2VTDn0O8jR4MDw1kU7mAE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8369d497eb61a041-SIN
x-amz-cf-id: 32BF5ea9y3e3BS32dGL1hmp9CTxlYtSQpoFbYiHVIN-UqG09VSFOMA==
expires: Sun, 15 Dec 2024 20:55:59 GMT

GET
H2 200 announcement-banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/ 304 B
644 B 324ms
323ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/announcement-banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5ec6b8d820581f2d04713d3bea37883b0e5c2881f7bb108e13a3d63249c4867

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1367371
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:33:00 GMT
server: cloudflare
etag: W/"ed246e714d8f7084f9613208eb724cf5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550379808
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SjzOskUa0Q8KAZPW7Q1t6BaoJGG4UScSiBPV9w4uzKad%2BgGzZ589%2FL5WyuczoDyobF6Rr5JG5es5PSKiBbpTDI1hw3mv8HlIUirw%2FW81tCcrAdFAbRpJIko%2F4n9ieyZSQAV6bQgB%2FgR%2FLMN5Yu4%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8369d495895a3e2f-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 cse.js Show response
cse.google.com/ 9 KB
4 KB 52ms
22ms Script
text/javascript 2404:6800:4003:c11::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c11::64 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

bc76fc5a481fba805be714f16b8657f4bac57266f70690cbe195ab90b0f049db

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-HRS06GfO_6f4IiIwO-Sn2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-HRS06GfO_6f4IiIwO-Sn2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding: br
date: Sat, 16 Dec 2023 20:55:59 GMT
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2989
x-xss-protection: 0
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
server: gws
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type: text/javascript; charset=UTF-8
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=

GET
H2 200 module_71662020467_Announcement_Banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/ 865 B
987 B 28ms
28ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/module_71662020467_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6cc38542df851f8b331cdd5ac0dbe9929c7968d347c62d93c22b91ef560a931

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1461713
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"6eb6d7132999731493bad4b8e9e19c88"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1675114923395
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 909721a0-ff3b-48f3-8b82-eaadd29b4011
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 133
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 909721a0-ff3b-48f3-8b82-eaadd29b4011
last-modified: Mon, 30 Jan 2023 21:42:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afBucsV13Q0ZBQvVwSw%2FAipgNGvbGLUsTffNfDwZDzR0NpUhvRn6Uukl1Q%2BDRngEXNIymj2IZFpJ7MPE%2FfT2vriMESi%2FWP0Qrkk0dD64Pw5UiCSkmt63%2BVUCq47nGelvHXCkQqJ3iPOShWFaSV8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-j7nft
cf-ray: 8369d495e99d3e2f-SIN

GET
H2 200 module_97266453797_Remediation_Announcement_Banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/ 860 B
1 KB 29ms
28ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/module_97266453797_Remediation_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1286285
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a25c4019cb8b6fc47eb8ed83cf1076d4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550132881
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 39a13f21-25ae-4cb7-9386-f54652bf2e38
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 141
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 39a13f21-25ae-4cb7-9386-f54652bf2e38
last-modified: Mon, 03 Apr 2023 19:28:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vur6OrbVQf8zo%2B1OW4zSEHmNUJWzhym391tMz37%2F5Oi1Yzlm8ZE0pEcXa9teyNcj9JeiYrrnfA1g9QMY9sEUueHF3TsmbIPX55pSevwDhKtuQntc0O9%2Fc74WCPAY731%2FNX6Gp3QwAxJz%2BM5VSto%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-q8s24
cf-ray: 8369d49619d23e2f-SIN

GET
H3 200 main.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/ 10 KB
4 KB 210ms
209ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/main.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:55:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1621485
x-amz-cf-pop: IAD61-P3
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 75fff1d4-4a23-46cc-a1b7-5653128d91f9
x-envoy-upstream-service-time: 164
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 75fff1d4-4a23-46cc-a1b7-5653128d91f9
last-modified: Fri, 01 Apr 2022 11:44:17 GMT
server: cloudflare
etag: W/"c4d1fac2b0b677aeaa2c2ade72813888"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1648813456943
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VmvUQpQECwVL2v%2BCYQ%2FSSXpUiucmvfI1Psz2NAOASnWM5ts3duxPcX%2F6uePFS0kg%2B88XebZXOk8fGUgLp5jt2GQdEOQP%2F4vPCgqeASPPvkTj5ETcctQO3F3UeQwoMw5Ur8xurud8hP1gsutdtdE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 8369d4964e264028-SIN
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 module_96126751858_Site_Navigation.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/ 4 KB
2 KB 20ms
18ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/module_96126751858_Site_Navigation.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1555039
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"066f9d11e54f30bcda41cc81ace646da"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030599466
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 490a3902-2e15-49cd-8cfe-50266492d64d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 244
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 490a3902-2e15-49cd-8cfe-50266492d64d
last-modified: Thu, 03 Aug 2023 02:43:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lphes8xj2N1LSM%2Ff3O1C7cW2i3GSTK2M8e8WytkQ0Lf0h2osB0XyWPw0Ilax2MlXWiWurakbvB25mJ9VSog%2FPX%2FgKYH2m4a1rN%2BlCu%2FOKm1PO3KfXh%2Bz2gHeSj41OMJubG2%2BIwYr5Qq1W8EeoPE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 8369d4978ed54028-SIN

GET
H3 200 module_125777074029_Navigation_Submenu.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/ 1 KB
1 KB 31ms
30ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/module_125777074029_Navigation_Submenu.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1540607
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"131209442a05e734a14e3bd00f89bee6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210032469
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5dba04c5-4646-4a60-ae3d-bbe90cda58a7
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 198
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5dba04c5-4646-4a60-ae3d-bbe90cda58a7
last-modified: Wed, 16 Aug 2023 18:20:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZmap2cSuVOgjOBzC4XYAQ3KBnNsC03LqROzH47V%2BTwVOnTIYx6dgikYvOMwJAaMzdmkkidV1%2BeyH9oHB8kTqzyc%2FOKWnP6i%2FDgkKJo6n9H%2F0L%2B6tIr3dp5ZX1bLcS3kfIVKyLjuMK9ig0rgi9I%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 8369d4979edb4028-SIN

GET
H3 200 module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/ 2 KB
2 KB 22ms
21ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f5e45ba0c943167a203ccff2d9b3065c7767b1c32c33e6b21af38da1738b8a7

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 2141045
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"f95490701022c4b61b9aae62631a9ad7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779299533
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: edb15a77-9060-4181-a508-3ccf45d119b7
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 133
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: edb15a77-9060-4181-a508-3ccf45d119b7
last-modified: Fri, 11 Aug 2023 18:41:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zc95cMjAZZCZpWtz6H2EoLNmg4CaOV517DXjyzxvd5lfj34eicW2RMjGVCMNLn8CTSN652HPmDMw906QpitodEQnk3yGWtMaa%2FzEVRudE5ZMACpkxTx%2FxgSxT%2FVpem3GmxOYyqKJGckBDbL3Yo8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 8369d497bef54028-SIN

GET
H3 200 module_60280511003_blog-form.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/ 232 B
1 KB 31ms
23ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/module_60280511003_blog-form.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dc5ff8e8d54854daa72a30a2bf8345b75255597251028dad23e18510e635b98

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1372666
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"199d600316628445ac927b3b2b5d292b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678832788379
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 596c1d22-08ec-45db-8661-a3eece14dea5
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 234
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 596c1d22-08ec-45db-8661-a3eece14dea5
last-modified: Tue, 14 Mar 2023 22:26:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMeabZQLsHzU0YDtAZRxCsnL%2FYgeSPbhGt6H0v32PSencQiDSae36n52Y6KOaabhAd7b5ydpLWmy42UxtskC7fP7jKpVnhbJKBSTvico%2BmnNvs87TLQskDtWbH6ug0%2BYa18ouqNvItf9NFpzv%2BI%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 8369d497cefd4028-SIN

GET
H3 200 blog.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/ 1 KB
2 KB 29ms
21ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/blog.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f6b8b612b0090fdd0032dfd7071745a0b99149bc01a55cd24b40086ede2b8d7

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 256586
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"577f12ced843bbb8382cdbe78669b3ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1685000791604
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b5392a22-56fe-4bb3-875e-6554306b6fff
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 199
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: b5392a22-56fe-4bb3-875e-6554306b6fff
last-modified: Thu, 25 May 2023 07:46:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wjpjyLBHbpxxkgxLFOLPOHk6LeStEvCdLnlIS6n%2FX5l%2BbI%2B63K%2Fw7%2BcYNjJjQ41Vv9e4SdBxHjuJR9axDpVPEuRNG7tymGwXfObQIXdrSZB9z8EQNjjDJkI6bwq9OK87Nfhu%2FbMhItNVlZnIOyQ%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray: 8369d497cefe4028-SIN

GET
H3 200 jquery.toc.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/ 1 KB
2 KB 28ms
20ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/jquery.toc.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 584533
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"39e23085840845568c2de46aea67930a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678780073283
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: e2df3224-79bf-45de-8753-66430a464bf5
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 193
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: e2df3224-79bf-45de-8753-66430a464bf5
last-modified: Tue, 14 Mar 2023 07:47:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H1OxhWTMWNo%2BblrqvBQF7yg%2B0JvsUJkPxzf02xudoXlCpv24sefJFZCk6X1wBh8QRd7mg1ZDEo1h1H3CGehZuMabN2EHgO4mLf2HHNmrKa2LNc45yMqSsRlKKrDQxkry%2BgmeEIn8PGcKbdZd8l0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 8369d497ceff4028-SIN

GET
H3 200 module_87397221683_Footer_Site_Directory.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/ 577 B
1 KB 30ms
22ms Script
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/module_87397221683_Footer_Site_Directory.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1277624
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"b7e1d67d9b7a486bb634ad966519a8bc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310222
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:55:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f62e46eb-1b10-4124-89a4-2b403c1bab5c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 156
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: f62e46eb-1b10-4124-89a4-2b403c1bab5c
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wK9C0yXKURvIPse41VjmQgetZLwlCnc%2BNos7RlxWsM2h51oZeTlZHYI65HwSABC3k3TyCOmqs6Y7%2BnQL4e2xCK485Tc2DyPSx2bCQLOJ94ABppMxQm6%2Fe%2Bkpa0pQIJ%2Fbr8zOGHGsSJEgxvDgMJo%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-8ktx6
cf-ray: 8369d497cf004028-SIN

GET
H2 200 142972.js Show response
www.varonis.com/hs/scriptloader/ 2 KB
2 KB 529ms
525ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/scriptloader/142972.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee44e9868729bf26893cdf451026cb2c75ef7920e6812378e8b3d78589de48a4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d864efe3-32fa-41a7-9ea7-1c42e1691304
content-encoding: br
x-iinfo: 4-49834807-49834827 PNNy RT(1702760158321 798) q(0 2 2 -1) r(5 5) U24
x-envoy-upstream-service-time: 14
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d864efe3-32fa-41a7-9ea7-1c42e1691304
last-modified: Sat, 16 Dec 2023 20:46:51 GMT
server: cloudflare
x-trace: 2B7217290C324533A42C6DEE19971CC958C5B65500000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-jxlsd
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dcsqCe0KY4dTCrrL%2B8NdQo9iP3vvQzXhXulIzy7DC4bT0dX82Pv4Z7l0vRG1WZiBoPxYvHgZfVKeFVBZGgUJ4vCPptn5eRWQQ79MENAVbb%2B22bhTzBXBY4GBvfx0mFy5qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8369d4992c387972-SIN
expires: Sat, 16 Dec 2023 20:57:00 GMT

GET
H2 200 index.js Show response
www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 257ms
254ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 7ce6085e4f8f7a25858c982d370bcabe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 1362397
x-amz-cf-pop: SIN2-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 4-49834807-49834810 PNNN RT(1702760158321 799) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JbtyqHd3p00eaKhzf50lfINKx0Oux1rCEfv6Q68zxmsMH7TxvcwVBSLL8jDnmy3ozG7IzhRlBHeq4nz6wmw0RzHhaWl0qm5XPdFybzdH8T1KMcyvMBA82i%2FYl%2BtUMplAKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8369d4992a866be8-SIN
x-amz-cf-id: naO5boXCvPX4adllbgsXJPH_kEoVu7ugV8fDeeGun-ZVReRzbsoiGA==
expires: Sun, 15 Dec 2024 20:56:00 GMT

GET
H2 200 _Incapsula_Resource Show response
www.varonis.com/ 137 KB
19 KB 45ms
42ms Script
application/javascript 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1265391150

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a8d9a125e1a47470685bfae2bbddadd8ab9f2379c978f7ff2130a2f1034073f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 19724
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 339 KB
114 KB 46ms
32ms Script
application/javascript 2404:6800:4003:c00::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c00::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

383aba59e4b3a1bc18853f5c61e9d918624af76bf09152a17dd6cd2e1f384887

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 116009
x-xss-protection: 0
last-modified: Sat, 16 Dec 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 16 Dec 2023 20:56:00 GMT

GET
H2 200 Graphik-Medium-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 46 KB
47 KB 270ms
231ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Medium-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1702336745229/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
age: 1542484
x-amz-request-id: 34MY7TYGVKYX86SE
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "b1508d27f0878f1a2c67e3104acc6f04"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839921
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
via: 1.1 8f4e0ffdaf6aff45124ff701a42582e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: qsBQrK0UutXz6JHO9XDG7lT0R2bZ_P1t
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 47393
x-amz-id-2: mr6K68uiOaDU8GRuV022OvXZ5bSirsT8nfzVhvxVL3CskkdkUFupg02beOkpjFNiAWoSpXD8gDjB3rlPocGIlA==
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8369d4983bd949f0-SIN
x-amz-cf-id: CKzqEMInvujMXhSIoR-w8YQcS_3VRknLJ4F5MfXxzGbVvgvgCGKmcg==

GET
H2 200 Graphik-Semibold-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 47 KB
48 KB 265ms
226ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Semibold-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1702336745229/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
age: 2223702
x-amz-request-id: 5CC8K1WNH1RHE4NC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "912a296360c873da4d505fecc03d44a5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839881
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Sat, 16 Dec 2023 20:56:00 GMT
via: 1.1 c68aa4270b22c7e4e7044fd6df451f70.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: mxuwX8fqRvNjrtNo8SAnedwxdNDRhr6l
x-amz-cf-pop: HEL50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 48237
x-amz-id-2: 7RFnlOsg06DJbIxEh0x5ihQAzLzfouuOvaxWO0DDYodJhZdNvLq8d234lA3OAPNc4vpHuXlmRDg=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8369d4983bda49f0-SIN
x-amz-cf-id: K8oiB0H8NUp9hwG-UXwdn9_D-aHGX2M_B1oedj2M40Uryot-q5brow==

GET
H2 200 Graphik-Regular-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 42 KB
43 KB 268ms
229ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Regular-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1702336745229/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
age: 1542058
x-amz-request-id: X27PHA82JJ3VCQK6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "3c6b915f90783765fd47bc0e05b46078"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839928
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
via: 1.1 d479709dd798d5d0c2ea93e1b72342be.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: dC1ZTBx86DO9UlmT3zytQkvsH.OIjcRF
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 43329
x-amz-id-2: O+NXHAYCN7BkUGtMioG1gSPUW+RKcYTMzK+vQ5Q8H+yIomn3TFCIABtTTKYhbOVnKGsA2ysXaK0=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8369d4983bd849f0-SIN
x-amz-cf-id: a1sInkkIeJbWMssRj8r_-I_oF6u9D1JNNYVIiOP3CTY3r78qbiIsgg==

GET
H2 200 Frame%2036-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 227ms
225ms Other
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://info.varonis.com/hubfs/Frame%2036-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373678
x-amz-request-id: YXXPSWSJZ440F6Y0
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834893 PNNy RT(1702760158321 853) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"4a0280ec41a09339bc32b34cd26d66f3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428417394
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 32700c539a5f821aadd3624288c4aeb6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YmacvXukdtrqgcUXsZZPYD9p7.OCqpBh
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: deHgpuz3NXp7gHbUOn6qBSV3tdztyP6c+XjN1es/HvaYqPVFlh6UW0WVL40bogABRGj1VGJtrNk=
last-modified: Tue, 11 Apr 2023 21:05:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9lV3FfrZ7LcVqMrernHIy%2BHGbVg6KSry%2FQHMXd1IX%2B9ZSwDmCBz1fYNzT%2BCKTiOk83feXU69vrZdcRIPXulBLVTL%2BbzLGLkMMxhBKVaG9Xp68nZU%2FeX1IPeT7%2Bas5NK%2BQcc%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: ZRmOTYMDZQsmVx/yZ1zwBt8OfmUAAAAAONIMLBhouqqmXLu7wTe7Lw==
cf-ray: 8369d4997c5d4acc-SIN
x-amz-cf-id: rG_iues35VDh8bm-UXYw9kBe3EQ96RtJ3bLYJtKV-JODTOexHf-QyQ==

GET
H2 200 Frame%2036%20(2).svg
info.varonis.com/hubfs/ 2 KB
2 KB 256ms
254ms Other
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(2).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4450600125b5cdb5761654bbe725c5b4fcbc8e1a89f0a14b20f77157afc5715

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373683
x-amz-request-id: 800W8BQQ3729N265
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834947 PNNy RT(1702760158321 854) q(0 2 2 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"db75d74e33e96cccf27b2b6b95161418"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428486763
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 90cdff7228f895ed6ae34a9448571062.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nlQ.JNOv_1Z2QlY4vh553LM_j5Qk51Cs
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 09S2XyVPazzdAt7gFsOPFfg530f9fA2G4etwt7Xvzqs8niQcnkUYMmNqoXVcCHPrq2skL4vQ0q5Sc6YBdfHKQQ==
last-modified: Tue, 11 Apr 2023 21:05:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4d5FB723bHbW%2F7HNNit5sZExjwDWCCV54aUdYF8kPQqCsRgLrcHveM01Rtwl0PTUws4qhNTgDw%2FS5VqwSRUvF9B8FLS4PrgO3ThcrcMOhbv0oURsPWRyj3TgseACFWcSo5Y%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: VVPNFBUYci4mVx/yZ1zwBt8OfmUAAAAAguE6yVwLHWU8v3gfWaFXAA==
cf-ray: 8369d499abf418ac-SIN
x-amz-cf-id: oDs4MJVk2RgkgoJSgP_DbCoWltXCrNMDzgJ8tvHl6T3PPgKgvJnVOA==

GET
H2 200 Frame%2036%20(1).svg
info.varonis.com/hubfs/ 1 KB
2 KB 254ms
252ms Other
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(1).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-cdn: Imperva
age: 1373677
x-amz-request-id: FGKVSE6GN16QZ165
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834893 PNNy RT(1702760158321 855) q(0 2 2 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"7cba335c1df43bbb31b831c70444dc5c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428464410
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 e93c671d969240be8a6839ba09d3b732.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: jQIVfYXDwJPgRyEKdz3rJ1BSaSxuz0vz
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: +DNZLBnVXbp9Ql4ibBIfYyHlnEhGuHzPs0s7BG6qePNfcVGqBRnKJ4/4Zfh/2vD7NpMbN86rhlY=
last-modified: Fri, 07 Apr 2023 16:37:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifBw297hPzOUpHiZNDlJzzE2E0ky%2Bu%2FWr7RMySNh9F7Ejk%2BaKDXs726Gpir%2B2v6Vgx10Bo1wElA0FYInFw5aqH0Cidf8k7qQYG7w7wBevlHUlKDlCJnLZATYeFRZ387Nvhw%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: aypNUWTbmn4mVx/yZ1zwBt8OfmUAAAAAVhyk6U6i91/pZ4AOHZuKMg==
cf-ray: 8369d499ac7d4acc-SIN
x-amz-cf-id: gZG1-rhdt6fan4iRcgftScRbi1nMAJrtYU7OCXDJe_X9rfhHPRE5Cg==

GET
H2 200 NavIcon_M365_2.svg
info.varonis.com/hubfs/ 6 KB
3 KB 266ms
264ms Other
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://info.varonis.com/hubfs/NavIcon_M365_2.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1371096
x-amz-request-id: 8GYCMN5BFDH47MD6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834895 PNNy RT(1702760158321 856) q(0 3 3 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8bcc6d027ad47e870fe16a237dc73bfe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674081974689
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 5482351e8bcb93be701264b475dd3018.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: zwSqLSU0xjuOBDaiT8xXQbFQQAf95O6P
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OThIQ9PNvZVOIOgI8wKHKKx8IwCG04B5um0cY2RdADMa2+/emOj/f+AsrzwNaxv5qssvpzNXyZE=
last-modified: Fri, 07 Apr 2023 16:33:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tMNuRyRwJW8bkNwEbx1kmEjVCI%2FSeHihUi%2FI1ldB%2FkrJttB6nyw0o6OOc0%2FUqEYFhnfp%2FWjZk1e8ZNvSUDDsdEZtl8%2Bgb6Vfb%2B9iBJubR%2B3RNZ4i4AIujk%2F9NQnGExyaD9o%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: QlmqNa9gxRMmVx/yZ1zwBt8OfmUAAAAAK9J+BjyJB8qNd29lWDi6Pw==
cf-ray: 8369d499bcb23dad-SIN
x-amz-cf-id: l-5gKCyK4nnyvEZRKrdDVu-cQpNZ9o5h8y-Z5WneBasogtJs6oSWAg==

GET
H2 200 NavIcon_AzureFiles.svg
info.varonis.com/hubfs/Web%20Assets/Logos/ 2 KB
2 KB 294ms
293ms Other
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://info.varonis.com/hubfs/Web%20Assets/Logos/NavIcon_AzureFiles.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e648da8a366d494100d90e0af69a2945f34e53a2c70432ea12c0303039f2351

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1462497
x-amz-request-id: XTJPJB4EVKQVWA55
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834893 PNNy RT(1702760158321 856) q(0 3 3 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"39f1c52d2cc888b95c60463165cda36d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691417731365
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 bbdef00245eb23edcffbb5c502699edc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PQz0I5ZDy7h_rRyB67TOq3xY2tYQaD.k
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BamCQr1NOwwJvYW4495BlHIEfxX2ablpCT8w94PHz9ldYiZi9U8bSZ3miRQrO89BMQZialUMlRI=
last-modified: Mon, 07 Aug 2023 14:15:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ly%2FpdjHdHDJcrm%2BKZ7tXhtbxw8aayReCEyZqY5N2KTz%2BsNLW1mVa1Is5sXTSYMlh3hJXq6qdWr8%2FqNTUBsfV48B5GvrUQe%2BtOwN8cznYr68pLo2rP0d68ZU57pz97bBqQ9c%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Fh7vB5cPojwmVx/yZ1zwBt8OfmUAAAAA4QnTxnZIHFLYHD+qUnsDpA==
cf-ray: 8369d499ec904acc-SIN
x-amz-cf-id: QfoS17ali2be8p2LaQ3-UnG4DyrXT82zWc9Nh06k0cCLwQCzGBMyKg==

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/142972/40a8f297-80c2-4c34-9572-8648458abed5/ 5 KB
3 KB 303ms
279ms XHR
application/json 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/142972/40a8f297-80c2-4c34-9572-8648458abed5/json?hs_static_app=forms-embed&hs_static_app_version=1.4270&X-HubSpot-Static-App-Info=forms-embed-1.4270

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de0c6ffad072fb9011b8ac313640e386f41b81cb94d95260446b0c28c2766734

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Sat, 16 Dec 2023 20:56:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 9b7c00d3-8e97-449e-b1ea-77dbe54b7e2c
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 11
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9b7c00d3-8e97-449e-b1ea-77dbe54b7e2c
Server: cloudflare
X-Trace: 2B8B0D0228A45C32B76FC57468E27DC5B94884DA60000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.varonis.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 8369d4987df640f4-SIN
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-rgjzk

GET
H2 200 electric-blue-bullet.svg
info.varonis.com/hubfs/List%20Bullets/ 207 B
1 KB 166ms
165ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/List%20Bullets/electric-blue-bullet.svg

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

579b9f734819f583199cd70b03c4e919430a74dd7698921ef16465b41d934769

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-cdn: Imperva
age: 1372800
x-amz-request-id: 97X9JXWGF44DPTP8
x-amz-server-side-encryption: AES256
edge-cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834832 PNNN RT(1702760158321 871) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"11a69afb5c346ee7879933cb8018fb16"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1686756510007
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 a28bec52c459f8c156729550b86ee066.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .NxTwPt8HK_D1KNCw2RVpUG949n3i.Ds
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: mG/jsMndS0GZBzOhpyYIlD1qyauyB44DGD3mlraN+Kuxo7/clOhO+L2mAss4etu9avA3EYoqgRE=
last-modified: Wed, 14 Jun 2023 18:26:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CBjGgelp08PTdhAw9zyjjbeYaRhEay1AB5S19TvuJMbUNY8OQlpmKpyxzZbNoK9owFCn8E4qxk87O2jzjGqPSNAqlgV9nKtnlKDIzb3tFUys87atsoMLwc%2F7DBHCazA4YLA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: KuYdRKGFXV8mVx/yZ1zwBt8OfmUAAAAAld/QpukJO/Tenqz9xgGryw==
cf-ray: 8369d499381249ba-SIN
x-amz-cf-id: Gw34fzXNTeQKTLUbl78jBewcuUIAnbSjbGad3ylg8M8stNkTNb70eQ==

GET
H2 200 left-dots.svg
info.varonis.com/hubfs/Blog%20Assets/ 2 KB
1 KB 232ms
232ms Image
image/svg+xml 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog%20Assets/left-dots.svg

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

842abfe134599c5d48d4ddd88bde8d24bd36b32b22bea540837311364b7ce2c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-cdn: Imperva
age: 1457676
x-amz-request-id: Z41DMTBS9ZCK81H9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834830 PNNN RT(1702760158321 872) q(0 2 2 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"254492fd49488a86ceb0dec13de43a23"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687458027842
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 cc91f4cc360b8afb58871d3847b754c4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ehUGABsPDh.TzD7OR2EU0s227ASA3VJS
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: L31/oPV3UOS+8TxzQy3M0acNwAbARFglgVcCFgqBjmkZmF8n8YbTbwi2D3e8B0St5Ml73osmkUw=
last-modified: Thu, 22 Jun 2023 18:20:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IBQrmam8gg3BA4EreZAvvPRomKVCrbNthgvObD2n0kGUUeqFUY08ivW9813jWDnC3a9dlemL0rd4T711GkgRFKnoo%2BBM9m6lfx3qXlXlmY7XDyzDuPTC0RDem7PuC3A4j9Y%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: GQGxaJaqi2cmVx/yZ1zwBt8OfmUAAAAA79jRupCLRmPxJFtGtbwwZg==
cf-ray: 8369d4994c2f4b8c-SIN
x-amz-cf-id: cpTL-iSvxsr-6Ikj30SbCKbYZXbltKXTtJGsKHAoYRkuCUtE1rOisw==

GET
H2 200 2019-07-15-16_45_00-idu24554-10_60_72_92_3389-Remote-Desktop-Connection.jpg
info.varonis.com/hs-fs/hubfs/Imported_Blog_Media/ 10 KB
10 KB 201ms
200ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hs-fs/hubfs/Imported_Blog_Media/2019-07-15-16_45_00-idu24554-10_60_72_92_3389-Remote-Desktop-Connection.jpg?width=538&height=646&name=2019-07-15-16_45_00-idu24554-10_60_72_92_3389-Remote-Desktop-Connection.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d6d0960061c28a34b39a6b9dcdebe2656bdab73b24759b9512be072fd4d9a98

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 b5395082efa0e4a254cc542fb5070f3a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
x-cdn: Imperva
cache-tag: F-53574988132,FD-44912348718,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834895 PNNy RT(1702760158321 886) q(0 1 1 -1) r(2 2) U24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 9760
cf-resized: internal=ok/m q=0 n=1973+0 c=2+23 v=2023.9.8 l=9760
last-modified: Fri, 10 Feb 2023 22:06:49 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfPn8CzWOgogwn0665ztWpb74hXo2x18tX3RPcnGHfDQ:9162e8cda5323ff67cda0aa37e25047f"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BupPkbpwLG9v0gjRNa1gHStIzoa%2FpqgDwaMaBCw3z0ixsBdpExq5nGK3oiWdXzEqiG5F4kKI3E3FOkOzBCo3Ogpj2xSzX5i1IXrej6vIW30xR12o3fsHPghZ3hJaYFOyaz4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-incap-sess-cookie-hdr: +iAVYz42yBUmVx/yZ1zwBt8OfmUAAAAA+Flbxf7n2UP3NEqhVn3UvA==
accept-ranges: bytes
cf-ray: 8369d4995c773dad-SIN

GET
H2 200 NTLM-brute-force-blog-1.png
info.varonis.com/hubfs/Imported_Blog_Media/ 51 KB
52 KB 182ms
180ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-1.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e95568becfa0171d1990a4941bffcbe470ac34deafa67bd3dbfb4a5c63414878

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-53580091209,FD-44912348718,P-142972,FLS-ALL
x-cdn: Imperva
age: 516
x-amz-request-id: G8YEDM6BE04T74FH
x-amz-server-side-encryption: AES256
edge-cache-tag: F-53580091209,FD-44912348718,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834947 PNNy RT(1702760158321 888) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="NTLM-brute-force-blog-1.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "f88cfb24e6f5e53b0af3a1734a52b335"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1629751489417
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 02a495849c28001b7906a26251ff609c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Cv0iMvVOQnm2wJkACng4qSmlA.ZldEfH
x-amz-cf-pop: BCN50-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=79624
x-cache: Miss from cloudfront
cache-tag: F-53580091209,FD-44912348718,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 52128
x-amz-id-2: rfcofbHOpBeoGfrlS2SqhmuUmEakwyOZ/HlzHZzvFX1QddTV31PRcWJN5Q2C0mYhIokrPE3VC/5+vmOJ0WvQ997cgB9LJACPvH/b1U1Z7wc=
last-modified: Fri, 10 Feb 2023 22:37:01 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UsrAsyGIpGa4N%2BgrCiJhcVcu4YTQagnhjq83BqbumV3A%2FkhoyY88KuvL2zli7LOQSxjHFQMyKK%2BTYX7RDjjgPMPcsg%2FxcYahcuQJrsMznsiCJTffsx9B25CS9n8K2322OLg%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: IqZhBIKDwTEmVx/yZ1zwBt8OfmUAAAAAPjpCZAbQqWvO+nDWyo2vWA==
accept-ranges: bytes
cf-ray: 8369d4996bd918ac-SIN
x-amz-cf-id: 65mLdfQyr6r50wCkjuJRTQGxBW2FGEpM-P-qqaWv--LtTY_KB2lqWw==

GET
H2 200 NTLM-brute-force-blog-2.png
info.varonis.com/hubfs/Imported_Blog_Media/ 18 KB
19 KB 268ms
267ms Image
image/webp 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-2.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12eca6d41ac5b6b6f68c6309fd26134d2db7ba3b5e9179a5ac2849b00a084093

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-53579900267,FD-44912348718,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: JGMYVQMQZ06P57CX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-53579900267,FD-44912348718,P-142972,FLS-ALL
x-iinfo: 4-49834807-49834832 PNNN RT(1702760158321 888) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="NTLM-brute-force-blog-2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "492c1be4f51cec00fbd88e2975705025"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1629751500723
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
via: 1.1 44b74b23c5e60f8349560434950d9d2a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5MzFhVwBKx.WoaeEA5_Ol2n8Zh_A9_aM
x-amz-cf-pop: MRS52-P5
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=26085
x-cache: Miss from cloudfront
cache-tag: F-53579900267,FD-44912348718,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 18678
x-amz-id-2: JIyGWVkSijWy/xkA8iHj5zbl0mrTD2VwwVMRXEIQzFHmETybTLcpE/wiPz1SKyZqiwZY/EHQ+pjAgj7/3tSTZg==
last-modified: Fri, 10 Feb 2023 22:21:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dq%2BgxvYZCrTTMkqwMwbl0hk4jMFi9O65qTvZ3gixbrHzstO9CsKETG7D9rJhXaHUYgdGboceWQ5GmtzzgcWvP%2FjG3zm%2FZdvWtngDcWLJtwPF6R4h5mXycPDbbns928Tabjw%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: XxXDMR70OD8mVx/yZ1zwBt8OfmUAAAAA8/mNpCAIlyUqdQC6mN1kzw==
accept-ranges: bytes
cf-ray: 8369d499682649ba-SIN
x-amz-cf-id: RwS3xrBz7jGncr2owfbrJnQYE_YSCYL2kt37HUtMDLCUaoYwWcaGfQ==

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/3bd4ac03c21554b3/ 315 KB
105 KB 22ms
6ms Script
text/javascript 2404:6800:4003:c11::6a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/3bd4ac03c21554b3/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c11::6a Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7448175084bac35748586b504207f8b7c371f6f751ef435f4b0569421a794db6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107185
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 16:53:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sat, 16 Dec 2023 20:56:00 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/3bd4ac03c21554b3/ 41 KB
9 KB 26ms
9ms Stylesheet
text/css 2404:6800:4003:c11::6a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/3bd4ac03c21554b3/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c11::6a Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9068
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 16:53:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sat, 16 Dec 2023 20:56:00 GMT

GET
H2 200 minimalist.css
www.google.com/cse/static/style/look/v4/ 5 KB
2 KB 21ms
5ms Stylesheet
text/css 2404:6800:4003:c11::6a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/minimalist.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c11::6a Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:18:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1452
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sat, 16 Dec 2023 21:08:38 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
3 KB 29ms
5ms Script
application/x-javascript 2a03:2880:f00c:300:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f00c:300:face:b00c:0:3 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a18ace2bd6672862d71555b71fbeea2edbc1bdc4bddf4776beccd31e2656a276

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 16 Dec 2023 20:56:00 GMT
content-md5: Zo0ZaueQMyrpMv9RMqopag==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
reporting-endpoints
x-fb-debug: ACndjuyQsFOfDAK5Rsgqtxdbxb3PJ5LLiifPrKa7V1fFJ+m0k0DylIStgJ6AVCzk65RBn+/HY/nB0tmb9/EGQQ==
x-fb-content-md5: 3fada541cc1e412e3a3eb0c2d93403c0
cross-origin-opener-policy: same-origin-allow-popups
etag: "4e64104105d48a7e76e422caad90de84"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 16 Dec 2023 20:56:07 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 736ms
180ms Script
application/javascript 2606:2800:248:2f:1d8a:787:dc7:17df
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:248:2f:1d8a:787:dc7:17df , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (itm/7541) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sat, 16 Dec 2023 20:56:00 GMT
Content-Encoding: gzip
Age: 236
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (itm/7541)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H3 200 announcement-banner.min.js
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/ 304 B
1 KB 34ms
30ms Other
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/announcement-banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5ec6b8d820581f2d04713d3bea37883b0e5c2881f7bb108e13a3d63249c4867

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 681083
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:33:00 GMT
server: cloudflare
etag: W/"ed246e714d8f7084f9613208eb724cf5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550379808
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4L6n8wc5TxOcSN2BJ5mZiyfVfhBmuxXJIX764kzC8%2BzZbmxW%2BYNA5jYu1wO%2BSnidrd5nk0nBoRt4G%2B5BNRcgDx930e5Lza0ayq%2BFAYhVYSTsyBYm6kHzLX4tuKnGlsK41hdsFBsEGPw6K%2FL2l8E%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8369d498bfa24028-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 module_71662020467_Announcement_Banner.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/ 865 B
1 KB 32ms
28ms Other
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/module_71662020467_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6cc38542df851f8b331cdd5ac0dbe9929c7968d347c62d93c22b91ef560a931

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 246342
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 30 Jan 2023 21:42:04 GMT
server: cloudflare
etag: W/"6eb6d7132999731493bad4b8e9e19c88"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1675114923395
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4gtJPi0XODPF0o8MXVy%2Bl8ZtYt2nkvz6aFfxRs6ZLOHx7%2Bd7EZIeZvgxiSz2pWpYO1JhSMm64dWEa%2FNbE6jMVb1fYuvl2kbbYu5hzWmmqBQC7VI7gGXgh2E8P7ReKeYOBz46dPr2VaL5x%2FX8%2FJY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8369d498bfa74028-SIN
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 module_97266453797_Remediation_Announcement_Banner.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/ 860 B
1 KB 31ms
27ms Other
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/module_97266453797_Remediation_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1621486
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a25c4019cb8b6fc47eb8ed83cf1076d4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550132881
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 39a13f21-25ae-4cb7-9386-f54652bf2e38
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 141
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 39a13f21-25ae-4cb7-9386-f54652bf2e38
last-modified: Mon, 03 Apr 2023 19:28:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUtWBMP5kHefv0yazz0y53osJAoBw45uNBi%2BX9x9d%2F5u6UdoLVfXNK9C7kmoJoCNEkfeFNJ6zsyaHrNajRs6qqvmR6TlCcHZr1SkuF630yLOvP6MkQFPsCWZ3EOYgI55vMYUlHSwW4GLToagTtc%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-q8s24
cf-ray: 8369d498bfaa4028-SIN

GET
H3 200 main.min.js
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/ 10 KB
4 KB 32ms
28ms Other
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/main.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1621486
x-amz-cf-pop: IAD61-P3
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 75fff1d4-4a23-46cc-a1b7-5653128d91f9
x-envoy-upstream-service-time: 164
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 75fff1d4-4a23-46cc-a1b7-5653128d91f9
last-modified: Fri, 01 Apr 2022 11:44:17 GMT
server: cloudflare
etag: W/"c4d1fac2b0b677aeaa2c2ade72813888"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1648813456943
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ViYPERKUDMCoaQSmxUDQpxYb4OFkdXSBbBlcSsmVUAe3oIVB3CuhI%2FM2d3q7t3pCMBW1Mshj7sI6At%2Bj5wo6AIuShX9ofckSl6aQNWwbix58ItQG1IHjKvpFz1qU4%2F5VrmNLYADI%2FOATfs42IBk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 8369d498bfad4028-SIN
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 module_96126751858_Site_Navigation.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/ 4 KB
2 KB 25ms
22ms Other
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/module_96126751858_Site_Navigation.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1555040
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"066f9d11e54f30bcda41cc81ace646da"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030599466
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 490a3902-2e15-49cd-8cfe-50266492d64d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 244
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 490a3902-2e15-49cd-8cfe-50266492d64d
last-modified: Thu, 03 Aug 2023 02:43:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vG4hKb1euLmyBteWaFBqkllbCu7dv8b4QawNdWc81sDyeAgPwWJP8poWvXJxF4Tr7yN1SUJLih6%2F%2Bmf0y%2FLRR1asJuBJQovKF%2BWkPzTEK303TlRVzR2iIG7duBFT2hTrNixH%2FG7AHlp432Fw%2FH8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 8369d498bfaf4028-SIN

GET
H3 200 module_125777074029_Navigation_Submenu.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/ 1 KB
1 KB 26ms
23ms Other
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/module_125777074029_Navigation_Submenu.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1540608
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"131209442a05e734a14e3bd00f89bee6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210032469
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:56:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5dba04c5-4646-4a60-ae3d-bbe90cda58a7
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 198
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5dba04c5-4646-4a60-ae3d-bbe90cda58a7
last-modified: Wed, 16 Aug 2023 18:20:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQBa9enGX7NPQE7cWGNcgs%2BWER3Iq6wYaRwgxI70h0RQDmNtMxtEpwRQ1UP9qIf5sWQ9H6ozSCEvT1Ir57sZMefJGmtE7BnIJ6byPR5S24BAl14BKNV%2BYXIEszV5efPTz%2Ft%2Fs%2BEbGploFwCCE4A%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 8369d498bfb14028-SIN

GET
H3 200 module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/ 2 KB
2 KB 30ms
27ms Other
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f5e45ba0c943167a203ccff2d9b3065c7767b1c32c33e6b21af38da1738b8a7

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 2141046
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"f95490701022c4b61b9aae62631a9ad7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779299533
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:56:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: edb15a77-9060-4181-a508-3ccf45d119b7
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 133
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: edb15a77-9060-4181-a508-3ccf45d119b7
last-modified: Fri, 11 Aug 2023 18:41:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UkA5B4Uu7MTggyDxNcLLkA%2Fqky%2FISDHwW%2Ba6PMgOwFtX3%2FsBaR7qF%2BhR9QE19qClfyuuXSYXH7i1%2F6mboo8Y9ZYBqTtdgcWjQ0MykvecC91IFajJ7hSFoBgN6gQ1DT8FHX7uJ0jG57FUh4iwVMk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 8369d498bfb34028-SIN

GET
H3 200 module_60280511003_blog-form.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/ 232 B
1 KB 27ms
24ms Other
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/module_60280511003_blog-form.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dc5ff8e8d54854daa72a30a2bf8345b75255597251028dad23e18510e635b98

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1372667
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"199d600316628445ac927b3b2b5d292b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678832788379
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Sat, 16 Dec 2023 20:56:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 596c1d22-08ec-45db-8661-a3eece14dea5
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 234
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 596c1d22-08ec-45db-8661-a3eece14dea5
last-modified: Tue, 14 Mar 2023 22:26:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oAVwqtBOjo9CSE0dxpYC%2FGscfvjt1FH5mLJq%2FZqhuhLjVeag%2Bdd6mJDkhyASNJ9kzfD2dh1vH9RhtUtqdAWFfBLtEXhXX2N8jrlbTz9wheruy7U0HOgKOtoXCNiBLMuq8bYmyRAVftRZw%2FLeZSc%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 8369d498bfb64028-SIN

GET
H3 200 module_87397221683_Footer_Site_Directory.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/ 577 B
1 KB 28ms
25ms Other
application/javascript 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/module_87397221683_Footer_Site_Directory.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-encoding: br
age: 1277625
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"b7e1d67d9b7a486bb634ad966519a8bc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310222
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Sat, 16 Dec 2023 20:56:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f62e46eb-1b10-4124-89a4-2b403c1bab5c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 156
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: f62e46eb-1b10-4124-89a4-2b403c1bab5c
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OFd57vdggbOPdD2%2BH0BPFcWgNb%2FjS3NEAuKDgKCHunAAblgDZ9goespGTqo4n4Q2P1qRzNh5XJAirMw6mQnOulzmXuXcxgHk1fDICgTNuC58VflhISh2qcjt1NGQTvv86QDLTDd5kBeCjd0yJ1k%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-8ktx6
cf-ray: 8369d498bfb94028-SIN

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238

Request headers

accept-language: zh-SG,zh;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e

Request headers

accept-language: zh-SG,zh;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 _Incapsula_Resource
www.varonis.com/ 1 B
84 B 4ms
3ms Image
text/plain 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.varonis.com/_Incapsula_Resource?SWKMTFSR=1&e=0.937794977683897

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 29ms
8ms Script
text/javascript 2404:6800:4003:c1c::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1c::64 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 16 Dec 2023 20:09:57 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2763
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 16 Dec 2023 22:09:57 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/ 3 KB
2 KB 45ms
15ms Script
text/javascript 2404:6800:4003:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/?random=1702760160251&cv=11&fst=1702760160251&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v846391121&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&hn=www.googleadservices.com&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c00::9a Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7aea59332d6045122d4720e1db90162de88e23344b1dc90c932a1190b83d2f33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1285
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 26 KB
9 KB 537ms
172ms Script
application/javascript 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 12 Dec 2023 19:56:38 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "ead4fccfb1bebd02138cf2dcadd7dcba"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8123

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 710ms
173ms Script
application/x-javascript 152.195.58.59
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.58.59 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (hhp/9A86) /

Resource Hash

196d92bf5816c956d998e5e2eb9579e8169d427dc9e6c19b07ef3c304c950686

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
last-modified: Thu, 14 Dec 2023 23:05:32 GMT
server: ECS (hhp/9A86)
age: 85374
etag: "b4aa99e22eda1:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25393

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 17ms
8ms Script
application/x-javascript 2a03:2880:f00c:300:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f00c:300:face:b00c:0:3 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 16 Dec 2023 20:56:00 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: TppxT4Ne/1DhxyKIawTeoLM1tQlK4Sw3xdWDddbSfdmFmbcDGfKgX7t3jWQNWtZPUWi65by08fuF/+k60nQ7qg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 142972.js Show response
js.hs-scripts.com/ 2 KB
1 KB 307ms
280ms Script
application/javascript 2606:4700::6810:bd59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/142972.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bd59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ae13f42cc15acfa9618543a8de1ff3eca2d7571ff2ee07c419b579432e3c094

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c518a96b-bc13-45d4-841e-9b015de0076c
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c518a96b-bc13-45d4-841e-9b015de0076c
last-modified: Sat, 16 Dec 2023 20:31:44 GMT
server: cloudflare
x-trace: 2BEFC73AAA0C42E865BDEA6FD950DB66BA2469DCAA000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-q8q5z
cf-ray: 8369d499dbb16baa-SIN
expires: Sat, 16 Dec 2023 20:57:00 GMT

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 82ms
11ms Script
application/javascript 2606:4700::6811:129
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:129 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: F3JAD5KB7A4WPZ6K
age: 4112
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3vVBD8RGviN4J9Jx8C4Z5nFOeCEedeEmHM6qGglCQBt+14d2+8TC7ZW58/jK5aLu/u8jlfPmm84=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 8369d49a1df34c3b-SIN
expires: Sun, 17 Dec 2023 00:56:00 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 734ms
242ms Script
text/javascript 18.235.68.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.68.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-68-109.compute-1.amazonaws.com
Software: /
Resource Hash: 3f5641c2784aa17e2bd50bbe6bc8866e4d80df450d438cf85393a489af19414a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 16 Dec 2023 20:56:00 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 244ms
80ms Script
application/javascript 151.101.108.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.108.157 Tokyo, Japan, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 18:55:37 GMT
x-amz-server-side-encryption: AES256
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100147-IAD, cache-tyo11947-TYO

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 292 KB
94 KB 18ms
17ms Script
application/javascript 2404:6800:4003:c00::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c00::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0d92c050265f2817533e68be0c6153ea866a2a7434a014b35723f7ecaa0d2d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95909
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 16 Dec 2023 20:56:00 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 63 KB
17 KB 29ms
3ms Script
application/javascript 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

d670233ca601ed8dd1f500ecd0a0ba5760ff7259e9409ff4c8adf8c4351fcd3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 15 Dec 2023 19:24:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "657ca7d5-fdbc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17422
expires: Sat, 16 Dec 2023 20:56:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 42 KB
15 KB 19ms
5ms Script
application/javascript 2403:e800:e80b::2a63:8c8b
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2403:e800:e80b::2a63:8c8b , Hong Kong, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),

Reverse DNS

Software

Resource Hash

f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Dec 2023 13:09:33 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=39099
accept-ranges: bytes
content-length: 15541

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 527ms
198ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Sat, 16 Dec 2023 20:56:00 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A0E2D482F0342D19E7856B41B892A7B Ref B: SIN30EDGE0811 Ref C: 2023-12-16T20:56:00Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 404 cse.js
cse.google.com/ 0
0 25ms
22ms Script
text/html 2404:6800:4003:c11::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4003:c11::64 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H/1.1 200
OK ktxevents.v1.js Show response
trackit.ktxlytics.io/ 98 KB
98 KB 132ms
43ms Script
application/javascript 54.192.18.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://trackit.ktxlytics.io/ktxevents.v1.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.18.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-18-44.hkg62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sat, 16 Dec 2023 15:20:34 GMT
x-amz-version-id: 8nobErucU.TGbL_HVc3JJOzAiDrdj9pU
Via: 1.1 75f75533e7cd1fc09e1d71e46c9ff620.cloudfront.net (CloudFront)
Last-Modified: Wed, 23 Oct 2019 19:11:31 GMT
Server: AmazonS3
X-Amz-Cf-Pop: HKG62-C2
Age: 20127
ETag: "5350ce54b7969cfe1e9a0314b25964b6"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 99889
X-Amz-Cf-Id: DCEPRO0ID7A-UER7_PTi7iFZNis--fGjFeSBc0XyrmtBu7uJA1GhTg==

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=269843890
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D269843890

43 B
844 B

4ms
4ms

Image
image/gif

103.43.90.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D269843890

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Server

103.43.90.53 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

594.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
an-x-request-uuid: 3165c17f-d5cd-4a6f-9c4b-7d17b19a9901
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 103.254.153.226; 103.254.153.226; 594.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
an-x-request-uuid: e869dc1d-5b9c-422e-99c7-2747ef56a633
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D269843890
cache-control: no-store, no-cache, private
x-proxy-origin: 103.254.153.226; 103.254.153.226; 594.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

cksync
hb.yahoo.net/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=71679u3&ct=0:ms2x9ot&fmt=3&gtmcb=246678367
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=6176d928-6d94-467e-8eb9-80ac5931bdb5&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=NjE3NmQ5MjgtNmQ5NC00NjdlLThlYjktODBhYzU5MzFiZGI1&gdpr=0&gdpr_consent=&ttd_tdid=6176d928-6d94-467e-8eb9-80ac5...
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=6176d928-6d94-467e-8eb9-80ac5931bdb5&google_gid=CAESEEIKlxlXpSmrHNlwThHAzKE&google_cver=1
https://ups.analytics.yahoo.com/ups/55953/sync?uid=6176d928-6d94-467e-8eb9-80ac5931bdb5&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true
https://ups.analytics.yahoo.com/ups/55953/sync?uid=6176d928-6d94-467e-8eb9-80ac5931bdb5&_origin=1&redir=true&gdpr=0&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=55953&ovsid=6176d928-6d94-467e-8eb9-80ac5931bdb5&gdpr=0&redir=true
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1wVlJlX3dORTJ1RVBWLkM1YmtDX0IwWEVGYjE2anRNQn5B&gdpr=0&ovsid=6176d928-6d94-467e-8eb9-80ac5931bdb5&dpid=55953

57 B
663 B

206ms
56ms

Image
image/gif

42.99.140.152
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hb.yahoo.net/cksync?cs=63&axid_e=eS1wVlJlX3dORTJ1RVBWLkM1YmtDX0IwWEVGYjE2anRNQn5B&gdpr=0&ovsid=6176d928-6d94-467e-8eb9-80ac5931bdb5&dpid=55953

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Server

42.99.140.152 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),

Reverse DNS

ip-42-99-140-152.pacnet.net

Software

Apache /

Resource Hash

ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Sat, 16 Dec 2023 20:56:01 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 57
x-mnet-hl2: E
expires: Sat, 16 Dec 2023 20:56:01 GMT

Redirect headers

location: https://hb.yahoo.net/cksync?cs=63&axid_e=eS1wVlJlX3dORTJ1RVBWLkM1YmtDX0IwWEVGYjE2anRNQn5B&gdpr=0&ovsid=6176d928-6d94-467e-8eb9-80ac5931bdb5&dpid=55953
date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 299 KB
84 KB 12ms
7ms Script
application/x-javascript 2a03:2880:f00c:300:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=69ca006b7544c28222b1ef0f8cc98e69

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f00c:300:face:b00c:0:3 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9a72d9dae2d0a261507446d48e204e34023949a1629bf7e12a2d5c5996e0eac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
Origin: https://www.varonis.com
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 16 Dec 2023 20:56:00 GMT
content-md5: kxXPGhz/KRYSHmHVE8YSaQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86317
reporting-endpoints
x-fb-debug: JXQKubLKSo21CSiYC3pAgbrwvfrR+5ng3EpHbxOaAYgGRG3jYgc/X5ZCAy1lPhfl1vVPhrAmsAqqBGK3LkCgCQ==
x-fb-content-md5: 5f9350083730dd811fc5693a5a72ac33
cross-origin-opener-policy: same-origin-allow-popups
etag: "c36bca99c9f9c636bdeea06132daa927"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sun, 15 Dec 2024 20:36:07 GMT

GET
H3 200 async-ads.js Show response
cse.google.com/adsense/search/ 142 KB
52 KB 9ms
8ms Script
text/javascript 2404:6800:4003:c11::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/3bd4ac03c21554b3/cse_element__en.js?usqp=CAI%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4003:c11::64 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7df0df8b3df8c42634ecc71d7ab35e197c61777eb5b41a3e14239322b5804f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "13376431191049311150"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Sat, 16 Dec 2023 20:56:00 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
117 B 24ms
3ms Image
text/plain 2404:6800:4003:c1a::65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4003:c1a::65 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
623 B 306ms
291ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f41210f0-8305-4089-b0ce-a0a25c2c13e5
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f41210f0-8305-4089-b0ce-a0a25c2c13e5
server: cloudflare
x-trace: 2BACF64C5D7C4A2B9C32A2A4B12900E23335A2B040000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-98629
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8369d49aee8d4d27-SIN

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 5ms
4ms Script
text/javascript 2404:6800:4003:c1c::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1c::64 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:12:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2612
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 697
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 16 Dec 2023 21:12:28 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1015553108/ 42 B
340 B 12ms
11ms Image
image/gif 2404:6800:4003:c11::6a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1015553108/?random=1702760160251&cv=11&fst=1702756800000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v846391121&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_LRCnAB4GGcOVPPENFBk8ADGni0mezw&random=2352139619&rmt_tld=0&ipr=y

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c11::6a Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.id/pagead/1p-user-list/1015553108/ 42 B
455 B 24ms
9ms Image
image/gif 2404:6800:4003:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.id/pagead/1p-user-list/1015553108/?random=1702760160251&cv=11&fst=1702756800000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v846391121&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_LRCnAB4GGcOVPPENFBk8ADGni0mezw&random=2352139619&rmt_tld=1&ipr=y

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c06::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
357 B 739ms
238ms XHR
application/json 52.71.156.47
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMTQ3NX0.iI-HhwOQ2R9nR36t6D2kwo7l09ByrLMU2A7_XHc4Ar0

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.71.156.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-71-156-47.compute-1.amazonaws.com

Software

Resource Hash

e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 10c2126de1d66aaadd78b2e1715938f4

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 12ms
5ms XHR
text/html 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-59-168-107.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 22 B
313 B 27ms
6ms XHR
text/html 2600:1413:b000:6::17d5:2bc6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1413:b000:6::17d5:2bc6 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6934ac3a358b2722acda2776ad3540d1edecf540ea9c658e1ba126ed3b202498

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.varonis.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:df1:800:a004:1::8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702760160496_398551238_2657964767_14_579_3_10_219";dur=1
content-length: 22
expires: Sat, 16 Dec 2023 20:56:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 471ms
467ms Image
image/gif 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A00%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 481ms
481ms Image
image/gif 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2016%20Dec%202023%2020%3A56%3A00%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2208f833d2e9af1f124e201163df927e7c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2016%20Dec%202023%2020%3A56%3A00%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2016%20Dec%202023%2020%3A56%3A00%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c1b0175dc2b2ae319cf32b1dec3db9836bdaea3e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2016%20Dec%202023%2020%3A56%3A00%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sat%2C%2016%20Dec%202023%2020%3A56%3A00%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
305 B 813ms
478ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 26CB192C1F33484CB4DFE1D255B6B4E9 Ref B: SIN30EDGE0109 Ref C: 2023-12-16T20:56:00Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://www.varonis.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYMpr6HrNMVeqWyW2j63g==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1702760160495%26url%3Dhttps%253A%252F%252Fwww.varonis....
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true&...

0
490 B

241ms
214ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKfDVwkbJ1l9QAAAYx0aiMFc5pfQl8ez1zwre4xkKVS61jJnvORs37aJ-_R4C0XBtZbFPdL7TY
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:02 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D5654A6BE3DA4C1EACD910AFCCFC2B7B Ref B: SIN30EDGE0314 Ref C: 2023-12-16T20:56:02Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMpr6ezaNZzQq+MrKBQA==

Redirect headers

date: Sat, 16 Dec 2023 20:56:01 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 657E4E3E073E42C790C753CFCDD77489 Ref B: SIN30EDGE0109 Ref C: 2023-12-16T20:56:01Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160495&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKfDVwkbJ1l9QAAAYx0aiMFc5pfQl8ez1zwre4xkKVS61jJnvORs37aJ-_R4C0XBtZbFPdL7TY
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMpr6YtM4oGJC9IiaS2g==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1702760160498%26url%3Dhttps%253A%252F%252Fwww.varonis....
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true&...

0
146 B

209ms
208ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLlnweCfYrFnQAAAYx0aiOk86twFzbVj-0It1gevg1khcfzdgkpBP7Gwxv1RpeBdU2ZzUJnpT4
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:02 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 3C013E4B9D9441B2A6340DD2B4D74A42 Ref B: SIN30EDGE0314 Ref C: 2023-12-16T20:56:02Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMpr6gwO3jPBOWQPHUxg==

Redirect headers

date: Sat, 16 Dec 2023 20:56:01 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 34715AD2B0A14CC3B6E000023CB2C37E Ref B: SIN30EDGE0109 Ref C: 2023-12-16T20:56:02Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1702760160498&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLlnweCfYrFnQAAAYx0aiOk86twFzbVj-0It1gevg1khcfzdgkpBP7Gwxv1RpeBdU2ZzUJnpT4
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMpr6bI4ae+FsHPCa5ow==

GET
H3 200 179650485736885 Show response
connect.facebook.net/signals/config/ 141 KB
36 KB 643ms
643ms Script
application/x-javascript 2a03:2880:f00c:300:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/179650485736885?v=2.9.138&r=stable&domain=www.varonis.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f00c:300:face:b00c:0:3 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b247a1a3cda5afc293925aff46e0012a88d69c26bb3cf813baf4e3b81459bc8e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 16 Dec 2023 20:56:01 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 91tS86wfm33h2vKv8tKk2ivlbGd8e6CEpvQ8zj6IXTEQrD6Q2PLv/fn4C3mtVVur5ihCVbE7DWabEg4H0nbWmg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 6ms
5ms Ping
text/plain 2404:6800:4003:c1c::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-PCF2HBX32M&gtm=45je3bt0v9102029281z8846391121&_p=1702760159930&gcd=11l1l1l1l1&dma=0&cid=2112734969.1702760160&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1702760160&sct=1&seg=0&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&en=page_view&_fv=1&_ss=1&tfd=1398
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2404:6800:4003:c1c::64 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1016 B 282ms
260ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sat, 16 Dec 2023 20:56:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: c6264957-eaeb-4a46-a4c4-b1e7ae94246e
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c6264957-eaeb-4a46-a4c4-b1e7ae94246e
Server: cloudflare
X-Trace: 2B22D748A51A71A06EE77C0E87B0DF0F458ECC1541000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-795b47fdff-6h5f4
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 8369d49d3e029fb9-SIN

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 458ms
458ms Image
image/gif 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=ipv6&q=%7B%22address%22%3A%222001%3Adf1%3A800%3Aa004%3A1%3A%3A8%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 202 event Show response
plausible.io/api/ 2 B
502 B 907ms
388ms XHR
text/plain 2400:52e0:1502::1059:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/api/event
Requested by: Host: plausible.io
URL: https://plausible.io/js/plausible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1502::1059:1 , Hong Kong, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-HK1-1059 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
cdn-edgestorageid: 1059
cdn-cachedat: 12/16/2023 20:56:01
cdn-pullzone: 682664
application: 10.0.0.3
alt-svc: h3=":443"; ma=2592000
content-length: 2
x-request-id: F6FrWFZ4Yr6H8DwaSkKP
server: BunnyCDN-HK1-1059
cdn-proxyver: 1.04
cdn-requestpullcode: 202
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: must-revalidate, max-age=0, private
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
cdn-requestid: 8448f345d5f1e48d41b2bb124809fc8f
cdn-requestcountrycode: SG
cdn-requestpullsuccess: True

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 358ms
332ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=142972&callback=jsonpHandler

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d939be30-f4ba-44a1-8cf6-f202389b1de6
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8369d49d7aea601d&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: d939be30-f4ba-44a1-8cf6-f202389b1de6
server: cloudflare
x-trace: 2B8049A2B33FAEAFE79526BC795F5372BFE41B55B8000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-ntwkx
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 8369d49d7aea601d-SIN

OPTIONS
H2 200 tp2
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ Frame 0
0 747ms
243ms Preflight 18.208.65.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.208.65.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-208-65-209.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.varonis.com
access-control-max-age: 600
content-length: 0
date: Sat, 16 Dec 2023 20:56:01 GMT
server: nginx

POST
H2 200 tp2 Show response
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ 2 B
336 B 265ms
238ms XHR
text/plain 18.208.65.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: trackit.ktxlytics.io
URL: https://trackit.ktxlytics.io/ktxevents.v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.208.65.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-208-65-209.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://www.varonis.com
date: Sat, 16 Dec 2023 20:56:01 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
H2

200

v1
c2.ktxlytics.io/com.snowplowanalytics.iglu/
Redirect Chain

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=6814103536244065536
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=6814103536244065536&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs

43 B
387 B

237ms
236ms

Image
image/gif

18.208.65.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=6814103536244065536&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Server: 18.208.65.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-208-65-209.compute-1.amazonaws.com
Software: nginx /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 43

Redirect headers

date: Sat, 16 Dec 2023 20:56:01 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
location: https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=6814103536244065536&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 16 B
36 B 5ms
5ms XHR
text/plain 2404:6800:4003:c1c::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1176169395&t=pageview&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&ul=en-us&de=UTF-8&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAEAjAAAAACAAI~&jid=1519679373&gjid=1158433836&cid=2112734969.1702760160&tid=UA-2019109-1&_gid=1643336646.1702760160&_r=1&_slc=1&gtm=45He3bt0n81KMGCX7Vv846391121&gcd=11l1l1l1l1&dma=0&z=1320140974

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4003:c1c::64 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a04f7efa05c1f9212a79b715568b9976977a4d8e8f0c7ee571ab4f71bf32ccc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 36ms
10ms Script
application/javascript 2606:4700::6811:e3a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e3a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df998f2ab79818d229edfab989eb187dd3d94f0f40377fde4f5f97e08b691ecf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
x-amz-version-id: XlFw32Cnxu8ZjnNH.SH7ungVy3g8LtQG
via: 1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 164
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.501/bundles/pixels-release.js&cfRay=8369d09b8c2f899b-SIN
x-cache: Hit from cloudfront
x-hubspot-correlation-id: ed657cfe-05f4-464b-8739-6e3c36f5a729
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 8
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ed657cfe-05f4-464b-8739-6e3c36f5a729
last-modified: Mon, 04 Dec 2023 14:19:28 UTC
server: cloudflare
etag: W/"ed930579444c6c7c0292363361667508"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: MISS
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-bw7pg
cf-ray: 8369d49e59364c2f-SIN
x-amz-cf-id: MDoHl_TjzvgTJFkW6OzUM2louQNCpuWEA-_kLJasWii2zS37kVoFNg==
x-hs-target-asset: adsscriptloaderstatic/static-1.501/bundles/pixels-release.js

GET
H2 200 142972.js Show response
js.hs-analytics.net/analytics/1702760100000/ 67 KB
21 KB 313ms
291ms Script
text/javascript 2606:4700::6810:4eba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1702760100000/142972.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4eba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7821e7e6a8bb38c6e9dbeed3bd0c1c1f55ac58c678cba2a356391d3c4851467

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: F3SXGRBKD7BWSY5N
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: a94137dc-c213-4974-8b38-2b6c79b98af4
x-envoy-upstream-service-time: 15
x-amz-id-2: wVqsafXOTYCsXQRmDItGgrU2/9KZf7xfRsHl7rq3kRJCw69erOaVIQci5+ZTJwmjmMsLFjxjSa0=
x-evy-trace-listener: listener_https
x-request-id: a94137dc-c213-4974-8b38-2b6c79b98af4
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 15 Nov 2023 17:11:52 GMT
server: cloudflare
etag: W/"5bb56f353717247b382e933a6717ecb7"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-qdt7s
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8369d49e6aaf4d2d-SIN
expires: Sat, 16 Dec 2023 21:01:01 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 84 KB
24 KB 34ms
13ms Script
application/javascript 2606:4700::6811:faa8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:faa8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

861751abdcfcf0e1017f4607b2244b7ec4e30829018fbb46c9d7379330ccbbb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
x-amz-version-id: jCj4EF2Q0GVRNn4ov5EBZARhtWjUVEBM
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 129
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.14916/bundles/project.js&cfRay=8369d1758aa03df0-SIN
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 9ad6b0c4-8404-48f3-8858-df3f68068e69
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 3
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9ad6b0c4-8404-48f3-8858-df3f68068e69
last-modified: Mon, 11 Dec 2023 15:23:51 UTC
server: cloudflare
etag: W/"4317671326b98b26cd4fc3ddcfcfaa80"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-798df77cc5-9gm2w
cf-ray: 8369d49e696d3e06-SIN
x-amz-cf-id: i-wc_yVmHqAUkRgbavYItVYs1MfZUKg3mYsql3Zk41moxBbV7hCo0Q==
x-hs-target-asset: conversations-embed/static-1.14916/bundles/project.js

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/142972/ 69 KB
22 KB 786ms
765ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/142972/banner.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b46cf928be95b8e0f24c718b850ef2898c6c137e96661d33b7a6f7514ad76581

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
x-amz-version-id: YLmCB7vCUzdvLwOSaBuYhFk4OspElecf
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 71964NWWWY2DDK8T
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 757e1ce6-8ec6-431e-928a-88a9f228ab02
x-envoy-upstream-service-time: 17
x-amz-id-2: nxbMe/SWlqFpEolt+Gl3xSzVgVIU+/BtiH9DZK80uYpuuqhXxjvLh33oO6ytrkzExYjpQsyeJ1o=
x-evy-trace-listener: listener_https
x-request-id: 757e1ce6-8ec6-431e-928a-88a9f228ab02
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 15 Dec 2023 12:21:37 GMT
server: cloudflare
etag: W/"690eeea539775102d6150c8df94f9120"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-qdt7s
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8369d49e8c133d77-SIN
expires: Sat, 16 Dec 2023 21:01:01 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 758 B
676 B 223ms
77ms XHR
application/json 35.79.10.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.79.10.210 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-79-10-210.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a90df22d1dc21fa367fb104c6534c54a93287a3fecbb8f7fda4cc5a75f8c2292

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
Authorization: Token c1b0175dc2b2ae319cf32b1dec3db9836bdaea3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
X-6s-CustomID: WebTag1.0 08f833d2e9af1f124e201163df927e7c

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
x-6si-region: ap-northeast-1a
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 390

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 226ms
72ms Preflight 35.79.10.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.79.10.210 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-79-10-210.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Sat, 16 Dec 2023 20:56:00 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: ap-northeast-1a

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 184ms
170ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=1ac6290c-5413-4593-b908-ec8ed05a77da&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=720355e0-c312-4163-bc1e-707e65eeb2ec&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_k /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-response-time: 167
date: Sat, 16 Dec 2023 20:56:01 GMT
strict-transport-security: max-age=0
server: tsa_k
content-type: image/gif;charset=utf-8
x-transaction-id: 9fc2f2e9ff8be8b6
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 668d8d931ba123fe27185ee17d224b308fe9e697be9a232c0def94a8737c103e
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
724 B 185ms
167ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=1ac6290c-5413-4593-b908-ec8ed05a77da&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=720355e0-c312-4163-bc1e-707e65eeb2ec&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_k /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-response-time: 164
date: Sat, 16 Dec 2023 20:56:01 GMT
strict-transport-security: max-age=631138519
server: tsa_k
content-type: image/gif;charset=utf-8
x-transaction-id: 9e6d2bef6842cfbd
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 562dbb0143e425bffe2f2640cda90599419c74516e139a7dade4f92c09475c8e
content-length: 43

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 8 B
353 B 24ms
7ms XHR
text/plain 2404:6800:4003:c02::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2019109-1&cid=2112734969.1702760160&jid=1519679373&gjid=1158433836&_gid=1643336646.1702760160&_u=aGBAAEAiAAAAACAAI~&z=303178267

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c02::9b Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

17bd1c297a7fd1221272d080053f887bb97c03bfc16d6f96bdd7f08bf87dbbd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 16 Dec 2023 20:56:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 262 KB
85 KB 18ms
18ms Script
application/javascript 2404:6800:4003:c00::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4003:c00::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

941c1d19e05193798dc1a7aca01708a3d621be26bf53add2293c7ae85bd10f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87402
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 16 Dec 2023 20:56:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 9ms
9ms Image
image/gif 2404:6800:4003:c11::6a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2019109-1&cid=2112734969.1702760160&jid=1519679373&_u=aGBAAEAiAAAAACAAI~&z=1647400810

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4003:c11::6a Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.sg/ads/ 42 B
408 B 27ms
10ms Image
image/gif 2404:6800:4003:c1a::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2019109-1&cid=2112734969.1702760160&jid=1519679373&_u=aGBAAEAiAAAAACAAI~&z=1647400810

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
254 B 24ms
4ms Ping
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-36XYNTY1LS&_ono=1&gtm=45je3bt0v9139046520&_p=1702760159930&_gaz=1&gcd=11l1l1l1l2&dma=0&ul=en-us&sr=1600x1200&cid=2112734969.1702760160&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&sid=1702760160&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1674
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 6ms
3ms Ping
text/plain 2404:6800:4003:c02::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-36XYNTY1LS&cid=2112734969.1702760160&gtm=45je3bt0v9139046520&aip=1&dma=0&gcd=11l1l1l1l2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4003:c02::9b Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.id/ads/ 42 B
107 B 12ms
10ms Image
image/gif 2404:6800:4003:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.id/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-36XYNTY1LS&cid=2112734969.1702760160&gtm=45je3bt0v9139046520&aip=1&dma=0&gcd=11l1l1l1l2&z=2097631671

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c06::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 18ms
3ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1702760160851&id=t2_4ofecxl5&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=2f578a71-0dc6-404b-9ecc-ae5e6f8c37fc&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3549b422&dpm=&dpcc=&dprc=
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html Show response
platform.twitter.com/widgets/ Frame 3510 319 KB
104 KB 178ms
178ms Document
text/html 2606:2800:248:2f:1d8a:787:dc7:17df
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:248:2f:1d8a:787:dc7:17df , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (itm/750E) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 444837
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Sat, 16 Dec 2023 20:56:00 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (itm/750E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 204 148008183.js Show response
bat.bing.com/p/action/ 0
117 B 196ms
196ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/148008183.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Sat, 16 Dec 2023 20:56:00 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 130D0087874C466BBFC116AB95131BB4 Ref B: SIN30EDGE0811 Ref C: 2023-12-16T20:56:00Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
359 B 393ms
393ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=148008183&tm=gtm002&Ver=2&mid=91815967-a36e-4eff-a7e7-6b7da6ea14ab&sid=84c678a09c5511ee8f098db13c9bdaad&vid=84c6a3c09c5511eeb3324547d17cee5d&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&p=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&r=&lt=1480&evt=pageLoad&sv=1&rn=346977

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 16 Dec 2023 20:56:00 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4F5F2B9BCF8D41F0876AE041164FA1B4 Ref B: SIN30EDGE0811 Ref C: 2023-12-16T20:56:00Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ipv
cdn.bizible.com/ 43 B
328 B 173ms
173ms Image
image/gif 152.195.58.59
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=f7b3414b666c479bcbf7c0bedac181b4&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&_biz_t=1702760160977&_biz_i=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&_biz_n=0&rnd=499824&cdn_o=a&_biz_z=1702760160978

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.58.59 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (hhp/9AAE) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:01 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Tue, 12 Dec 2023 17:44:14 GMT
server: ECS (hhp/9AAE)
age: 357107
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
205 B 175ms
173ms Image
image/gif 152.195.58.59
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=f7b3414b666c479bcbf7c0bedac181b4&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&_biz_t=1702760160982&_biz_i=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&rnd=580674&cdn_o=a&_biz_z=1702760160982

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.58.59 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (hhp/9AB7) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:01 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Tue, 12 Dec 2023 17:44:31 GMT
server: ECS (hhp/9AB7)
age: 357090
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 242ms
240ms Stylesheet
text/css 18.235.68.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.68.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-68-109.compute-1.amazonaws.com
Software: /
Resource Hash: 7ad1fbf5f22f0884bcbafe252ab68e6311667f45e88288fd10a9490d8677f3fe

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 16 Dec 2023 20:56:01 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 741ms
247ms Fetch
image/jpeg 18.235.68.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.68.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-68-109.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 16 Dec 2023 20:56:01 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 741ms
247ms Fetch
image/jpeg 18.235.68.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.68.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-68-109.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 16 Dec 2023 20:56:01 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 widget Show response
www.varonis.com/_hcms/livechat/ 290 B
1 KB 513ms
513ms XHR
application/json 45.60.158.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_hcms/livechat/widget?portalId=142972&conversations-embed=static-1.14916&mobile=false&messagesUtk=be1c7013c823408c924ee56854ea4a17&traceId=be1c7013c823408c924ee56854ea4a17

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.158.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cca2bf9b0e9f7de5afcf4282c87d26301ed0ebca7cbd30feedb0a4da3108b153

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
X-HubSpot-Messages-Uri: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5ff53155-124b-44a2-ab06-8f9537fee527
x-iinfo: 4-49834807-49834827 PNNy RT(1702760158321 1868) q(0 0 0 -1) r(5 5) U24
x-envoy-upstream-service-time: 15
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5ff53155-124b-44a2-ab06-8f9537fee527
server: cloudflare
x-trace: 2B0CC3DD82CE1986F55B5562DFF79676DC82583916000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-57d4fb94bb-gf6js
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RLzj5K%2FrZytaVCJwpL4et%2Bg3po1BsXRJhGgalEVjtv3Tx4OacfTHkt%2BighdSn24ena2JDI2nwbn7257UW6z5yVpLf5QfOXjZ0vWd7tE0NQY9wQpU%2FqDKT7niLtAlDCKwEA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8369d49eb8707972-SIN
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
325 B 373ms
373ms Script
text/javascript 152.195.58.59
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=f7b3414b666c479bcbf7c0bedac181b4&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.12.14

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.58.59 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (hhp/9ACB) /

Resource Hash

96c538e9ba14f9da076e97264a65dc03ff0889daafd6cc33805d4a02a3d2a343

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
server: ECS (hhp/9ACB)
etag: 5E12A269
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 218

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 18ms
3ms Image
text/plain 2a03:2880:f10c:381:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=179650485736885&ev=PageView&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&rl=&if=false&ts=1702760161187&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1702760161185.179557241&cs_est=true&ler=empty&it=1702760160514&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f10c:381:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 16 Dec 2023 20:56:01 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
464 B 238ms
238ms XHR
application/json 52.71.156.47
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.71.156.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-71-156-47.compute-1.amazonaws.com

Software

Resource Hash

b85f5c487853ccdec9d6bf990a00d6248593b76cec8728be1fc89aef59d652fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: ab210f9aa43875a2f85e80877bd33141

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 3510 870 B
660 B 248ms
234ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=d08503fcb0e74000f086ccf7d82b3758b2f31704

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_k /

Resource Hash

8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-response-time: 230
date: Sat, 16 Dec 2023 20:56:01 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Sat, 16 Dec 2023 20:56:01 GMT
server: tsa_k
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 8d8d115f723860b1
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7469935968
x-connection-hash: bcb493a0966007594ef6f44fb549ab3c3b13ae752ae956c82b8f65b40cbc8f97
content-length: 338

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 470ms
469ms Image
image/gif 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A00%20GMT%22%2C%22timeSpent%22%3A%221005%22%2C%22totalTimeSpent%22%3A%221005%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
310 B 242ms
241ms XHR
text/plain 18.235.68.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=_9vH_OIoGoaDi4-zdBz9Vg&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&tip=kEDfDhL2Jg31sWb_ws_nE-bXMK0Bvuhou3833yQQmkg&host=https%3A%2F%2Fwww.varonis.com&sa-user-id-v3=s%253AAQAKIC3vSA0cpseYo_a-VZLhyvG2Rs1YV50HfXhNw5svYeVcEHwYBCDgnfirBjABOgQ8w7t9QgTVobhy.fI%252Brnoe%252B9xAMIIdX0p7Ik0xPzzUN9GNzI9CPQP4Jf3Q&sa-user-id-v2=s%253ARNaxqJVvWzNMwq1Ts5lo5mf-meI.WetFvGxQ3Um34KBe18Ui7VEESFZ14TU2hYxKdpdEHho&sa-user-id=s%253A0-44d6b1a8-956f-5b33-4cc2-ad53b39968e6.AbxT2%252BA41xIBrFlsp3lrrDgv8DvZxhT7Ucto8FCKYQM
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.68.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-68-109.compute-1.amazonaws.com
Software: /
Resource Hash: 8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: https://www.varonis.com
date: Sat, 16 Dec 2023 20:56:01 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
332 B 242ms
242ms XHR
text/plain 18.235.68.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=7DZRzfkZdpma72wkdfbzjA&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&tip=kEDfDhL2Jg31sWb_ws_nE-bXMK0Bvuhou3833yQQmkg&host=https%3A%2F%2Fwww.varonis.com&sa-user-id-v3=s%253AAQAKIC3vSA0cpseYo_a-VZLhyvG2Rs1YV50HfXhNw5svYeVcEHwYBCDgnfirBjABOgQ8w7t9QgTVobhy.fI%252Brnoe%252B9xAMIIdX0p7Ik0xPzzUN9GNzI9CPQP4Jf3Q&sa-user-id-v2=s%253ARNaxqJVvWzNMwq1Ts5lo5mf-meI.WetFvGxQ3Um34KBe18Ui7VEESFZ14TU2hYxKdpdEHho&sa-user-id=s%253A0-44d6b1a8-956f-5b33-4cc2-ad53b39968e6.AbxT2%252BA41xIBrFlsp3lrrDgv8DvZxhT7Ucto8FCKYQM
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.68.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-68-109.compute-1.amazonaws.com
Software: /
Resource Hash: 4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: https://www.varonis.com
date: Sat, 16 Dec 2023 20:56:01 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 138
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 792ms
782ms Preflight
application/octet-stream 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8369d4a37f575f31-SIN
content-length: 0
content-type: application/octet-stream
date: Sat, 16 Dec 2023 20:56:02 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-qdt7s
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: be81ef4c-71e0-4bf6-9397-45d585a9ca7a
x-request-id: be81ef4c-71e0-4bf6-9397-45d585a9ca7a

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 293ms
293ms Fetch 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/142972/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 16 Dec 2023 20:56:02 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: 0aa079e3-7677-4914-91f9-4e21625506b2
x-envoy-upstream-service-time: 21
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: 0aa079e3-7677-4914-91f9-4e21625506b2
server: cloudflare
x-trace: 2BB8D64D04AF63104F0C4406CE0CA7D4EC9CA16224000000000000000000
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-7cbbfffcc5-tlqs4, iad02/analytics-js-proxy-td/envoy-proxy-55f4f74954-z9bm5
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8369d4a86b845f31-SIN

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 460ms
460ms Image
image/gif 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A01%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222006%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:02 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 41ms
18ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.150.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:02 GMT
x-amz-version-id: lFoq_FZJwJ3rDVe9.7kNMZjc5YKK6r5L
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 11 Dec 2023 12:17:02 GMT
server: cloudflare
via: 1.1 91085d9a0810fca6dacd51dae7dd6a32.cloudfront.net (CloudFront)
x-amz-cf-pop: SIN5-C1
etag: W/"15c02cdee0df6c26ba3d8c62d912c66c"
age: 31133
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cf-ray: 8369d4aa99b44026-SIN
x-amz-cf-id: NdKet-LyxxPyOlTMe72Mi_NulIpXtK3mwMOv47n3af_MGB7TbKkl6Q==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
618 B 309ms
298ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1070111736&v=1.1&a=142972&pi=53575261302&ct=blog-post&ccu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&cpi=53575261302&cgi=740355147&lpi=53575261302&lvi=53575261302&lvc=en&pu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How+to+Investigate+NTLM+Brute+Force+Attacks&cts=1702760162955&rv=1&vi=9a0cf631e4162321958e351ff80fbdaa&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f2e59e0f-dcc4-4416-82eb-da6e6842963c
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f2e59e0f-dcc4-4416-82eb-da6e6842963c
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERi7wVbFPGpulOdl%2FbCcL1i5JthXquK3PS%2BLbYIkW9rjbByFV2dTM758EufJgsokzX91ObHPXCXOTqfIu%2FfUpHwIMTmNQLB%2FJBBcNxNeXXDv8FnIqrNMzjwqfVZvtzSgmU2Q0ZpjLNC5U%2B%2Fdgram"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7484b4bf59-7cpf7
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8369d4aa9d93601d-SIN
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
445 B 305ms
303ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=40a8f297-80c2-4c34-9572-8648458abed5&fci=2b18c097-a5c3-47ea-9a76-4c66069ff6d7&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1070111736&v=1.1&a=142972&pi=53575261302&ct=blog-post&ccu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&cpi=53575261302&cgi=740355147&lpi=53575261302&lvi=53575261302&lvc=en&pu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How+to+Investigate+NTLM+Brute+Force+Attacks&cts=1702760162957&rv=1&vi=9a0cf631e4162321958e351ff80fbdaa&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0927844a-84ce-4ad3-bce0-3af38899c9f5
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 19
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0927844a-84ce-4ad3-bce0-3af38899c9f5
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XF2eFTgBe7LjFA5qKiRe4ojCtKiaIh0XytfQ%2BpoBk58FfY%2BrUatPh%2FImzrVbOyl8oW1HokrjN4g8GLx7bWAby%2FZluhpD44O8n%2FKx1%2BvVod%2F3S5KZv1oygsVHOavcV%2BgjBEAJe%2F5V9fL7diLz3Iig"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7484b4bf59-2tcbn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8369d4aa9d94601d-SIN
x-robots-tag: none

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
359 B 178ms
177ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.150.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6ae75e796b3fa28430dcfc1803b4ac224db3a0245917eb2ffc0d98a7eefc07fa

Request headers

visited_url: https://www.varonis.com/blog/investigate-ntlm-brute-force
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
accept-language: zh-SG,zh;q=0.9
Authorization: Bearer f17f1ae9341679920418
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 16 Dec 2023 20:56:03 GMT
via: 1.1 4ac3d01dc034ade34c90e81091421c76.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-amz-cf-pop: SIN5-C1
x-powered-by: Express
etag: W/"92-659naxDXlpGNidWel8uINt9bZFo"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 8369d4abffcca041-SIN
x-amz-cf-id: ePbVDegqLrDTVbSwTI9PZp80xlSboCvxfmH16G_reVufXYysWBzR-A==
apigw-requestid: QDdDjh8VvHcEP1g=

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 195ms
183ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.150.44 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: QDdDiiTRvHcEPxw=
cf-cache-status: DYNAMIC
cf-ray: 8369d4aaceb8a041-SIN
date: Sat, 16 Dec 2023 20:56:03 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 4ac3d01dc034ade34c90e81091421c76.cloudfront.net (CloudFront)
x-amz-cf-id: L5ETH00npFR4DUW4TrGo6KeJkgF5DfnhwnEaIltpoPQeeleVoPjh4g==
x-amz-cf-pop: SIN5-C1
x-cache: Miss from cloudfront
x-powered-by: Express

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ Frame 0
0 278ms
258ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.varonis.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8369d4ad3c584a1d-SIN
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 16 Dec 2023 20:56:03 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 / Show response
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ 3 KB
2 KB 379ms
371ms Fetch
text/javascript 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

ea4dc996c3abe91236014a6c9c8ad1db0da5c3cf9e6a7f8e4d2fa52113c70f12

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://www.varonis.com/blog/investigate-ntlm-brute-force
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
_vtok: MTAzLjI1NC4xNTMuMjI2
_zitok: 145b35b55f7c35f115cd1702760163
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/javascript

Response headers

date: Sat, 16 Dec 2023 20:56:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 8369d4aeda0f8992-SIN

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 453ms
453ms Image
image/gif 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A03%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A02%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223007%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:03 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 621ms
620ms Image
image/gif 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A04%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A03%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224008%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:05 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 458ms
458ms Image
image/gif 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A04%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225009%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:05 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 6ms
6ms Ping
text/plain 2404:6800:4003:c1c::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-PCF2HBX32M&gtm=45je3bt0v9102029281z8846391121&_p=1702760159930&gcd=11l1l1l1l1&dma=0&cid=2112734969.1702760160&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1702760160&sct=1&seg=0&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&en=6sense&ep.employee_count=&_et=597&up.company_name=&up.country=Singapore&up.city=Singapore&up.zip=&up.employee_range=&up.revenue_range=&up.confidence=Low&tfd=7003
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2404:6800:4003:c1c::64 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Dec 2023 20:56:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 464ms
463ms Image
image/gif 23.59.168.107
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A05%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%226011%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.59.168.107 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-59-168-107.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 16 Dec 2023 20:56:06 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=2d6b8ba0-21ba-48a7-82c4-941090d87dcb&session=362a3222-3295-4c4c-8445-512ab9a78a56&event=active_time_track&q=%7B%22currentTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Sat%2C%2016%20Dec%202023%2020%3A56%3A06%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227012%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=264fbb8e-ea2a-4dee-8abb-e5e0e58deef1&v=1.1.13

Verdicts & Comments Add Verdict or Comment

124 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

68 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.varonis.com/	1970-01-20 16:59:21	Name: __cf_bm Value: SlvwrKEI6nrCyui7CmcFQXwpOiEA43wF6_ILbBb46_o-1702760159-1-AWJ6iLjztv18nOY01JrGbgwARw83fUlReF+LrO7yjE/H9q/sWRCq9+HQsDbO4x1Xf+X3C+qNcXVL2eA7H42v2X4=
.www.varonis.com/	1969-12-31 23:59:59	Name: __cfruid Value: 2a8f51fd8cc3672a82ddc92daf01e39947fc4174-1702760159
.varonis.com/	1970-01-21 01:44:37	Name: visid_incap_2074238 Value: WxKT/13iSqqiKJdDb0R7it4OfmUAAAAAQUIPAAAAAAABP7L2k8gdPOVt0+dUjZBz
.varonis.com/	1969-12-31 23:59:59	Name: nlbi_2074238 Value: LfkXcmOZhmGFowsAV8um7wAAAABF508M47MNnU3/ktploX2c
.varonis.com/	1969-12-31 23:59:59	Name: incap_ses_500_2074238 Value: lczbTObHSismVx/yZ1zwBt4OfmUAAAAAShDU8LVJwUUVbfL2p1dGag==
.info.varonis.com/	1969-12-31 23:59:59	Name: __cfruid Value: 2a8f51fd8cc3672a82ddc92daf01e39947fc4174-1702760159
.info.varonis.com/	1970-01-20 16:59:21	Name: __cf_bm Value: jMG0jEq7ao0Kxn0SIi_ivASxHq3WPaObrFKlqPNkN2o-1702760159-1-AYDCykQM9h+NHjQ9dKiB29SLoyH5wVk5apL0DuNbCqcWamUkIj97PJ/7L0HNTvQO+CteIx8KjODxrPl+4c9+P38=
.varonis.com/	1970-01-20 19:08:56	Name: _gcl_au Value: 1.1.828391528.1702760160
.adnxs.com/	1970-01-20 19:08:56	Name: uuid2 Value: 6814103536244065536
.adnxs.com/	1970-01-20 19:08:56	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E>0uT<(x!]tbP6j2F-XstGt!@Dw:$yyA!
.adsrvr.org/	1970-01-21 01:46:22	Name: TDID Value: 6176d928-6d94-467e-8eb9-80ac5931bdb5
.varonis.com/	1970-01-20 17:00:46	Name: _gid Value: GA1.2.1643336646.1702760160
www.varonis.com/	1970-01-21 02:35:20	Name: _gd_visitor Value: 2d6b8ba0-21ba-48a7-82c4-941090d87dcb
www.varonis.com/	1970-01-20 16:59:34	Name: _gd_session Value: 362a3222-3295-4c4c-8445-512ab9a78a56
.varonis.com/	1970-01-21 02:35:20	Name: _ga Value: GA1.1.2112734969.1702760160
.rubiconproject.com/	1970-01-21 01:44:56	Name: khaos Value: LQ8JFONL-17-9KX6
.rubiconproject.com/	1970-01-21 01:44:56	Name: audit Value: 1\|WWIxdutICMVzVYc4J7a88k0y+xxiypNDY8kb/O4Au3fE50xgAul76RONP1D1PMj97XTFY355XuowHTRO1/p4iHX0qfg68IpFQAPcN3ARK86PLO+0Kbks6rc+q956w7V0D8b4yu+m7BXxDt0Tromo61I+zKQE/xDp5ZAjhZVzm3XREvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.varonis.com/	1970-01-20 16:59:21	Name: _sp_ses.1082 Value: *
.varonis.com/	1970-01-21 02:35:20	Name: _sp_id.1082 Value: 6e67e544-a5cd-4d1f-9d2a-70af2e09242c.1702760161.1.1702760161.1702760161.1162599d-00a5-4d91-ba6c-473d9175301d
.doubleclick.net/	1970-01-21 02:35:20	Name: IDE Value: AHWqTUmyTeH1SnK3k_EuBJJeRrucCZ0xALID0WmIucVnBJN1fPthnCCxN5BqfuNFBKw
.varonis.com/	1970-01-20 16:59:20	Name: _gat_UA-2019109-1 Value: 1
.adsrvr.org/	1970-01-21 01:46:22	Name: TDCPM Value: CAESFgoHcnViaWNvbhILCLDXyo_uoL88EAUSFQoGZ29vZ2xlEgsI0I3Eku6gvzwQBRIZCgpyaWdodG1lZGlhEgsIlqzEku6gvzwQBRgFIAIoATILCKy4zbyEob88EAVCDyINCAESCQoFdGllcjIQAVoHNzE2Nzl1M2ABcgpyaWdodG1lZGlh
.yahoo.com/	1970-01-21 01:45:17	Name: A3 Value: d=AQABBOAOfmUCEDFmyJBqBBiptOKloEnyd3YFEgEBAQFgf2WHZa9E8HgB_eMAAA&S=AQAAAvW9MLkJOrSn34niCkWzcZI
.analytics.yahoo.com/	1970-01-21 01:44:56	Name: IDSYNC Value: "1769~2fn8:19e0~2fn8"
.varonis.com/	1970-01-20 19:08:56	Name: _rdt_uuid Value: 1702760160850.2f578a71-0dc6-404b-9ecc-ae5e6f8c37fc
.varonis.com/	1970-01-20 17:00:46	Name: _uetsid Value: 84c678a09c5511ee8f098db13c9bdaad
.varonis.com/	1970-01-21 02:20:56	Name: _uetvid Value: 84c6a3c09c5511eeb3324547d17cee5d
.varonis.com/	1970-01-21 01:44:56	Name: _biz_uid Value: f7b3414b666c479bcbf7c0bedac181b4
.varonis.com/	1970-01-21 01:44:56	Name: _biz_nA Value: 1
tags.srv.stackadapt.com/	1970-01-21 01:44:56	Name: sa-user-id Value: s%3A0-44d6b1a8-956f-5b33-4cc2-ad53b39968e6.AbxT2%2BA41xIBrFlsp3lrrDgv8DvZxhT7Ucto8FCKYQM
.srv.stackadapt.com/	1970-01-21 01:44:56	Name: sa-user-id Value: s%3A0-44d6b1a8-956f-5b33-4cc2-ad53b39968e6.AbxT2%2BA41xIBrFlsp3lrrDgv8DvZxhT7Ucto8FCKYQM
tags.srv.stackadapt.com/	1970-01-21 01:44:56	Name: sa-user-id-v2 Value: s%3ARNaxqJVvWzNMwq1Ts5lo5mf-meI.WetFvGxQ3Um34KBe18Ui7VEESFZ14TU2hYxKdpdEHho
.srv.stackadapt.com/	1970-01-21 01:44:56	Name: sa-user-id-v2 Value: s%3ARNaxqJVvWzNMwq1Ts5lo5mf-meI.WetFvGxQ3Um34KBe18Ui7VEESFZ14TU2hYxKdpdEHho
tags.srv.stackadapt.com/	1970-01-21 01:44:56	Name: sa-user-id-v3 Value: s%3AAQAKIC3vSA0cpseYo_a-VZLhyvG2Rs1YV50HfXhNw5svYeVcEHwYBCDgnfirBjABOgQ8w7t9QgTVobhy.fI%2Brnoe%2B9xAMIIdX0p7Ik0xPzzUN9GNzI9CPQP4Jf3Q
.srv.stackadapt.com/	1970-01-21 01:44:56	Name: sa-user-id-v3 Value: s%3AAQAKIC3vSA0cpseYo_a-VZLhyvG2Rs1YV50HfXhNw5svYeVcEHwYBCDgnfirBjABOgQ8w7t9QgTVobhy.fI%2Brnoe%2B9xAMIIdX0p7Ik0xPzzUN9GNzI9CPQP4Jf3Q
www.varonis.com/	1970-01-21 01:44:56	Name: sa-user-id Value: s%253A0-44d6b1a8-956f-5b33-4cc2-ad53b39968e6.AbxT2%252BA41xIBrFlsp3lrrDgv8DvZxhT7Ucto8FCKYQM
www.varonis.com/	1970-01-21 01:44:56	Name: sa-user-id-v2 Value: s%253ARNaxqJVvWzNMwq1Ts5lo5mf-meI.WetFvGxQ3Um34KBe18Ui7VEESFZ14TU2hYxKdpdEHho
www.varonis.com/	1970-01-21 01:44:56	Name: sa-user-id-v3 Value: s%253AAQAKIC3vSA0cpseYo_a-VZLhyvG2Rs1YV50HfXhNw5svYeVcEHwYBCDgnfirBjABOgQ8w7t9QgTVobhy.fI%252Brnoe%252B9xAMIIdX0p7Ik0xPzzUN9GNzI9CPQP4Jf3Q
.hb.yahoo.net/	1970-01-20 21:18:32	Name: visitor-id Value: 3457617613878600000V10
.hb.yahoo.net/	1970-01-20 17:19:29	Name: data-ttd Value: 6176d928-6d94-467e-8eb9-80ac5931bdb5~~63
.bizible.com/	1970-01-21 01:44:56	Name: _BUID Value: f7b3414b666c479bcbf7c0bedac181b4
.varonis.com/	1970-01-21 01:44:56	Name: _biz_pendingA Value: %5B%5D
.varonis.com/	1970-01-20 19:08:56	Name: _fbp Value: fb.1.1702760161185.179557241
.linkedin.com/	1970-01-20 19:08:56	Name: li_sugr Value: b4cf7ed6-d891-4691-8157-ca8b02a9cc06
.linkedin.com/	1970-01-20 17:00:46	Name: lidc Value: "b=TGST01:s=T:r=T:a=T:p=T:g=3205:u=1:x=1:i=1702760160:t=1702846560:v=2:sig=AQF_vwJJe0qF5J0Ky1tBAwoGhNmFaesQ"
.hubspot.com/	1970-01-20 16:59:21	Name: __cf_bm Value: .EAjeGYWxaDTqmWCucxHNewukrlfQjRVbQmCGpD10_Q-1702760161-1-AV4IccCpRi7VW83lQZfIQBHARioLb7uAoxi1usZsTgppaOEv6Rn1V2YeM2qMA2S9CTmvfBQu4gJzrBhoYutY7Nw=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: r.n.Eer946V6V4gqesGpdV2DL3cJvG8B3wvfoMQ_gRo-1702760161200-0-604800000
www.varonis.com/	1970-01-20 17:09:24	Name: slireg Value: https://scout.us1.salesloft.com
.t.co/	1970-01-21 02:35:20	Name: muc_ads Value: 9869bf3c-7aee-46e8-a203-ff05808cf34d
.twitter.com/	1970-01-21 02:35:20	Name: guest_id_marketing Value: v1%3A170276016115258159
.twitter.com/	1970-01-21 02:35:20	Name: guest_id_ads Value: v1%3A170276016115258159
.twitter.com/	1970-01-21 02:35:20	Name: personalization_id Value: "v1_BzMENpe8OjUcggPFT8/K+g=="
.twitter.com/	1970-01-21 02:35:20	Name: guest_id Value: v1%3A170276016115258159
.bing.com/	1970-01-21 02:20:56	Name: MUID Value: 2BD56A2C6A1B614412F879C56B41603A
.bat.bing.com/	1970-01-20 17:09:24	Name: MR Value: 0
.6sc.co/	1970-01-21 02:35:20	Name: 6suuid Value: 67a83b17b2a60100e10e7e651c010000bd390d00
.bizibly.com/	1970-01-21 01:44:56	Name: _BUID Value: 5d2d33a731386fa385666f83e756d8ea
www.varonis.com/	1970-01-21 01:44:56	Name: sliguid Value: aca838c4-170c-43a7-bd78-da6fdc47d5cc
www.varonis.com/	1970-01-21 01:44:56	Name: slirequested Value: true
.varonis.com/	1970-01-21 01:44:56	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.linkedin.com/	1970-01-21 01:44:56	Name: bcookie Value: "v=2&af8046a9-5b04-482a-8795-90dc25370dd9"
.ktxlytics.io/	1970-01-21 01:44:56	Name: sp Value: 6efc618e-f445-49d7-84ea-6c0c75c9d503
.linkedin.com/	1970-01-20 17:42:32	Name: UserMatchHistory Value: AQKqEUgP279NAAAAAYx0aiAbpoScIngXIDHlVaIIPVa6LpJFuRObApbB2G9JbF-nrdSk_PZ-3TbLmA
.linkedin.com/	1970-01-20 17:42:32	Name: AnalyticsSyncHistory Value: AQLwQ8ubiADhdQAAAYx0aiAbyRuYoejttVM1-4qR3G27lvdvd_NMb5svG8yVklHz5LO1OgTg0LYLIDnfJjvA7Q
.www.linkedin.com/	1970-01-21 01:44:56	Name: bscookie Value: "v=1&202312162056018c806889-68cf-468a-8368-05714657aefcAQEvOYVvB3zvTWZhtPx50IlGUjGIgkx5"
.www.varonis.com/	1970-01-21 01:44:56	Name: _zitok Value: 145b35b55f7c35f115cd1702760163
.zoominfo.com/	1970-01-20 16:59:21	Name: __cf_bm Value: ZW.UkR40I5tVu2pp1eIAmpjOzTEybk_3hVq_DsGMI6c-1702760164-1-AeL2yWKDMKn4KCOxO9FLs7DbR/rvBVvTiNBOZ0iwAd5KCu7fIdWQvY3yyKdYXuzpeyuetSu3rlq1RgC3/wkJZX8=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: yVt1gOQn0Dyb4hLmGvQ_iSI0SStCPw7qSUjseCUkocU-1702760164026-0-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://connect.facebook.net/signals/config/179650485736885?v=2.9.138&r=stable&domain=www.varonis.com(Line 137) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

142972.fs1.hubspotusercontent-na1.net
alb.reddit.com
analytics.google.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
bat.bing.com
c.6sc.co
c2.ktxlytics.io
cdn.bizible.com
cdn.bizibly.com
cdn2.hubspot.net
cdnjs.cloudflare.com
clients1.google.com
cm.g.doubleclick.net
connect.facebook.net
cse.google.com
epsilon.6sense.com
fonts.googleapis.com
forms-na1.hsforms.com
forms.hsforms.com
googleads.g.doubleclick.net
hb.yahoo.net
ib.adnxs.com
info.varonis.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.usemessages.com
js.zi-scripts.com
match.adsrvr.org
pixel.rubiconproject.com
platform.linkedin.com
platform.twitter.com
plausible.io
px.ads.linkedin.com
px4.ads.linkedin.com
scout-cdn.salesloft.com
scout.salesloft.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
tags.srv.stackadapt.com
track.hubspot.com
trackit.ktxlytics.io
ups.analytics.yahoo.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.co.id
www.google.com
www.google.com.sg
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.varonis.com
b.6sc.co
103.43.90.53
104.244.42.136
104.244.42.197
104.244.42.3
13.107.42.14
15.197.193.217
151.101.108.157
151.101.129.140
152.195.58.59
172.64.150.44
18.143.106.89
18.208.65.209
18.235.68.109
2001:4860:4802:32::181
23.59.168.107
2400:52e0:1502::1059:1
2403:e800:e80b::2a63:8c8b
2403:e800:e80b::2a63:8cc0
2404:6800:4003:c00::61
2404:6800:4003:c00::9a
2404:6800:4003:c02::9b
2404:6800:4003:c06::5e
2404:6800:4003:c11::64
2404:6800:4003:c11::6a
2404:6800:4003:c1a::5e
2404:6800:4003:c1a::65
2404:6800:4003:c1c::5f
2404:6800:4003:c1c::64
2600:1413:b000:6::17d5:2bc6
2606:2800:248:2f:1d8a:787:dc7:17df
2606:4700:4400::6812:22e5
2606:4700:4400::ac40:9284
2606:4700::6810:4eba
2606:4700::6810:6dd1
2606:4700::6810:890f
2606:4700::6810:8ace
2606:4700::6810:bd59
2606:4700::6811:129
2606:4700::6811:190e
2606:4700::6811:e3a3
2606:4700::6811:eff9
2606:4700::6811:faa8
2606:4700::6812:b05d
2606:4700::6813:9a53
2620:1ec:21::14
2620:1ec:c11::200
2a03:2880:f00c:300:face:b00c:0:3
2a03:2880:f10c:381:face:b00c:0:25de
2a04:4e42:200::396
35.79.10.210
42.99.140.152
45.60.158.169
52.71.156.47
54.192.18.44
69.173.158.64
74.125.24.157
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94
0233342795c86e2079f7406bce72c481918b9ce416aedeb6b37044abae50fc8d
0420b36738d9457c3f40a67c69135b170861becd9bac983563b3aeada5287aa4
0b4639302db82b725feb2fb5b7c2f16d1ef8abe70409c496fe0dc777e143f45d
0d514e3fc3d638136890b4a1f61d2f861af3bbd8f997ca15685efbd22554538c
0d92c050265f2817533e68be0c6153ea866a2a7434a014b35723f7ecaa0d2d47
10426b160a932ef2b98908d2f32aca756777f9d0a90ee2d7bc334cb1629e0ddd
12eca6d41ac5b6b6f68c6309fd26134d2db7ba3b5e9179a5ac2849b00a084093
12feece8311f076308c2bbd3d8de66155192ea9df9a705a486f8e4684c45c5c5
1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
17bd1c297a7fd1221272d080053f887bb97c03bfc16d6f96bdd7f08bf87dbbd5
196d92bf5816c956d998e5e2eb9579e8169d427dc9e6c19b07ef3c304c950686
1dc5ff8e8d54854daa72a30a2bf8345b75255597251028dad23e18510e635b98
1f31e1ce1202bc0ee8105deb5885a4b7b389b2cf936bff83f05032c8a2cafd0a
1f5e45ba0c943167a203ccff2d9b3065c7767b1c32c33e6b21af38da1738b8a7
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd
2a97bdd40f83b7cf9276b4a6870fc0ce9bceda582ea14c1f2d79e52f3968b6c2
2ae13f42cc15acfa9618543a8de1ff3eca2d7571ff2ee07c419b579432e3c094
2d6d0960061c28a34b39a6b9dcdebe2656bdab73b24759b9512be072fd4d9a98
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2ef71ca3de1b4e89664ec102fe490b2abfbc80350253421c50a31bd3b22b9722
2f24b7fa64d8f44ddd36d64d9a647d13caea3756513d97abd40e3c8754efc63b
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb
383aba59e4b3a1bc18853f5c61e9d918624af76bf09152a17dd6cd2e1f384887
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c
3daf9b6a39281fdc04a57bdabe589d9aa970719d22733e04fc1ab799b7a5db49
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3f08978088fd2635efee64efe38bdf155d6258f8b547fca43381435d0048ce46
3f5641c2784aa17e2bd50bbe6bc8866e4d80df450d438cf85393a489af19414a
3ffd7ab24503a28bb9eb6137b4d1e1664ed138dca5d1ced6d1a98ff841a24541
42222ea51046de258be17a4b61f802c94c29d8feeacaaa4ae194c590198ad002
4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a
456766b19e4bca3d3e998e25a416376f2158061b925f28f32527aee2ff1e28db
45c7614c18a99d6d92d12cd7f4f06a07ce88256882a8889574d265fc32eace0b
478574f99a81a68d85ec6de304a58755b7c03eeec6d69e78ef7168f14d10c2ae
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8
4c42962a901819fd2c6b69555f1e115b90f3adbb7900c15b74d9685dd7a039ff
4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67
4e2924c80f612bf59a0cb21d31b05f0575ed143922e412e3e061bf02f5d5960a
50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589
53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70
5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49
579b9f734819f583199cd70b03c4e919430a74dd7698921ef16465b41d934769
5869f8ae61b66d78a6de0c52b94436d47899e11d112bee6445b5aedbc5868970
5a074c8ee602a0b3416f69defbab28371abb92ce73f934afa6e58ecec72b9256
5db5a02e960dde70bbf77fb6d28c61d4f6b5c291b3dd08d76a678d17c2d96420
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5ea31af1ae38b9f8194f93234449262a79af7a7bdac0938c740c62f0eae9d85b
5fb849a169f3b5ec132c50c2fbf85053671e849aa6421d55a5eab5d22feb75b3
6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e
651bb2dc3a4634b30334a27eee2ce53901b2750f0ab8c091f2e25e93a52aee3f
6934ac3a358b2722acda2776ad3540d1edecf540ea9c658e1ba126ed3b202498
6a1f86c63c2ee772b07a6f678e7f8cd51b3aea064d83423eb213fb1df9d6b34c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ae75e796b3fa28430dcfc1803b4ac224db3a0245917eb2ffc0d98a7eefc07fa
6bc3c3712e26de83ecb08d0360e70ff826b4fda86e8348a3ee2208b4ab2ebad1
6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
7448175084bac35748586b504207f8b7c371f6f751ef435f4b0569421a794db6
7a5034e01d5b47ec7eee2b3a45a23919684146c27b715f4fd863037b11b2abff
7ad1fbf5f22f0884bcbafe252ab68e6311667f45e88288fd10a9490d8677f3fe
7aea59332d6045122d4720e1db90162de88e23344b1dc90c932a1190b83d2f33
7c0fbbadde40aed1e86f4c46ea2fc1a26749994e48dc90a5bce7fd466712d99e
7df0df8b3df8c42634ecc71d7ab35e197c61777eb5b41a3e14239322b5804f7b
7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238
7f6b8b612b0090fdd0032dfd7071745a0b99149bc01a55cd24b40086ede2b8d7
842abfe134599c5d48d4ddd88bde8d24bd36b32b22bea540837311364b7ce2c7
8572b67ba938e549aebcdf8b0114b1dba18dfde1dcd1cc51627b7bfd7287cb27
861751abdcfcf0e1017f4607b2244b7ec4e30829018fbb46c9d7379330ccbbb9
8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e648da8a366d494100d90e0af69a2945f34e53a2c70432ea12c0303039f2351
8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
941c1d19e05193798dc1a7aca01708a3d621be26bf53add2293c7ae85bd10f66
957a85939578fa14d2371922b58dcbf67f9b769e459f38699ceee6a84751134d
95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4
96c538e9ba14f9da076e97264a65dc03ff0889daafd6cc33805d4a02a3d2a343
9a72d9dae2d0a261507446d48e204e34023949a1629bf7e12a2d5c5996e0eac6
9b15ab10a2a109c8e59d604cd4101cebe7aab42ec227f8f521398e063bfe0217
9ed2a2edca25cc1dd846e20cab22088d9c5b7991f52ff78f8ed21930fe92ad46
a04f7efa05c1f9212a79b715568b9976977a4d8e8f0c7ee571ab4f71bf32ccc3
a18ace2bd6672862d71555b71fbeea2edbc1bdc4bddf4776beccd31e2656a276
a1a1846f2d4d1abd1379f703e256e92f3b4b138f6dc90fdd8c99c58b7ca43457
a40943594d5eaaa010c66254e2dc4a83d8bc53104602afda2e3b622b8e78e2f0
a4450600125b5cdb5761654bbe725c5b4fcbc8e1a89f0a14b20f77157afc5715
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
a6cc38542df851f8b331cdd5ac0dbe9929c7968d347c62d93c22b91ef560a931
a8499144a67d70c01a19de99fb20ca5e7da3337e44814419b9a9c867da619b2e
a8d9a125e1a47470685bfae2bbddadd8ab9f2379c978f7ff2130a2f1034073f8
a90df22d1dc21fa367fb104c6534c54a93287a3fecbb8f7fda4cc5a75f8c2292
a98e6573aa43aa760480589e09e812b6c094ff4f6c47cc2c6ed20160e8431e06
abcc14f81d36c556b1862b008c4398b4699fc7d6537fa54797f96d282975061f
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae925eb57e9822aec57086375bcf93fe910d7c6c0d83cf10bf448c5348aaf0b0
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b247a1a3cda5afc293925aff46e0012a88d69c26bb3cf813baf4e3b81459bc8e
b2c5c92cd55477571c7e757c4105315c813e710586cf1f334f809e8c93d845c1
b40e79c5d412914e928d19e3cda375d940ed037dd6a1f6d7613b894e39898094
b46cf928be95b8e0f24c718b850ef2898c6c137e96661d33b7a6f7514ad76581
b5ec6b8d820581f2d04713d3bea37883b0e5c2881f7bb108e13a3d63249c4867
b7821e7e6a8bb38c6e9dbeed3bd0c1c1f55ac58c678cba2a356391d3c4851467
b85f5c487853ccdec9d6bf990a00d6248593b76cec8728be1fc89aef59d652fb
ba1b3f329ba47639a8586777bb19db73a9c3e37954b5e72ff97df8e0ea931062
bc76fc5a481fba805be714f16b8657f4bac57266f70690cbe195ab90b0f049db
bd6a2c2e6967a14b880413da005bf9e57a394669242cd4dcf91855df7d4337ee
bec065ae320fed4bb93d09440a473e82958293c8daf9371354588ece80588d15
bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01
c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23
c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72
c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cca2bf9b0e9f7de5afcf4282c87d26301ed0ebca7cbd30feedb0a4da3108b153
cda8a0ab9bd5461151a18173515c5a597af845054d6c5476f85c2a01d1b6160e
ce52d3c9ed8217ae0ca3dd0479d5ced16baf2de6625e0c81166471aaa956136d
cf31d510ed313a8566d08e9b4fdbf94a0a51b35718372bc4bc75d6ff5c8282a5
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d670233ca601ed8dd1f500ecd0a0ba5760ff7259e9409ff4c8adf8c4351fcd3f
db1e2dc64218b7044da50d01d0ffb83bcdca49a35b1ab7ffcdef6736863986cc
dbc0f30e58b2a906e2bdbdf999ce1d8352660f5e59204c6c47efc3ed98b57cb1
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de0c6ffad072fb9011b8ac313640e386f41b81cb94d95260446b0c28c2766734
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df998f2ab79818d229edfab989eb187dd3d94f0f40377fde4f5f97e08b691ecf
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95
e7b88bddc6c757b2fc8cb113e2469801ab14a78ec1a8fada4d6391e3573f5f9f
e95568becfa0171d1990a4941bffcbe470ac34deafa67bd3dbfb4a5c63414878
ea4dc996c3abe91236014a6c9c8ad1db0da5c3cf9e6a7f8e4d2fa52113c70f12
ed079d77ba54a8e4bfc931029de75b1f5128fcae45e274d53aca95f8ab17b438
ee44e9868729bf26893cdf451026cb2c75ef7920e6812378e8b3d78589de48a4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0adb972147098e0e4d6abbd7b83952363c8eab82429760136816142d675e321
f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.varonis.com Open in urlscan Pro 45.60.158.169 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

196 Requests

97 %HTTPS

63 %IPv6

45 Domains

65 Subdomains

53 IPs

4 Countries

5173 kBTransfer

8502 kBSize

68 Cookies

36 Outgoing links

Redirected requests

196 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.varonis.com Open in urlscan Pro
45.60.158.169 Public Scan

Screenshot
Live screenshot

Full Image

196
Requests

97 %
HTTPS

63 %
IPv6

45
Domains

65
Subdomains

53
IPs

4
Countries

5173 kB
Transfer

8502 kB
Size

68
Cookies

196 HTTP transactions
2 data transactions