www.varonis.com Open in urlscan Pro
45.60.154.169 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Submission: On January 22 via manual (January 22nd 2024, 10:09:59 am UTC) from ES — Scanned from ES

Summary HTTP 181 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 51 IPs in 4 countries across 40 domains to perform 181 HTTP transactions. The main IP is 45.60.154.169, located in United States and belongs to INCAPSULA, US. The main domain is www.varonis.com. The Cisco Umbrella rank of the primary domain is 324915.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2023 Q4 on December 31st 2023. Valid for: 6 months.

This is the only time www.varonis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	45.60.154.169 45.60.154.169	19551 (INCAPSULA) (INCAPSULA)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
30	2606:4700::68... 2606:4700::6810:6cd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1499	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:4ffd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
4	2606:4700:440... 2606:4700:4400::ac40:9284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
4	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
4	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:bb59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:4341	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	18.195.106.3 18.195.106.3	16509 (AMAZON-02) (AMAZON-02)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
10	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.165.183.12 18.165.183.12	16509 (AMAZON-02) (AMAZON-02)
2 3	37.252.171.52 37.252.171.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
2	52.73.142.175 52.73.142.175	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
8 9	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:ab0... 2a02:26f0:ab00::214:8e70	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
3	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e6a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4cba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:fba8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	18.233.143.160 18.233.143.160	14618 (AMAZON-AES) (AMAZON-AES)
2	3.127.184.242 3.127.184.242	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:b07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:890f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
181	51

46 45.60.154.169 (United States)

ASN19551 (INCAPSULA, US)

www.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
info.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2606:4700::6810:6cd1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

plausible.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1499 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:4ffd (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)

142972.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:bb59 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4341 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.195.106.3 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-106-3.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.165.183.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-183-12.zrh55.r.cloudfront.net

trackit.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.52 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.73.142.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-142-175.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2620:1ec:21::14 (United States) 8 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00::214:8e70 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e6a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4cba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:fba8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.233.143.160 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-233-143-160.compute-1.amazonaws.com

c2.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.184.242 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-184-242.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:890f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	varonis.com www.varonis.com — Cisco Umbrella Rank: 324915 info.varonis.com — Cisco Umbrella Rank: 342831	3 MB
30	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8475	67 KB
12	linkedin.com 8 redirects platform.linkedin.com — Cisco Umbrella Rank: 3538 px.ads.linkedin.com — Cisco Umbrella Rank: 349 www.linkedin.com — Cisco Umbrella Rank: 632 px4.ads.linkedin.com — Cisco Umbrella Rank: 6550	171 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5532 c.6sc.co — Cisco Umbrella Rank: 8403 ipv6.6sc.co — Cisco Umbrella Rank: 5709 b.6sc.co — Cisco Umbrella Rank: 3792	22 KB
10	google.com cse.google.com — Cisco Umbrella Rank: 3031 www.google.com — Cisco Umbrella Rank: 2 clients1.google.com — Cisco Umbrella Rank: 469 region1.analytics.google.com — Cisco Umbrella Rank: 2616	172 KB
6	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3101	11 KB
5	ktxlytics.io 1 redirects trackit.ktxlytics.io — Cisco Umbrella Rank: 48920 c2.ktxlytics.io — Cisco Umbrella Rank: 37930	99 KB
4	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5571 js.hubspot.com — Cisco Umbrella Rank: 4796 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4669 track.hubspot.com — Cisco Umbrella Rank: 2301	27 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2029	22 KB
4	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1230 syndication.twitter.com — Cisco Umbrella Rank: 1527 analytics.twitter.com — Cisco Umbrella Rank: 789	132 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	180 KB
4	hubspotusercontent-na1.net 142972.fs1.hubspotusercontent-na1.net — Cisco Umbrella Rank: 396533	186 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 8358	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2148	23 KB
3	google.es www.google.es — Cisco Umbrella Rank: 23747	669 B
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 490 ib.adnxs.com — Cisco Umbrella Rank: 253	3 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 376	14 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 9667 scout.salesloft.com — Cisco Umbrella Rank: 12228	4 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 6591	26 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 stats.g.doubleclick.net — Cisco Umbrella Rank: 79	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	295 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	10 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4371	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9521	675 B
2	plausible.io plausible.io — Cisco Umbrella Rank: 9632	2 KB
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 5196	1 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	185 B
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4841	24 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2120	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3251	4 KB
1	t.co t.co — Cisco Umbrella Rank: 656	376 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 12037	205 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1450	637 B
1	adsrvr.org insight.adsrvr.org — Cisco Umbrella Rank: 637	149 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 783	16 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 745	15 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2407	1 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1335	9 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5660	6 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	1 KB
181	40

	Domain	Requested by
38	info.varonis.com	www.varonis.com cdn2.hubspot.net
30	cdn2.hubspot.net	www.varonis.com
8	b.6sc.co	www.varonis.com
8	www.varonis.com	www.varonis.com cdn.bizible.com
7	px.ads.linkedin.com	6 redirects cdn.bizible.com
6	tags.srv.stackadapt.com	www.varonis.com tags.srv.stackadapt.com cdn.bizible.com
5	www.google.com	cse.google.com www.varonis.com
4	c2.ktxlytics.io	1 redirects cdn.bizible.com www.varonis.com
4	connect.facebook.net	www.varonis.com connect.facebook.net
4	142972.fs1.hubspotusercontent-na1.net	cdn2.hubspot.net
3	js.zi-scripts.com	www.varonis.com js.zi-scripts.com
3	js.hs-banner.com	js.hs-scripts.com js.hs-banner.com
3	www.google.es	www.varonis.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.varonis.com
3	cdn.bizible.com	www.googletagmanager.com www.varonis.com cdn.bizible.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com cdn.bizible.com
3	www.googletagmanager.com	www.varonis.com www.googletagmanager.com www.google-analytics.com
3	cse.google.com	www.varonis.com www.google.com
3	cdnjs.cloudflare.com	www.varonis.com
2	ws.zoominfo.com	js.zi-scripts.com
2	epsilon.6sense.com	cdn.bizible.com
2	stats.g.doubleclick.net	cdn.bizible.com www.googletagmanager.com
2	px4.ads.linkedin.com	www.varonis.com
2	www.linkedin.com	2 redirects
2	scout.salesloft.com	cdn.bizible.com
2	secure.adnxs.com	1 redirects www.varonis.com
2	platform.twitter.com	www.varonis.com platform.twitter.com
2	plausible.io	www.varonis.com plausible.io
1	track.hubspot.com
1	perf-na1.hsforms.com	www.varonis.com
1	www.facebook.com	www.varonis.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	region1.analytics.google.com	www.googletagmanager.com
1	ib.adnxs.com	1 redirects
1	js.usemessages.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	analytics.twitter.com	www.varonis.com
1	t.co	www.varonis.com
1	cdn.bizibly.com	www.varonis.com
1	region1.google-analytics.com	www.googletagmanager.com
1	alb.reddit.com	www.varonis.com
1	app.hubspot.com	www.varonis.com
1	clients1.google.com	www.varonis.com
1	insight.adsrvr.org	www.varonis.com
1	trackit.ktxlytics.io	www.varonis.com
1	snap.licdn.com	www.googletagmanager.com
1	j.6sc.co	www.varonis.com
1	static.ads-twitter.com	www.varonis.com
1	scout-cdn.salesloft.com	www.varonis.com
1	js.hs-scripts.com	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	syndication.twitter.com	platform.twitter.com
1	static.hsappstatic.net	www.varonis.com
1	platform.linkedin.com	www.varonis.com
1	fonts.googleapis.com	www.varonis.com
181	60

This site contains links to these domains. Also see Links.

Domain
info.varonis.com
ir.varonis.com
brand.varonis.com
my.varonis.com
aws.amazon.com
azuremarketplace.microsoft.com
varonis.com
msrc.microsoft.com
csrc.nist.gov
ntlm.pw
learn.microsoft.com
www.microsoft.com
techcommunity.microsoft.com
www.linkedin.com
www.reddit.com
www.facebook.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q4	`2023-12-31` - `2024-06-28`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
plausible.io R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-05-17` - `2024-05-16`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-31` - `2024-01-29`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
syndication.twitter.com R3	`2023-12-06` - `2024-03-05`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-08` - `2024-07-06`	6 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-01` - `2024-07-01`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-04-18`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
6sc.co R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-01-21` - `2024-06-27`	5 months	crt.sh
*.ktxlytics.io Amazon RSA 2048 M02	`2023-06-19` - `2024-07-16`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-15` - `2024-07-13`	6 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-16` - `2024-10-14`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-19` - `2024-09-17`	a year	crt.sh
*.google.es GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Frame ID: 26B6BF9BBD452401B0F9DC5D00D385FE
Requests: 176 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com
Frame ID: 26D06A252B7A8B22B0773FCA8D49ABF6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashessearch

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Plausible (Analytics) Expand

Overall confidence: 100%
Detected patterns

plausible\.io/js/plausible\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

181
Requests

97 %
HTTPS

66 %
IPv6

40
Domains

60
Subdomains

51
IPs

4
Countries

4441 kB
Transfer

7491 kB
Size

62
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: https://info.varonis.com/en/price-quote-request?hsLang=en
Title: Request a quote

Search URL Search Domain Scan URL

URL: https://info.varonis.com/resource/t1/research-report/forrester-tei-study-2020?hsLang=en
Title: Measurable ROI

Search URL Search Domain Scan URL

URL: https://ir.varonis.com/
Title: Investor relations

Search URL Search Domain Scan URL

URL: https://brand.varonis.com/?hsLang=en
Title: Brand

Search URL Search Domain Scan URL

URL: https://my.varonis.com/Login
Title: Partner portal

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/pp/prodview-rwnjb5nrlmnx6?sr=0-1&ref_=beagle&applicationId=AWSMPContessa
Title: Buy on AWS marketplace

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.varonis-dsp?tab=overview
Title: Buy on Azure marketplace

Search URL Search Domain Scan URL

URL: https://my.varonis.com/login
Title: Community

Search URL Search Domain Scan URL

URL: https://info.varonis.com/securityfwd?hsLang=en
Title: SecurityFWD

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/demo-request?hsLang=en
Title: Get started

Search URL Search Domain Scan URL

URL: https://varonis.com/blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35636
Title: CVE-2023-35636

Search URL Search Domain Scan URL

URL: https://csrc.nist.gov/glossary/term/salt
Title: salting (adding a random value to the password to prevent pre-computed hash tables)

Search URL Search Domain Scan URL

URL: https://ntlm.pw/
Title: ntlm.pw

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/cc144086(v=vs.85)
Title: subquery

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/
Title: CVE-2023-23397

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/cc144080(v=vs.85)
Title: crumb

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206
Title: option to block outgoing NTLM authentication

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/great-saas-data-exposure-report?hsLang=en
Title: Download our free report

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&title=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes
Title: LinkedIn,

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&title=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes
Title: Reddit,

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes
Title: Facebook.

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/seller-profile?id=6ff5d0ae-b146-412d-b78a-d54d7e6a841a
Title: Buy on AWS marketplace

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.varonis-dsp?tab=overview&exp=ubp8
Title: Buy on Azure marketplace

Search URL Search Domain Scan URL

URL: https://www.facebook.com/VaronisSystems/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/varonis

Search URL Search Domain Scan URL

URL: https://twitter.com/varonis

Search URL Search Domain Scan URL

URL: https://www.instagram.com/varonislife/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 114

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=993756413 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D993756413

Request Chain 132

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1705918193629%26url%3Dhttps%253A%252F%252Fwww.varonis.com%252Fblog%252Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQL_79vPCaDi3wAAAY0wpeLlQcf132oO4N1K1S5v78AkEMSpUdlictlcFlmxAZHExUWV3w

Request Chain 133

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1705918193630%26url%3Dhttps%253A%252F%252Fwww.varonis.com%252Fblog%252Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQIf3X4rsU-JtAAAAY0wpeMqj49xPcwmn4Yoqfxw5X1-B0gvhaHgSNGMn2Cc2nREYGyuIw

Request Chain 153

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=3859013269519159281 HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=3859013269519159281&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs

181 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request outlook-vulnerability-new-ways-to-leak-ntlm-hashes Show response
www.varonis.com/blog/ 217 KB
54 KB 238ms
159ms Document
text/html 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c28ac55fc7b58aeff02bd76374813aa3cc7ea000583f6341b8a10d62ce06c7a0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 849700fdb9b52159-MAD
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 22 Jan 2024 10:09:52 GMT
edge-cache-tag: CT-153514315916,CG-740355147,P-142972,CW-104582894481,CW-114784368718,CW-115642542216,CW-115948073012,CW-115948073023,CW-125777074029,CW-60280511003,CW-71662020467,CW-87397221683,CW-87930956413,CW-87944291354,CW-96126751858,CW-97266453797,E-100805726527,E-106410557973,E-108364953711,E-114794918156,E-115634408573,E-60279793823,E-60280511142,E-60281971978,E-60281971998,E-60281972084,E-73655310759,E-80785228186,E-87927120033,E-98046358057,MENU-87776709421,RA-60280510996,PGS-ALL,SW-2,B-740355147,GC-100803005043,GC-115636626695,GC-115977342816,GC-125774591019,GC-135490609319,GC-80785228207,GC-87929337765,GC-87930955017,GC-87944143779,TS-60284153915
etag: W/"13ea9f502075398c01c290e97ea598ac"
last-modified: Sat, 20 Jan 2024 10:26:28 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kYLgXfKN1MLXWAB6kDKVVzg%2BXhQr7Xj1E1jqnSePtyvZOfLtB0JfuCrOZKBg%2BEky0farc3jd9TU9vrIUonbB3v5q3ZNbpsinuB6Zu51ekUGrFXHdcl4wdMWj%2FWwQwpxy0g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cdn: Imperva
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-id: 153514315916
x-hs-https-only: worker
x-hs-hub-id: 142972
x-hs-prerendered: Sat, 20 Jan 2024 10:26:28 GMT
x-iinfo: 55-9010916-9010921 NNNN CT(2 5 0) RT(1705918191257 34) q(0 0 1 0) r(2 2) U24

GET
H2 200 project.js Show response
www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 72ms
71ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 b5e354980da78aef02917b4456c540c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 4593831
x-amz-cf-pop: MAD56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 55-9010916-9010921 PNNN RT(1705918191257 196) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xiqpunOTCuRcRCEIZ6qx4akJF4dovxwqHY3GxicXHeqVoYrtAMug39Kyn7ZI%2BHNJNbI23lfJPRDjxeBjGJR5QyeemSMunRwv%2BzYMCr0tuqPLn%2FfXZxjgIIKMAxUFGVSW5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 849700febc0e2159-MAD
x-amz-cf-id: _e5Wh63tpTqTGv6JfORPu8Yb1yJH7EljtBBtMdX_673xvY8rCtKkcQ==
expires: Tue, 21 Jan 2025 10:09:52 GMT

GET
H2 200 prism-okaidia.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/ 1 KB
1 KB 103ms
38ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/prism-okaidia.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf31d510ed313a8566d08e9b4fdbf94a0a51b35718372bc4bc75d6ff5c8282a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4677908
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 518
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-206"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3x%2Bu%2BSq1UpdrNHPg9QsD2rlPPVAlLXU%2FsGkCfPfZgDh71T1d4tR4nI3d9A96w9qB4OowzvG77FhfFdjaq2F5mu22GCij9Npbm2k7KgrqEhWsxKpxjkLeB2IGsRZExxpyM769SaMsLp%2BiaJPB61baQ%2BOY"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 849700ff1ce486cc-MAD
expires: Sat, 11 Jan 2025 10:09:52 GMT

GET
H2 200 jquery-1.11.2.js Show response
www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 108ms
106ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 fe41458437820e017e1a964e74df0578.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 4774358
x-amz-cf-pop: MAD56-P2
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 55-9010916-9010930 NNNY CT(1 6 0) RT(1705918191257 199) q(0 0 0 -1) r(1 1) U24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5rp%2BGnxeVHx3g2Y0KniDV6pOu3FANr51NkAuIlv67GZNQngbNPT1foGxYsyfqKb0a%2Fw%2BlOvq16Jj7BHbwKTEmyiRVahKgYfgZQrYB1d0K2UcCOKuamSmdRr7LUeAOLzvTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 849700feba2f5e24-MAD
x-amz-cf-id: nxQc_99mAAv75MDHyP7XIRjcTJJC5EUBUTvmf2cd55hKnhrA2kxvNA==
expires: Tue, 21 Jan 2025 10:09:52 GMT

GET
H2 200 blog-no-code-styles.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/ 46 KB
8 KB 208ms
137ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ed2a2edca25cc1dd846e20cab22088d9c5b7991f52ff78f8ed21930fe92ad46

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 171165
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"ee303a3eadd35fd691e5a50c469af706"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779172809
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b27d4992-aadf-4ddf-b76a-5ba4028c6587
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 170
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: b27d4992-aadf-4ddf-b76a-5ba4028c6587
last-modified: Fri, 11 Aug 2023 18:39:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFAkjbBpHJ8SyDV%2BfOrON86kCeAIcaZRSlxH0WfDbVJYwN%2Bj5DjK1NFxs%2FoCghy16KbWHCegabFaCMW6cAGc%2BwxhdJUq%2FXIKMi4Q%2Fk7bP9hEWtK6sVgCiYpJVd%2Bv%2FjZSeUG4zZac6X2EGUu663o%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray: 849700ff29c80412-MAD

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 225ms
78ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Mono:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7c0fbbadde40aed1e86f4c46ea2fc1a26749994e48dc90a5bce7fd466712d99e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 09:20:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Jan 2024 10:09:52 GMT

GET
H2 200 main.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1705695999660/hook-www-varonis/css/ 123 KB
20 KB 244ms
173ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1705695999660/hook-www-varonis/css/main.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64af3d2d385c08302f7b20f0c6673cd0319a08efc5103857eff847af42a69888

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 219839
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"e35642a5d9863ab1c40c318bd877ff05"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1705696001187
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 91e85930-c773-4141-82be-32793b2a4bb9
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 143
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 91e85930-c773-4141-82be-32793b2a4bb9
last-modified: Fri, 19 Jan 2024 20:26:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=orgXFuUXbhSM6%2F9OVoJFjrPwHoInMy5ruLeQeCGUZyIEvIRTOciI4gEWYPIt8d63PtYefrffIQTCikDhwwnRpAz%2FqVIxCxh07TTpB1E68eBTJbKzc%2FPixxEinwv3%2FqGbVFP1ewrohXKcXZNP7q0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-64786dc485-5gpfs
cf-ray: 849700ff4a100412-MAD

GET
H2 200 fonts.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/ 2 KB
695 B 207ms
136ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/fonts.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 351948
x-amz-cf-pop: IAD66-C1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 13 Apr 2023 19:31:15 GMT
server: cloudflare
etag: W/"97e878d1ce8d38d99c26c5232d3e6c7a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681414274070
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JzMPdzESpCrUljdPLpoBJuTJtaxcKZOFWnRBmC6GoNqsiOvoLdHrZ9FaLyvRtOtNTsVLl0673pug11PhRZddRQwx5ANx%2BsMFolSCYeDqnyZsw8id2I6FSkBmptpsW6cCE%2Bv%2FcLZ1MtwlDyDiWNQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 849700ff29d40412-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_71662020467_Announcement_Banner.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114924139/ 1 KB
1 KB 231ms
160ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114924139/module_71662020467_Announcement_Banner.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ffd7ab24503a28bb9eb6137b4d1e1664ed138dca5d1ced6d1a98ff841a24541

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 2170748
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"dc5b8e6da3be06320569bf90cfe1b4c6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1675114924139
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f759e8ce-4521-4d31-a8b2-c670e6e5f32a
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 187
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: f759e8ce-4521-4d31-a8b2-c670e6e5f32a
last-modified: Mon, 30 Jan 2023 21:42:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gTVxFzlBBFnlySSx4QsQAh3GfAeLr9LZaOcLU%2B%2FIA37%2BCMB4NfSnKiJ9Q0A%2BbZkLA2731QHYexJlZy8D2nCCUfo4XgtM3TRd21lgvw%2BV8vdNjZ1gH0kDjocZp9NN95eGy7KiHR2dlYGt744Bn5o%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-q8s24
cf-ray: 849700ff4a170412-MAD

GET
H2 200 module_97266453797_Remediation_Announcement_Banner.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550133721/ 2 KB
964 B 377ms
307ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550133721/module_97266453797_Remediation_Announcement_Banner.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f31e1ce1202bc0ee8105deb5885a4b7b389b2cf936bff83f05032c8a2cafd0a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 2165719
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"25e2f39fad365df55a45617ede2ed5ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550133721
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9e519d8a-8b78-494c-a47a-dfa413f7a1a4
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 184
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9e519d8a-8b78-494c-a47a-dfa413f7a1a4
last-modified: Mon, 03 Apr 2023 19:28:54 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OsCRgxHNT%2BBBfkCpTH9kCUhnwNijtlCSyp0A9dXJdtTfh4CvlE%2BssuO3VS419KbLzR4R3ja3VXALqdwZtZELGg9ku06CYOYaj3J7dRn4b%2BMm7grA8KxnpVE2k49aWYZxGwVqj7u5XvUjOhIGpK8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray: 849700ff4a1a0412-MAD

GET
H2 200 module_96126751858_Site_Navigation.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030600211/ 14 KB
3 KB 200ms
130ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030600211/module_96126751858_Site_Navigation.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45c7614c18a99d6d92d12cd7f4f06a07ce88256882a8889574d265fc32eace0b

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 181044
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"1e14b5836ec1ab1e8354d2661a31a88f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030600211
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c3011d82-0297-4199-b926-49756b73af1e
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 181
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: c3011d82-0297-4199-b926-49756b73af1e
last-modified: Thu, 03 Aug 2023 02:43:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2p%2FHLT79lPmoAm34f8P1ia%2FUE8iXA%2FAjq0Tv05LZ%2FtneXCOOrfUkHPgk0oqNnfbfWsKmYI8HDZEbmajtSIT13GzT%2FjcjADRBin7mPq1uHVHZS0OAwiVxiAEpoX1F%2Bg3PLCPaFIjOX%2FatOv0Tw7Q%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 849700ff29d70412-MAD

GET
H2 200 module_125777074029_Navigation_Submenu.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210033148/ 2 KB
1 KB 227ms
157ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210033148/module_125777074029_Navigation_Submenu.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ef71ca3de1b4e89664ec102fe490b2abfbc80350253421c50a31bd3b22b9722

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 352292
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"4d29d054ec06349f29591688037aa80f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210033148
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 4d55eb47-d623-435a-8413-256bb8a12d47
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 163
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4d55eb47-d623-435a-8413-256bb8a12d47
last-modified: Wed, 16 Aug 2023 18:20:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RXBnhgWC9IoAf3v5I58FQTjLU5kqE6750N%2B2HNDSv3XrSf1v7cFkH7fUHlCgFZgoZCXTDjPRfxEMTMbMwBY0T0oP5MTnhI996Yd8sY4p4B5zmHSrA%2BhSfYYEyoLFoDU4Eex%2BlfO1PgKQalLSLZI%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 849700ff4a130412-MAD

GET
H2 200 module_115948073012_Blog_Post_Header.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073012/1697137854894/ 2 KB
1 KB 223ms
153ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073012/1697137854894/module_115948073012_Blog_Post_Header.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a1f86c63c2ee772b07a6f678e7f8cd51b3aea064d83423eb213fb1df9d6b34c

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 1994679
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f5bff8587da6703942d1e04601fb2ccc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1697137854894
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 1f0a7316-c1fb-49c8-9423-e56c32d998cd
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 147
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1f0a7316-c1fb-49c8-9423-e56c32d998cd
last-modified: Thu, 12 Oct 2023 19:10:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ojY5QNe2bS6JJbWBJd6gi%2Ftb6G2cqdyR%2BvSwi%2FtwRYbQSKOZv%2B1o7ygQOlyY9boVVF6YlLR58LyKLkyJLAmJ2M2ebjRGV9kVEig%2B0OaJh7spgPTkivwvdS6FkIHaqE0%2BqAFg28BQMhqorGECVik%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-5tx8p
cf-ray: 849700ff29d10412-MAD

GET
H2 200 module_115948073023_Table_of_Contents_Sidebar_-_Global.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779300110/ 758 B
921 B 225ms
155ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779300110/module_115948073023_Table_of_Contents_Sidebar_-_Global.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0420b36738d9457c3f40a67c69135b170861becd9bac983563b3aeada5287aa4

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 2170748
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"af2e09f2a3860d065ab2b884c54bad8b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779300110
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 82a4b7a1-efe4-415c-b255-450589605d86
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 168
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 82a4b7a1-efe4-415c-b255-450589605d86
last-modified: Fri, 11 Aug 2023 18:41:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=suaKzGeZPitEILA0hc%2FHIr8hBVQZXadO2FFUi6koqZzLvJJHMszZae66sPzj0bDK6KPSp68ZpPq7fV2jRUwM6YQw2OthtWCVoG1J8v7aLjuPjP0Dj8BXr%2B5a5OsTEdDACKtu37UItg7xGbZvEhE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 849700ff4a190412-MAD

GET
H2 200 module_60280511003_blog-form.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832789186/ 3 KB
1 KB 508ms
438ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832789186/module_60280511003_blog-form.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e2924c80f612bf59a0cb21d31b05f0575ed143922e412e3e061bf02f5d5960a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 2081805
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"0beb1a886bb335c582b07556399b13e8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678832789186
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9c188b55-329f-468f-856a-eb8dbe878078
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 201
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9c188b55-329f-468f-856a-eb8dbe878078
last-modified: Tue, 14 Mar 2023 22:26:30 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YW7WqXzZ0oWUMWYr889mVS6Ejc1ffogO%2BDxYaRATqJz3VQQLxqIrsEmDdOI2A3hxQEqcM8DgkRSmy0ywPZ4%2FCf6G21WqhkXu91%2BUQHedUbxRWx4MmhNBucnPkUWj58PlNaMSfPYLVVYAiGY%2FYis%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray: 849700ff29d50412-MAD

GET
H2 200 module_104582894481_What_You_Should_Do_Now_-_Global.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/ 46 B
546 B 234ms
164ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/module_104582894481_What_You_Should_Do_Now_-_Global.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8499144a67d70c01a19de99fb20ca5e7da3337e44814419b9a9c867da619b2e

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

age: 1130069
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: "7e0b52d7773d1bdc69885fe97aa20285"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692928068437
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD66-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 169
alt-svc: h3=":443"; ma=86400
content-length: 46
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
last-modified: Fri, 25 Aug 2023 01:47:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tC6aN7KqfHVIIAR6DQN7Z%2FPwCTVYkrjjPo3wSE%2FDr38u6FqOEl%2BkUlpLT%2BA9lp%2BLgE7NeI0Sg5aYJCSIZZzWX4hMvLQWZqZxy1zLQEQl5%2Fkddsm9VIWMaFUc68RNsayS1Zb6bZ9kw8x0qDL%2FqZw%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
accept-ranges: bytes
cf-ray: 849700ff4a110412-MAD

GET
H2 200 module_115642542216_Blog_Post_Conversion_Panel.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115642542216/1684180718003/ 2 KB
1 KB 237ms
167ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115642542216/1684180718003/module_115642542216_Blog_Post_Conversion_Panel.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d514e3fc3d638136890b4a1f61d2f861af3bbd8f997ca15685efbd22554538c

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 171165
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"688ebc7b9f5e3593cecd51eb92e4c6e6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1684180718003
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a2eb3e31-73c9-4844-ae56-54d7bd0a5393
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 168
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: a2eb3e31-73c9-4844-ae56-54d7bd0a5393
last-modified: Mon, 15 May 2023 19:58:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Un4sg9Hh9V5GnxBkezz4awdW72efJAZNTmonFkykytPIRurv75jIY3KcluMo%2FKmQ%2BXaZfMryi2aiDTEp1MZAf6ShtfsdBbwr5SaAXPCwC7ZNPmBW30HZSiQzHTkUfrpkHTBglBqslXL1%2BE%2FCDpo%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-5tx8p
cf-ray: 849700ff4a150412-MAD

GET
H2 200 module_114784368718_Blog_Keep_Reading.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/114784368718/1684524759023/ 2 KB
1 KB 215ms
146ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/114784368718/1684524759023/module_114784368718_Blog_Keep_Reading.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1a1846f2d4d1abd1379f703e256e92f3b4b138f6dc90fdd8c99c58b7ca43457

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1046472
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 116
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 96dd81bb-9126-4eac-a5bc-abd140019136
last-modified: Fri, 19 May 2023 19:32:40 GMT
server: cloudflare
etag: W/"d922d55fec70ef38b027578f64a0010f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1684524759023
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FECVCgYrNR5nHBrlmE5%2Fyg%2Fgzzk8vPCpK%2BjvxqainmJD8dE%2FR0OEqI7Omu%2FnE7GDJv1Z4uhcgszVqGJTtfQC%2FCEHGLbRrFPQtQHDS6CTUXqy%2FJ5i3FKm4XJQbGbZzVbs1dt53os%2F%2BI7RxCKKOK4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-65zd4
cf-ray: 849700ff29cb0412-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_87397221683_Footer_Site_Directory.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310897/ 4 KB
2 KB 209ms
139ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310897/module_87397221683_Footer_Site_Directory.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 456766b19e4bca3d3e998e25a416376f2158061b925f28f32527aee2ff1e28db

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 351947
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"8853d36396f354f645f3057dfc260fb6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310897
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 0944d81a-13a3-44ae-a132-145cbc45f51c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 204
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 0944d81a-13a3-44ae-a132-145cbc45f51c
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mf4EAHyhRfzzR9UIZOwPmNi3rmCy%2Flk5Aj%2FV4kfeFZ40%2FXpAhP65iSZjayWc%2FwJ7vClOgEV6nkxJiG9UHM%2F2hTBUX9NQVgByYPoePdzw2ParzM%2FeVGx1OsDp9PCTDOKa4hlOHgr77xvNiNZGKlc%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-8ktx6
cf-ray: 849700ff29ce0412-MAD

GET
H2 200 module_87930956413_Footer_Legal_Links.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87930956413/1678467830039/ 207 B
633 B 225ms
155ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87930956413/1678467830039/module_87930956413_Footer_Legal_Links.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f08978088fd2635efee64efe38bdf155d6258f8b547fca43381435d0048ce46

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 181045
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 18
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 10 Mar 2023 17:03:51 GMT
server: cloudflare
etag: W/"96007886169fd0ec341d641653f4f98b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678467830039
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N1ui36FfphZyCuhWn8UIlJpOdaWPs753PbS9Nhs%2F8JNDYodeTG5sbM%2B7slwXpA4NGrmzljoAc7bE6BIX1%2FenPawwDJzSw1QoLgCx4znuRi1XOvKywr%2BT8BL8tcwQxqjAGCzAd%2B0%2FWWY5YPeMALw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 849700ff4a140412-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 18

GET
H2 200 module_87944291354_Footer_Copyright.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87944291354/1674235657411/ 45 B
884 B 198ms
129ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87944291354/1674235657411/module_87944291354_Footer_Copyright.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce52d3c9ed8217ae0ca3dd0479d5ced16baf2de6625e0c81166471aaa956136d

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 269045
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 18
alt-svc: h3=":443"; ma=86400
content-length: 45
last-modified: Fri, 20 Jan 2023 17:27:38 GMT
server: cloudflare
etag: "c54f91357d03928424b38f6d19c9c224"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674235657411
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WERYvX13da5MhVqSzM%2Fsu5DFpoOzqYgR5R4Qvu%2Fbo8tNB0dSc7vDRxKhmCq2poxXkLTSqHPdoci2c0v7v%2Bcb07Vrg6g269A0Ow8Z7cshNCaHuy%2FWzoDZY9RALLG2Rgvm5FylqKrxwBQhRf9lTzU%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 849700ff29d00412-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 18

GET
H2 200 plausible.js Show response
plausible.io/js/ 1 KB
1 KB 187ms
59ms Script
application/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.io/js/plausible.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1081 /

Resource Hash

021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1082
cdn-cachedat: 01/22/2024 09:27:02
cdn-pullzone: 682664
cross-origin-resource-policy: cross-origin
application: 10.0.0.3
alt-svc: h3=":443"; ma=2592000
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: public, max-age=3600
permissions-policy: interest-cohort=()
cdn-requestid: 2dacf11a0b5137561c54d680cef1e51d
cdn-requestcountrycode: ES
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 248ms
63ms Script
text/javascript 2a02:26f0:3500:16::215:1499
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1499 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

e8bb46d80302efabc7c4e63a92161bf286d14ff7ae3931127fd6cd6cb4428b27

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
server: Play
x-li-pop: prod-lva1-x
x-cdn: AKAM
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
content-length: 163638
x-li-uuid: AAYPhcD6KONxb4W1VUnpOA==
expires: Mon, 22 Jan 2024 10:50:02 GMT

GET
H2 200 Frame%2036-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 240ms
230ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1610917
x-amz-request-id: DWXCP4KMC4DQB8NA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 NNNN CT(3 6 0) RT(1705918191257 232) q(0 0 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"4a0280ec41a09339bc32b34cd26d66f3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428417394
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 1a9dd6c2b59b927d771e7868530b32ca.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YmacvXukdtrqgcUXsZZPYD9p7.OCqpBh
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3NrTWWmOb5nNtF1FLZKfo/4ulKNSSxBqP/UqIaLvRnRACRR9GYbreTJvMdi64QreO0RzhD8lzuA=
last-modified: Tue, 11 Apr 2023 21:05:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3wOXm2EMN%2BdHir6wVjWVqS%2BByLhiYsikhB7ArTy9I23%2Fv%2F6Uq6WYWxsFEQmzKdO%2FwBubZdjjU%2F2bh1r2ItJTUNEgJdRMC%2B88%2BkyrhVK16c2cop3uip2KeHP6lTO4NflFc4%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: vQkRS0mC+Ghlul6hfvGJA+8+rmUAAAAAwsxmwoyI7iWC5jgnHlX6VA==
cf-ray: 849700fef8698675-MAD
x-amz-cf-id: N1KKqpjMQ9TOCruT30M1IL2fisiRppiMIFOCwbJEqM85pPrXdKt09g==

GET
H2 200 Frame%2036%20(2).svg
info.varonis.com/hubfs/ 2 KB
2 KB 147ms
138ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(2).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4450600125b5cdb5761654bbe725c5b4fcbc8e1a89f0a14b20f77157afc5715

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611764
x-amz-request-id: DWX0JH1Z305176EZ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010934 NNNN CT(1 9 0) RT(1705918191257 234) q(0 0 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"db75d74e33e96cccf27b2b6b95161418"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428486763
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 a971b2b62b734c0aed2e82b19df64026.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nlQ.JNOv_1Z2QlY4vh553LM_j5Qk51Cs
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: j49uxgG9DPUhC6A6LGrUizPFxDkNsfWZV95wM2c23NO7zUBnhtuQZMqJaKXMbiTwGdXYczKr/MI=
last-modified: Tue, 11 Apr 2023 21:05:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRQdj%2BHI5eYYB15Z3564jaNTP4XYc7AVIi0fEJMPPN8mu3ajPyw5Xjf1yhKFg%2FTJV8heHfclTz7Rou3eOO0%2FjbTmz7s%2FLN968G1hsdlS%2FGJyj5oGceKfSoJwmXMdzkc%2FbSU%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: QwRPevY/hUVlul6hfvGJA+8+rmUAAAAA16YBxLnyxVoJ2LuE01Ukow==
cf-ray: 849700fefd555e1c-MAD
x-amz-cf-id: 9A_5gBePvjnjrUasxxSxeYrHMqQPpNojKgyV5lDX330DxwTBq5SHig==

GET
H2 200 Frame%2036%20(1).svg
info.varonis.com/hubfs/ 1 KB
2 KB 113ms
113ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(1).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611764
x-amz-request-id: F050JNH6CSXJAAWP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010934 PNNN RT(1705918191257 372) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"7cba335c1df43bbb31b831c70444dc5c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428464410
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 02f18a297253b2e336ff43d5a9bf889c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: jQIVfYXDwJPgRyEKdz3rJ1BSaSxuz0vz
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 2jZllGukpeqLXjKTZRMy/j/fqcLRkiYxYkp9lY9B9hmcEDlQIC6WIoPmPXaiEElL/ohs7wwxOpY=
last-modified: Fri, 07 Apr 2023 16:37:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ieZfdxduLLtTQzclyy4WI7W12rfPKpGdianoqMAooWB3DDTLXdpw01wHVGf%2BPl0iGvMSHtYl9sjXH1nqQSgfXMNuVRGjtojpB3aVKt5DEL46wPCypfxu8CCU3%2FLnDjb5Ktw%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: jm9hS/mB9nBlul6hfvGJA+8+rmUAAAAAOPxDnmvN7w2Nm3lle8dAtQ==
cf-ray: 849700ffde975e1c-MAD
x-amz-cf-id: hdd3ZoKioy2vO2s8uJACHaRhm6v4OdJg1fWfgr1NZXfIzzAvVuYAhw==

GET
H2 200 NavIcon_M365_2.svg
info.varonis.com/hubfs/ 6 KB
3 KB 110ms
110ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/NavIcon_M365_2.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611763
x-amz-request-id: M84ZJ868QR74AAYF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010934 PNNN RT(1705918191257 466) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8bcc6d027ad47e870fe16a237dc73bfe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674081974689
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 ba234662d889c0c3633ccca6966eb6a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: zwSqLSU0xjuOBDaiT8xXQbFQQAf95O6P
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OOzzR02g8kB0KMfCR2mMBJkFsuV/08eWZ+j8nN3+tSylI4TxLx+Uhf00EiSGOx3ctjSHghp0s6U=
last-modified: Fri, 07 Apr 2023 16:33:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2BQp7GADySLeroS2TgPz6FG2hEEqmdnb0WBK70GO8l9JaOWVrIJPfliMuCTyYasFuAv0Ez9xyEF%2Be0mCL0IM7FoCBDaETqmGcGC4wpGztfceLt5bYtksd%2BSGlEP467yar7M%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 3IShLXhrhxRlul6hfvGJA+8+rmUAAAAA0yOEB9E2kgKHTiEN41WMfQ==
cf-ray: 849701006fbd5e1c-MAD
x-amz-cf-id: 7iDabbku46CNa7rdZ-MMjv571H1gRnN55taw2HPqyNqPLgBnLgwVew==

GET
H2 200 NavIcon_AzureFiles.svg
info.varonis.com/hubfs/Web%20Assets/Logos/ 2 KB
2 KB 103ms
103ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Web%20Assets/Logos/NavIcon_AzureFiles.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e648da8a366d494100d90e0af69a2945f34e53a2c70432ea12c0303039f2351

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 667572
x-amz-request-id: S1GPBBJHA2ZV56HM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 PNNN RT(1705918191257 486) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"39f1c52d2cc888b95c60463165cda36d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691417731365
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 32bc8c16ed82342d55409baf8befba44.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PQz0I5ZDy7h_rRyB67TOq3xY2tYQaD.k
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: B2jVBtG4hr8swAmrGdhjhQpsRvIrbzYl6lT0RFJLNIEYJa7sxq/jlS5shD5dV+bVpp79YCmvV1E=
last-modified: Mon, 07 Aug 2023 14:15:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A1P%2BobIxSkoWWiYBTIlNzDDxeKvIRCA%2FONDPFjMAszZNpsORFXPyhcsI%2FzELYmUt8kKAlSKNMXbGrdreFvY%2FgMf2P3QweS4WoNsjkSNyI%2FzrD9fTba9oUFu%2BSnDPmGz0bYM%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: ovx/HRge4SBlul6hfvGJA+8+rmUAAAAA+XR8djJ4E/BgtjsHz2yrFA==
cf-ray: 849701008b298675-MAD
x-amz-cf-id: f_TgSLC8TvMX-iefngGBVVrAgJVSUYjumqD4Hg6YkTDWJQAztQKO_w==

GET
H2 200 Logo_Windows_Full-Color-1.svg
info.varonis.com/hubfs/ 480 B
1 KB 117ms
113ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Windows_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db1e2dc64218b7044da50d01d0ffb83bcdca49a35b1ab7ffcdef6736863986cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1612500
x-amz-request-id: F0513JG3S7P6F9S9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 PNNN RT(1705918191257 727) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"d694fe76cecc0228afb418373de25fd7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429615523
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 6c26d69c095f5a0598b0200e04f7026a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .uN1VY8fE_6giU8Wl79_70fP6NJlVGUA
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: FtE6EvKJHGC9NGjwd/Hk75HjlatIY4VWHKvm6DY01Kn7QXdWShytSvhn55z5YWrm97Gu9Xrjnjk=
last-modified: Wed, 29 Mar 2023 16:37:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n4TIuFzbYM8FO8Lq6Hj4qo0ZqKhqgqoUNyLwJGZavOKn1guGRAvedQf3hoY8HwbualXpLHy2iE5XhJYofFGp1x1mFTKu8Oxwgivk7Rka%2BwrJ39JNGeYiLGs2EMajL8%2BcUFg%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: HLiaCLM6BnBlul6hfvGJA/A+rmUAAAAA4TZTR/8xpnADOVOtGXlpdA==
cf-ray: 849701020e7a8675-MAD
x-amz-cf-id: b150AF_ara606IL4i0-WQ_Sk3DT6aJl1w_tRHVG3LeEK7clOQ1Yr_w==

GET
H2 200 Icon_Windows%20AD_Full-Color.svg
info.varonis.com/hubfs/ 308 B
1 KB 123ms
119ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_Windows%20AD_Full-Color.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a40943594d5eaaa010c66254e2dc4a83d8bc53104602afda2e3b622b8e78e2f0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611757
x-amz-request-id: F05FB5T4M0JKX49R
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010934 PNNN RT(1705918191257 729) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"cd83460848cbb057d8576e5cbd227359"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429626407
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 7ca1afe781f5ab2538606f4251c60710.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: j0AZK7sFXh11TgqH_ROdfL.gi9gjKDU7
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: rB5ezyAI2Ob7Vg16MIRwLwzV+cIdp29tYGFUM+pm9Jf4+Yh2m0KDoepFhV27s8R3MwfBVIJLyGs=
last-modified: Fri, 07 Apr 2023 16:34:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yw%2FaNTnSYY90yS4RhYXHAjrNZfH%2BewqZCqtrdXLdqh7Cm3DmQYMPUSa%2FS51R8StZDlbBY4RSparpp1bJmCrM%2FyuCEo7bMg3p5FZhSV8UtCSHmRDOogVkxph7WP%2FBlMu%2BMQc%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: fdRqGS+ntnBlul6hfvGJA/A+rmUAAAAAcGP+JEXUjyGw4Aa1JAHTdQ==
cf-ray: 849701020a545e1c-MAD
x-amz-cf-id: M-31L1IW73gashR8D8xvc-yH636Cyq9jw6tZnlsc-mcMw-8g3CG68Q==

GET
H2 200 Logo_GoogleDrive_icon.svg
info.varonis.com/hubfs/ 1 KB
1 KB 271ms
267ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_GoogleDrive_icon.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b40e79c5d412914e928d19e3cda375d940ed037dd6a1f6d7613b894e39898094

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 290921
x-amz-request-id: F056MQGN3GZCRF92
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010994 NNNY CT(0 17 0) RT(1705918191257 730) q(0 0 0 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"5ed1993efba372d504a94f9cededf3ac"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429633320
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 274510439642952234785ebfa88c1fc4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: C55Z6MT7XpHwV8In.o_V0y0xhp5ppwr0
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: KxvpzfrOImlDcE7nIRpF+VJ9TkaVQMXUC0sH7a6ssKbpZTKBKRdxThMMCfg48Uz+zkm6sHaUjKU=
last-modified: Wed, 29 Mar 2023 16:35:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SvBuVtiUDZ1YbbcVRWCIwPm1zEtQJbHI%2BrhESg3kW9LsVaX9Zaq11JQgFQ6nSuaL0UDFmcpkLj0ucnf6MtnYrGd0ipDk1%2BqGx1GzwgFxaePsRPeDJ%2BVRwdWXjuuewqBcb9c%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: a/FNWEcA6ANlul6hfvGJA/A+rmUAAAAAhvDa9/U6RliJexn6TA9vVA==
cf-ray: 849701020abd69ea-MAD
x-amz-cf-id: TLthXwqvF71cOGf7lCkWAx1XOQU-2vedHzJJrUd2dBDc4ywl6JvcaA==

GET
H2 200 Logo_Salesforce_Full-Color-1.svg
info.varonis.com/hubfs/ 12 KB
6 KB 150ms
146ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Salesforce_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f24b7fa64d8f44ddd36d64d9a647d13caea3756513d97abd40e3c8754efc63b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1612500
x-amz-request-id: 9384JGDM3KGKAA56
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010996 NNNY CT(9 8 0) RT(1705918191257 731) q(0 0 0 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"be309990b75f168448dbfedb6fa65e11"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429638821
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 6c26d69c095f5a0598b0200e04f7026a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tAzo3ayGAIUKFNkzvo1.OA9IZRoodnWm
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3lXSbBNlIKcn+MNr7m78pdNvl/HsjJUTuF85/c/DbVFv+pnCESayUsZ2CedO6sygRlRuXN4kwYADoLvy9RWIaA==
last-modified: Wed, 29 Mar 2023 16:36:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zv2IiZ9t%2FwZ2NQSr1AI5KTMjCf5m5Wytb%2FJ2zS6yVQLewUUi7wDFV0Q8JcunaLu0D1XKUDXN%2BHeM5f2CBQePg81Q2B1OC5YoIuuv7TnMilBee4nUYtb29Pyuic9Jy9rpOdk%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: ClkbFY6VuzVlul6hfvGJA/A+rmUAAAAAh0niAntMI8/0g/qaOMUBRQ==
cf-ray: 849701020f7e1bac-MAD
x-amz-cf-id: bdNbL-L8dXbpVpXvBB6L0p0YAaiU8xqlQh15ycA0k9Fur8lywmI-WQ==

GET
H2 200 Icon_Nasuni_Full-Color-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 156ms
152ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_Nasuni_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10426b160a932ef2b98908d2f32aca756777f9d0a90ee2d7bc334cb1629e0ddd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1612838
x-amz-request-id: 9384Q1TJDD0ZNBDP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010998 NNNY CT(1 8 0) RT(1705918191257 732) q(0 0 0 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f0b0eaa5332ee7de29889d93840bfc0f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429645009
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 a971b2b62b734c0aed2e82b19df64026.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KGxnFvJWYxjnwQ.jwg9Mt9Io5nzlo9bc
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: U7GOYVxQRUhmvUxrb2mJaXROBE4yz1lRgOCqyLLldIAiM13MhbkT1tcUuR62wgnoECcY5pZXO1/puOlzIWfvQg==
last-modified: Mon, 03 Apr 2023 21:49:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lw8ijkoEsv57r9CAA4kLE%2BS%2BjPnxGKlrSyFuDhDRbnbAI96nDgV9%2FJ8I848xgykTPY6BgiKRE%2F0SbHQKnKAU3lz%2FUjLLZKOiPSAHIARLTK9058zXsjAqbJ9EaxYA1mH16Uk%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: UtUQQS2pi1Vlul6hfvGJA/A+rmUAAAAASO3PryVorIEwOO5vEEkYrw==
cf-ray: 849701020c465e1f-MAD
x-amz-cf-id: dh8Qe7kuhv4ffsWEziaDlgUoLXqefubOt8T4DyY4ySCzWKIN_2DrWg==

GET
H2 200 Icon_UNIX_Full-Color-1.svg
info.varonis.com/hubfs/ 13 KB
7 KB 222ms
219ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_UNIX_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5db5a02e960dde70bbf77fb6d28c61d4f6b5c291b3dd08d76a678d17c2d96420

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1612838
x-amz-request-id: 9388H651P4DV6QM1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9011000 NNNY CT(1 7 0) RT(1705918191257 732) q(0 0 0 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f95d3f7607cf257b1cd570a34d5e7499"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429655074
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 e7cf9a8aaf525a2173517459ff93701e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: TAyhZrsomXl28HGe2LLLazlL86PmY7x0
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: F9OoXWl2gPsYZT2TqAz9BryEKZEcJ+4X1cBp0g2XoJmOiifGiDjLQVAbPNPmo5cFd5MLV6It+uU=
last-modified: Fri, 07 Apr 2023 16:34:48 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1sToxScpMFNH%2FJzO%2BKgOXbgHrDL9GZd3xp6VQ%2B5Rx8KdpBjLNFhaXi%2Bxv%2BxZHGkE4FydgBu4HRygC5AJO3gKtqJnsssfOTXbMNZD924Gd9yctB99ny5X1sITo58ZZf1Hl6k%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: SlwEZo/E4Vtlul6hfvGJA/A+rmUAAAAAYBVW0nmpSi4Zeu8ipPL2Uw==
cf-ray: 849701020fb92fbb-MAD
x-amz-cf-id: eUbKQ6BWixvWORi5TcJCr8wqHTiiS_dBLqTI9dTNb-q5PBxyjouIEA==

GET
H2 200 Logo_Box_Full-Color-1.svg
info.varonis.com/hubfs/ 2 KB
2 KB 181ms
177ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Box_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0adb972147098e0e4d6abbd7b83952363c8eab82429760136816142d675e321

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1612501
x-amz-request-id: 938E0CDPG88F2B8F
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 PNNN RT(1705918191257 733) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"12fad58f529b97c18d6081296d804d47"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429662187
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 6c26d69c095f5a0598b0200e04f7026a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4bnH0nYJLrnJYB2scTeniXFFZf3HM_Ur
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: VReZz8knDpwN4Vg8jQ3EjWSa3X7Hrk8YeBVwIj+hV83YpIOzN1A30aS9RVav0lEehBY9mt7zg9k=
last-modified: Wed, 29 Mar 2023 16:36:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lEK5Rl5tepW8KyZgbOOcf16tzmm8n6IxgFHuFqGzVk%2FpFAnbhwHpJhieCNmwXxGb6oyQ3sKwuOSAX%2BX8lUk44%2BXD%2F2zWMCy5HekJlycnzDRAGxgCJGIeYwDHh6ZtosRPMwo%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 1JA8FuLaYitlul6hfvGJA/A+rmUAAAAAduPlY+8y1TUjY+7rRzDamg==
cf-ray: 849701028f898675-MAD
x-amz-cf-id: JUNc-beaTIWGmkax_XG1v0MAu0M-KQikLuDV8eXvGdd7gJblDm7zww==

GET
H2 200 Logo_Amazon%20Web%20Services_Full-Color%201.svg
info.varonis.com/hubfs/ 6 KB
4 KB 276ms
273ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Amazon%20Web%20Services_Full-Color%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12feece8311f076308c2bbd3d8de66155192ea9df9a705a486f8e4684c45c5c5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611749
x-amz-request-id: 938A6Z1PBSMFX4EE
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010934 PNNN RT(1705918191257 733) q(0 1 1 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"9ec8f05ec8b4bccf14856667c2f4af0e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429669382
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 1a9dd6c2b59b927d771e7868530b32ca.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .hqD1QhDm8nt6xQNshEa2DyryB7lp9Y3
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YlI1I424sPaFMGYLscPcTcKjUUyyobXP6H1fxJ7FtniRmVe7uUaSDk6xY9i2USdi6gi6c/vh5r6i2TuI8JhQ7DFqAWy5fMxOciG/xM8rLt0=
last-modified: Wed, 29 Mar 2023 16:35:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UlukZKGhi2aZsplVmQWq3Ks45IXvWRa5N7rhcC%2By0EIauTvXDJb2ksI27X6QSxuqH8TBQ5dgKIAYtflAXbcptPXX%2BM%2F6Z38r73bP1j4kwfaEE3Rqzb4M4gSK2vqJpWsYNEs%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: ro/EGgcxx21lul6hfvGJA/A+rmUAAAAAMARTe1IUChUFfkGyKREzSw==
cf-ray: 849701029b4e5e1c-MAD
x-amz-cf-id: PLXe7h2bOo4LlVU1QxggShCG-oFGubH-jU_cDX5qvZJzOlfKFDgXMQ==

GET
H2 200 Logo_Okta_Full-Color-1.svg
info.varonis.com/hubfs/ 3 KB
2 KB 246ms
242ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Okta_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bc3c3712e26de83ecb08d0360e70ff826b4fda86e8348a3ee2208b4ab2ebad1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1612500
x-amz-request-id: 9386JK86RAA8ZBEN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010996 PNNy RT(1705918191257 734) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"6ae59b6e0ce4f86234daff364456a46c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429677378
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 274510439642952234785ebfa88c1fc4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5b0dmh0pwNv7XUyXYOrxaO9n9Ea4swdz
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: kJSvlnbNs4kWE2vl+ogk07WrOsPeYnjwxW35AUmiDNi7v0HmQ1WzynpwPP0w0a4h1P4qZ/1UDQXQ4SskUlRqxPQjDQI8xkFmyzhkdmtGpmU=
last-modified: Wed, 29 Mar 2023 16:35:58 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kReqhRsl38lL7qzqLIJhGvkmPVmzGr3UIyOPn9IJrJ%2F8Sc8PihW6wb4YQuASgot5GTIA6RCdW8q%2BjuEvXPSFi%2BZN9b7wdJDWrJM7nc63KD2aQJad8jH7fyZiv0odvko5nfI%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 4z8BYUNEjQdlul6hfvGJA/A+rmUAAAAALwE3anNIjHFiI5LidVkXYA==
cf-ray: 84970102b8cb1bac-MAD
x-amz-cf-id: 0pla9LtxIDVTEZB2o83NoptHTq27B8cXztzKD1U35p_qC_kNkkAVgQ==

GET
H2 200 Fill%201.svg
info.varonis.com/hubfs/ 1 KB
2 KB 359ms
356ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Fill%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a074c8ee602a0b3416f69defbab28371abb92ce73f934afa6e58ecec72b9256

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611749
x-amz-request-id: G9P5940WQQKJFMQN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010998 PNNy RT(1705918191257 735) q(0 2 2 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"6980550af35925ac7c226d9e70c95932"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429684459
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 e526243d2001820e80f33af5201afc0e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: T17L.OC3KO6B91DsAQ1bpeTtHFnJrWVM
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /IDX4QVhDEKDHiCSkftG5wxphKDXx4FrrdCNjNqaoU3scBUQYnpgBy095lwGMo3SagyXaVwbD01Y3r3pqsTFmh+zCVZtyxH7fthTVboBWG8=
last-modified: Mon, 27 Mar 2023 20:18:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rePT7Tq3vv2e8AJkSsTrJ%2BkT5fOeHI2V05sK%2Ftr7n3WYie0cixvvyUQLdExAJbfGr0pIA%2BD2cPPCmuf7QAwIFbjyxJsE6mv6yiDXBoKkxweKgTs%2BLp0VnDQZL4D6yVRFDGw%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: u6Y5P1krvFtlul6hfvGJA/A+rmUAAAAAIDJXWyUJwSfthD9QyidXFQ==
cf-ray: 84970102cd5a5e1f-MAD
x-amz-cf-id: oltf4f9pYG_4oStG4mzdDT1H7UxUthwRzw08fs55k-HuoJbAfb7LoQ==

GET
H2 200 dolev-taler.jpg
info.varonis.com/hubfs/ 5 KB
6 KB 255ms
252ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/dolev-taler.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfa460081cd6d4b33b383902ed4854208b80b6eebcb75a7545ba76284f288012

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68246290805,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
age: 382651
x-amz-request-id: RSCGKCD6WESP6K9X
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68246290805,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 PNNN RT(1705918191257 757) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="dolev-taler.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "44b61f3bdce30ec4457b201e47d14682"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646951319194
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 dfd3734acf4e73247eaa30d1937f8b68.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: X2GSYs4v5PUKbyNmDsWBVbJncG7ZJANu
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=11006
x-cache: RefreshHit from cloudfront
cache-tag: F-68246290805,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 5152
x-amz-id-2: xKZWF4gqSlV1h19HEJhwSsk5p27UkssVbOJ0XKncbK9KdsT9XaslCE1rCbqXe81yewF1B5gtDLU=
last-modified: Fri, 17 Mar 2023 20:59:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7l21qvbcs4PxiY8Dta3gFSlC6XI0576wqUA%2Fy7%2BV%2BB0M3ywqrJOxW16zx750PGVWk6h3yTl7DHSBiQoOCMznLUhTRLtZSVnWNZ8fWLbewuj%2FzvBlcs0lejehE3gYCvwzbtA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: CLCyFzvnNT9lul6hfvGJA/A+rmUAAAAA1SlpFmL27Awlr0qJFZ8Z+w==
accept-ranges: bytes
cf-ray: 84970102e86e8675-MAD
x-amz-cf-id: GKADk772dS2aFWYL_3xfXUkkdEtMFq302FPx8VzAtYHhm1WP_fIh8Q==

GET
H2 200 Blog_VTL_NTLMV2_202401_FNL.png
info.varonis.com/hubfs/ 577 KB
579 KB 352ms
349ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_VTL_NTLMV2_202401_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2686933d879b6bfd72c788f272bdd65df6c7a6fee43784cba805ea641f72c862

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-153419704467,P-142972,FLS-ALL
x-cdn: Imperva
age: 323759
x-amz-request-id: RNGRH2V7YP3N1MN7
x-amz-server-side-encryption: AES256
edge-cache-tag: F-153419704467,P-142972,FLS-ALL
x-iinfo: 55-9010916-9011000 PNNy RT(1705918191257 758) q(0 1 1 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_VTL_NTLMV2_202401_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "f0f95853a04e4bf0f368f3c7c83b1f26"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1705528563051
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 0dfee1c2ee3d0cb8f289c4874276734e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: pL5pbRlFI4oYJcpbhNOBoQwxA0VichkE
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=789357
x-cache: RefreshHit from cloudfront
cache-tag: F-153419704467,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 590478
x-amz-id-2: nU/xOFSxKq1Ei++H45ht/fmvAu2F1D3S4GxKVi+Xlas1s6b2kdCca2z8BLVKio3F2RGCHhMAnX0=
last-modified: Wed, 17 Jan 2024 21:56:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y354aIxCFL9gZrR6DlkUQbnC6Ch5f59fsh1SI4vnx7oDoW8p23Nj%2FYpj55bSdZlXWhCjO4niS7%2BpN5vuXCQC3%2BBWdfmtxznEqqyNRZC89sRKPmmhC9R%2BUOJwORqPf981kxw%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: yLbHX6NYyAFlul6hfvGJA/A+rmUAAAAAfUrHArHGaJcux5Q45f7gaw==
accept-ranges: bytes
cf-ray: 849701033a3b2fbb-MAD
x-amz-cf-id: wOjjptupl2eExbPQO8a9xGS9__bHMLaJvTXe2vZ5iMHQsosTBJ7q7g==

GET
H2 200 Blog_VTL_RomCom-Storm-0978_202307_FNL.png
info.varonis.com/hubfs/ 618 KB
620 KB 287ms
284ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_VTL_RomCom-Storm-0978_202307_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad6e4bd22817f7c57fba019ade1f5ce25d7e329977f8a1b210cd39c89f21fe60

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-125297363303,P-142972,FLS-ALL
x-cdn: Imperva
age: 324375
x-amz-request-id: DX6E5671BSJYENSN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-125297363303,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010996 PNNy RT(1705918191257 758) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_VTL_RomCom-Storm-0978_202307_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "ed4525e13e49ca059410a12574663dee"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1689697037534
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 ba234662d889c0c3633ccca6966eb6a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: bLZi.uNgtb1cOJwSUIB5x6iNr30guhX3
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=912261
x-cache: RefreshHit from cloudfront
cache-tag: F-125297363303,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 633276
x-amz-id-2: 7tU2GenerLp1PtNZvM0X0DW5chC66Bga1sXUa8sMOfx9/98WOjFbE/Ua9wSHlQPFXOIY0OKsDek=
last-modified: Tue, 18 Jul 2023 16:17:18 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nwS3dode%2Fz8rt%2F0O%2BvKwzG%2FuoihDmroxCsnAgWe2fsbZn75ol%2BB6IcXSbKiFA9zFfNVlbCW9mXmwktidauFgbi7LHHMQY41nMPvZ5KTQI5J78YL87bEfRGTwEolfeLBLtjs%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: /WKieBzpqEllul6hfvGJA/A+rmUAAAAAHY842O2uB/ml2pA6FMtYvA==
accept-ranges: bytes
cf-ray: 849701035a0b1bac-MAD
x-amz-cf-id: iFSbkB5Pp4LnVojA8cDeJiSr4Pn1iMYbnR5NfcSpWeLwrWAQt6FHYg==

GET
H2 200 jason-hill.jpg
info.varonis.com/hubfs/ 10 KB
11 KB 359ms
356ms Image
image/jpeg 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/jason-hill.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc49d2e85964794551744c178395ff6f1da72c3f0c2e9592227ba20df7fa8828

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68246289581,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
age: 323458
x-amz-request-id: R0Z45BNNFWXQ3GB3
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68246289581,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 PNNN RT(1705918191257 759) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "8cbc5ef89b6dd83facf0906d344d492e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646950692406
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 96067a94609f0eba55814e78a68eeb7e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: W3PTKRIAkcmf4UWgqpcwJpPBozXMVCQf
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: degrade=85, origSize=16352, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-68246289581,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 10218
x-amz-id-2: wjMxwXHJQWm3LazcfljmTfSr51n8KVOlhGfzXMA+2A7znUXKNq6hSAe8qlnobzxqk9r3AEF0se4=
last-modified: Tue, 28 Mar 2023 21:23:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQdjq9iUTzd0AAMGWqStgGZBDIPJLoNz%2FzYhjcD%2FkkVK4QvzzxLMQt9lHlC8cUt0%2FAwt4Sx1SjudgrmSVhawZ9Z%2F2RR4PdohafCG5NSLftrAGfdNTEkMDxBF87yW22dh2cw%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 3LxjRX034GJlul6hfvGJA/A+rmUAAAAA5g8Jf5AqF4rbSUL2099iaA==
accept-ranges: bytes
cf-ray: 8497010369638675-MAD
x-amz-cf-id: 8UL4ujOYhLeO9YQz0WlQNhPq1jUK7uI9PMmJllwgDqLockinlgejEA==

GET
H2 200 Blog_BlogHero_VTL_VisualStudioBug_202305_FNL.png
info.varonis.com/hubfs/ 474 KB
476 KB 359ms
357ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_BlogHero_VTL_VisualStudioBug_202305_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63e995f355c2258e59ba99ac1147cd1e4242a4f88d370a1a1bb6ba5c7cb86240

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-118176300080,P-142972,FLS-ALL
x-cdn: Imperva
age: 310015
x-amz-request-id: VYP2EK2HMWMR6CE3
x-amz-server-side-encryption: AES256
edge-cache-tag: F-118176300080,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010994 PNNy RT(1705918191257 760) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_BlogHero_VTL_VisualStudioBug_202305_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "dd431d312449189017d99f6eaa35385a"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1685557038939
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 fecc88aab4864fba141da4bfceb073e8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: HurR3C4tAkzm4UE..3dp.o1oSRizhQVp
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=666790
x-cache: RefreshHit from cloudfront
cache-tag: F-118176300080,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 484922
x-amz-id-2: H73ZhpROuwKeOzz3yG6MTkajrcxr5stkUqhtF9J/+1JmH3FVyObcu0yEsOMaHTcD4pTN/gIrP0Q=
last-modified: Wed, 31 May 2023 18:17:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xj8jSRhuPC1UZGpFeQ5RarcRKjOskHWCLTQWXm6DT9rCempBsNkxktikPIbL3mqWhPXlAXsa43F3Nx7D9sOgc16ONpNTBfxOb6dWUsjk5B3I1wry85R%2FlR3RLJPpBJ%2F%2FElo%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: bjGbV6Zvantlul6hfvGJA/A+rmUAAAAAxLVeCkpXmtFP+IpxHfIRzg==
accept-ranges: bytes
cf-ray: 849701037c7669ea-MAD
x-amz-cf-id: e1Ao7auHhbw1uQwKdcZGV7-0sowxmvDUnUDI_VpCSvmT_M1MKR-NaA==

GET
H2 200 Blog_BlogHero_VTL_GhostSites_202305_FNL.png
info.varonis.com/hubfs/ 536 KB
537 KB 352ms
349ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_BlogHero_VTL_GhostSites_202305_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a89418bb17ba5d40237a7c0f6b101fe9381afe7a618d2e1e4449e0ffc9c11d9f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-117175039509,P-142972,FLS-ALL
x-cdn: Imperva
age: 44160
x-amz-request-id: ZKHQJ2YJDJCPMESW
x-amz-server-side-encryption: AES256
edge-cache-tag: F-117175039509,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010934 PNNN RT(1705918191257 760) q(0 2 2 -1) r(2 2) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_BlogHero_VTL_GhostSites_202305_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "fe34892745f79012b954769f34eb0e1e"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1685043118444
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 1861b67291103164103ad7299a51ed5e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: TgDflyXJfm9V4IxeKTyCan3PF_UlLS_.
x-amz-cf-pop: MRS52-P5
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=757233
x-cache: Miss from cloudfront
cache-tag: F-117175039509,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 548632
x-amz-id-2: +rncHOmpm2WtbdUswdM6JYHmIFZ8fyI64dvebrp8B44Wfspf33wy4bqlJGqQlRIiBsxjiIAsD5Jx2m3slv/HfcnR1HVuiNBxvJljQ8RUrUc=
last-modified: Thu, 25 May 2023 19:31:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S8JGIkMbjzbUy92XY%2BLeMI1AB3z8A9OJnpIWaFkuJEkb%2BOkxgf1FmRb6tcUDWDMFhzqBdexQux1T9mIgYT%2FuvPVrwEt%2Bn6EP7vrs7a%2FvrtAPYyUj9BVxjNmRBTS4Jleh5So%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: q8mVL8rjAhFlul6hfvGJA/A+rmUAAAAA4Q6pXZdIrr8vDJwk/g+hlg==
accept-ranges: bytes
cf-ray: 849701038cc25e1c-MAD
x-amz-cf-id: QklmdgKvY23PnnkjPnFbB4lRVD3qdMuaPs37IuAaHMnNSpfMWa4rAQ==

GET
H2 200 nitay-bachrach.jpg
info.varonis.com/hubfs/ 7 KB
8 KB 396ms
393ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/nitay-bachrach.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

643cf3c8306417b9973a1c4f157ab3f899618b74b778c9e5f78370aafa157bad

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68246290478,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
age: 215842
x-amz-request-id: 8X0YBP96FNDB1HJM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68246290478,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010996 PNNy RT(1705918191257 761) q(0 2 2 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="nitay-bachrach.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "1d1022c1d7a017202b747a97ba1cb934"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646951131508
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 b3c3867bcc3f09d634cc38a60db5bb78.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tzjYWBK7smwW1vWHcNL9OWVBw98LFqFi
x-amz-cf-pop: CDG52-P5
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=12517
x-cache: RefreshHit from cloudfront
cache-tag: F-68246290478,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 6888
x-amz-id-2: KDo0dSQgrMjTdSDjvhgSo8GTs8Oe1aVgIKX3Q3SO183DasIu04CzRzQz+dEauUn+xUnHbpixMq6vRKo7LLcUSA==
last-modified: Fri, 31 Mar 2023 01:20:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5vUvVbf%2F0aq%2BpOKzY%2FPpjTZRAr5LqgtgLwWmnBxtyqvs5k19E2JcYAro3Wkc0BWQrUsA%2FKmyBDIR%2F%2B9N%2Fgd%2FHxpxSHxSrzqa52%2BqeC4wDSjtFmbRQc%2FwkR7kshvQOyNV7E%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: KFr4CUbhTU1lul6hfvGJA/A+rmUAAAAAeqoF34h44MgaGC9eFUaRLA==
accept-ranges: bytes
cf-ray: 84970103dae91bac-MAD
x-amz-cf-id: rmjxFPLpogkipI7vVtVjAP539TIxA5RFQhqY78vS1vvs89kAL08BDg==

GET
H2 200 prism.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/ 19 KB
7 KB 37ms
37ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7b88bddc6c757b2fc8cb113e2469801ab14a78ec1a8fada4d6391e3573f5f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4766385
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6336
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-18c0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pa1IlCJ7E7Z1qe2M3QhosG4IiGfDDJXOcIq8EKtoAIPtrM2Nqtz%2FPdtEsZjP02qpHlZCVGPgo8pdNYytSi7xuFBVdEifyb0KN1kLbw65y1P4Oo60jhR9XazYhOGkrMlI%2BpiiF1d76vRC8cdlVir9OSX9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 84970101086c86cc-MAD
expires: Sat, 11 Jan 2025 10:09:52 GMT

GET
H2 200 prism-autoloader.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/ 6 KB
2 KB 41ms
41ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0233342795c86e2079f7406bce72c481918b9ce416aedeb6b37044abae50fc8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4767414
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2202
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-89a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TEtc8%2BZfZMB8xIZk8eO0nsiHAD9f6atfBBLcEhliXKGUmJI8vj42NyvYwG7cFT9TVok8jW1qplGGlOGGTSyCssGZdzWUrE73Bo6h3EmSaVFsHdv1IStngO6KeJWo5rQ%2BiJP2RnnRCLxXYL8aWg7oQKQc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 84970101289c86cc-MAD
expires: Sat, 11 Jan 2025 10:09:52 GMT

GET
H2 200 facebook.svg
info.varonis.com/hubfs/ 634 B
2 KB 411ms
408ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/facebook.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a5034e01d5b47ec7eee2b3a45a23919684146c27b715f4fd863037b11b2abff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1612500
x-amz-request-id: G9PFNSCXJ08Q88G6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010998 PNNy RT(1705918191257 761) q(0 2 2 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"9667ebfd8e6880e7066c322b0b25a6c8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219654732
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 96067a94609f0eba55814e78a68eeb7e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: WA7pU2leNpTprUjaVEZpDKXqPbClsTVp
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OUtiqhgn3RH9XGhMz5tGq330ECq+atRUXHhuBWCHit48SzZIuSAkNQv+zjAq44FpIFEEeg0wc7s=
last-modified: Mon, 03 Apr 2023 21:49:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xSv2%2BFm5lL47FqGwcjqCMKG1CYVKVTN8YhdyPefR8oOIo3I7BEG28QH8rqt3q9g9rpOe47azLARO9%2FjUs%2BZyfe6HXlwvl2Ox6%2FaBhIzNMFiXWVbVBqQW9sIoDNnbebEGM1s%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: DXSWPX7kPmplul6hfvGJA/A+rmUAAAAAsXth42JLlfpxphfTyQL0tQ==
cf-ray: 84970103ef225e1f-MAD
x-amz-cf-id: Z4xsESIA89vnuCZdT4-8ZdCad0yzu9EoQXtPTSRrD_ZAp9yqna4CNw==

GET
H2 200 linkedin.svg
info.varonis.com/hubfs/ 1 KB
1 KB 411ms
409ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/linkedin.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b4639302db82b725feb2fb5b7c2f16d1ef8abe70409c496fe0dc777e143f45d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1612858
x-amz-request-id: SM0Y4XT2AQMSD18Y
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 PNNN RT(1705918191257 762) q(0 2 2 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"15f6f62efcbc0f51585cd41ce283b99a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219666618
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 7ca1afe781f5ab2538606f4251c60710.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QNfQH6UicIJK0KK7LA52dQI3xwAuEigm
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: eNrVIjIKvDi8BaMhQkf5TikYyCJgb66w9LphChgAFubkjQqCIT58+fKKkDmzzJYvhxeqlwgPxHIIASRnMCNnUg/x0VLvYMLP
last-modified: Fri, 07 Apr 2023 16:33:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EhS7wdAHInL0fxWmv0lw8eG7%2BfCjdj4ISS8NlAvwCHJaFN5WbaKVDFqdmXvJNzjiO35wwaYw5rMW%2BYCbyJ1vK2dvbmDzJTR0rfh80o0u7IxytPlnaWy%2BgKwQaxR0Vji7qbg%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: yDmLB6Re8Bllul6hfvGJA/A+rmUAAAAAC1f8AKsyj9bpeFDnC+j+ig==
cf-ray: 84970103ea2c8675-MAD
x-amz-cf-id: MYkPDd6m36lcIUx2Iis8UhSrKY-J6alw5Z7XuE0bQkgwGfU-cdH67A==

GET
H2 200 twitter.svg
info.varonis.com/hubfs/ 1 KB
2 KB 430ms
427ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/twitter.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3daf9b6a39281fdc04a57bdabe589d9aa970719d22733e04fc1ab799b7a5db49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611708
x-amz-request-id: V8GX81V7GMS44CPS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010934 PNNN RT(1705918191257 764) q(0 3 3 -1) r(3 3) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3ce4a000e199a193e3e73cfac7b4e108"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219676422
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c589e121113e58fcd11b4511aa7aa76.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5d9b1tur7umZsj9sMPaWqlWPAKNW7KFs
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: s5nIm9CcHQYbg0DRXyAWeZ/rbSm0B3PkoNAjqxAD8THveD/W+Zb6RZIG2xVAKoN9lgU2ZTlk61I=
last-modified: Fri, 07 Apr 2023 13:49:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4JaBKUafrltwv54veD5qnlkyJRW3WE1gQ1A9sCN%2FvCeTgWiQ168dFD99R933rcE%2BIHbfA0hNxMKTx77xF%2BowY1tZCNX2D9NIKGz54enjVBW8CxfblKlKwblH06gOP97ZLOk%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: kCUOLnQPaFtlul6hfvGJA/A+rmUAAAAAdZ/QZfa2lW7IGZLQ8VIgSQ==
cf-ray: 849701040d7a5e1c-MAD
x-amz-cf-id: YTYFxu2dGGS9-I4vIIGcr7EqGLKLoMTrKam8VE0Kqt54TSbFoZCEzQ==

GET
H2 200 instagram.svg
info.varonis.com/hubfs/ 3 KB
2 KB 468ms
466ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/instagram.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae925eb57e9822aec57086375bcf93fe910d7c6c0d83cf10bf448c5348aaf0b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-cdn: Imperva
age: 1609700
x-amz-request-id: SM0KQ2WVC5RDCT1D
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010996 PNNy RT(1705918191257 764) q(0 3 3 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"2eeffa913d57b77cfd604f3ef1fae9ed"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219687130
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 06742a79e1b18af724346d3eb743f3da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: meODPhL4FdcYRYplK87hLr86vudDDmQz
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 2FFnllJC0PEOxHZ9epvezFkbL9ScDft6abwXNJIDieKdQBj3vn8ejSIiTyGgqRlTfXMplXb1+xc=
last-modified: Mon, 03 Apr 2023 21:29:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tMLxZzkgiGCqO0S%2Bs2BfB0LAjUhPWunQgaiOgqYF1fFP07dk%2FWrwxeXcXkT1iRhSznqDUzFViapo9gcaQhXeKoLKp4B8Eka383Laqr%2BxF%2FcLwBK1z5JJWfIMXXKeZvCYbUc%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: hmuZO18dhj1lul6hfvGJA/A+rmUAAAAAzo9kK2KRGpTo9OmDdRXQ0w==
cf-ray: 849701044bb21bac-MAD
x-amz-cf-id: PY3cVwiD_Z2Ph5-vLI44szwMYl3ZchxkldcFKeR94gj2QDCEmY66lQ==

GET
H2 200 ISO-27001-Logo%201.png
info.varonis.com/hubfs/ 2 KB
3 KB 470ms
468ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ISO-27001-Logo%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b15ab10a2a109c8e59d604cd4101cebe7aab42ec227f8f521398e063bfe0217

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1612844
x-amz-request-id: 8749PXSXH8FNCA01
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 PNNN RT(1705918191257 765) q(0 3 3 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="ISO-27001-Logo%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "a413509b077bcf2faa7621b0d5d4de36"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604427281
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 96067a94609f0eba55814e78a68eeb7e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: timIF1O_gxoEXq7s04ImeochSBRbmAhf
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2523
x-cache: RefreshHit from cloudfront
cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2066
x-amz-id-2: Fdzg8BuEmjdPJXbycZf+5EbRDS+0J/JEXsfmDTxjS8oVCMKyIMOnQQf+P45f9Brx0Z+dklVT9Kg=
last-modified: Wed, 29 Mar 2023 16:10:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4e2GQikre4LSbeHPg06gTXQzebP2Kp70ZgcZHBey9NP2DdPJzxJy%2FtRJ1Lxn5SzpKDsxdfg87CkJ97q80PP68tZybgvXwFHsWj5eOZ0To1zxWY%2FV53h8eiIjVeXruOlUtDE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Wf10Cke+rWllul6hfvGJA/A+rmUAAAAASie0kVvfVbNGOJzzqayLLA==
accept-ranges: bytes
cf-ray: 849701046b0a8675-MAD
x-amz-cf-id: 4cQQYtSyiBrRTQaEEIx5JAtDDiGrZPWIFK5fLUgXU1hOFz7gPzWaYg==

GET
H2 200 ISO-27001-Logo%20Copy%204%201.svg
info.varonis.com/hubfs/ 13 KB
11 KB 485ms
483ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ISO-27001-Logo%20Copy%204%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba1b3f329ba47639a8586777bb19db73a9c3e37954b5e72ff97df8e0ea931062

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611707
x-amz-request-id: SM0YTWW190PN7EGH
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010998 PNNy RT(1705918191257 765) q(0 3 3 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3c29f40cae554dd8c7276ac63187dec1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604432436
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 7ca1afe781f5ab2538606f4251c60710.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xgSkvj92cQLN2iNJZ_lFxRESVIwvyqH_
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: oHau0ZVVLbsl+zv738+LHl7D7R1E6evNotCKdwrTTlYuf+G2twowfeyG8GcESgMRU9VPdK0BlxmhMDhNDViSVI+bZnXd4n/bHAZkooW71Os=
last-modified: Wed, 29 Mar 2023 16:10:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UuYQQid56ZoJCXZ5JmJrPouC45HoPpCPR4OFRAstqkI%2F%2BPCMhhz05RqCEWfJ%2B7ieAacuKIJmh74u63i5u09DKvOFVoWotBB7E6%2F5bUDFw540NqP9Pa2DNPZKUH0WCaFOBB8%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: SSzUWkzbaAllul6hfvGJA/A+rmUAAAAAzgliZMMiZNGXTqZC1gsk1g==
cf-ray: 849701046fe55e1f-MAD
x-amz-cf-id: vrHzRRqg3rwNMBWMHY30BAZJM9aBfM5rhxOtoJNkMDqKSPTd2NjIsA==

GET
H2 200 STAR-Level-1-badge%201.png
info.varonis.com/hubfs/ 730 B
2 KB 488ms
486ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/STAR-Level-1-badge%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ea31af1ae38b9f8194f93234449262a79af7a7bdac0938c740c62f0eae9d85b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-cdn: Imperva
age: 1345060
x-amz-request-id: DGZWM7PWV2JK1KR4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-iinfo: 55-9010916-9011000 PNNy RT(1705918191257 766) q(0 3 3 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="STAR-Level-1-badge%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "21b42231b455b1ad08b6ac53b5081df7"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604442982
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 5fd865e604cad30b24a805ca3b6d4048.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3t6QVHH7wvf.mxjXy3Y9twhVmeBu1ejQ
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1187
x-cache: RefreshHit from cloudfront
cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 730
x-amz-id-2: r0H7UzArug7vdw2DycCM0G2sBvm1VnhvegyD2RljKKsdOhzufFptelCzQ3WhmM2rjkH/KIbdjGU=
last-modified: Fri, 31 Mar 2023 14:59:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EyV5DpWTYcuQ7SxygL%2Be8WHFTtE%2BQfidWDIcx136Ptp2fau%2FJyLfs0BNVRF5%2FUfTkgE45De12w0cIZ2NRdEM8ypNwQ%2F15uETyKd5KrPt8zKUoBE1f%2BU%2FG6Wulj0ygrVSQvM%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: hLzFfYVsojNlul6hfvGJA/A+rmUAAAAAPnu4LoUx1UK06+sUX4Hl7Q==
accept-ranges: bytes
cf-ray: 849701046c952fbb-MAD
x-amz-cf-id: TC_D6zLpjS1gElfRGzxaRYp98oNJPJ3oJ9msa4SGWKIk9Ctu36rHTQ==

GET
H2 200 AICPA_SOC_250x250%201.png
info.varonis.com/hubfs/ 2 KB
3 KB 513ms
511ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/AICPA_SOC_250x250%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42222ea51046de258be17a4b61f802c94c29d8feeacaaa4ae194c590198ad002

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 771032
x-amz-request-id: ZASHHNYE3513V1HQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010994 PNNy RT(1705918191257 766) q(0 3 3 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="AICPA_SOC_250x250%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "3086eb0e182b996b1bd0e515cb8d5ddb"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604414374
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 b5395082efa0e4a254cc542fb5070f3a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QOLtmRwBZ0.MIDnZrV1Q2ii25CJ9jxJq
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2732
x-cache: RefreshHit from cloudfront
cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2104
x-amz-id-2: mkqaeikq5kFlD8PYhBB21wC4N00lkNkTg9Wihq4pniwXfitJgrcDv44U3PbHqQFzVQ6pax5HGV6RfT8MYT8IQg==
last-modified: Fri, 07 Apr 2023 16:34:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MlFoRYa7d9VFredKHviH9I2tVvXPwWbahZxs0zkFbqgBsUzfmBdPyEp7gazxoZbMtYygnD6XRZINe6LpIXGYhVVJRi1xveemfvb8mRqR%2FfAPrZqMZdT35iG7fgs018FcvW4%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: AR47OsZnnRNlul6hfvGJA/A+rmUAAAAAQ+tyFL4mGtRrcAFJSQ9Ebw==
accept-ranges: bytes
cf-ray: 849701047d8269ea-MAD
x-amz-cf-id: oXr5EYRkR15dcObxdFLwtLx2rPKcxLRglAGBTozN7-gWdpxbhYcxqA==

GET
H2 200 niap_logo%202.svg
info.varonis.com/hubfs/ 11 KB
9 KB 542ms
540ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/niap_logo%202.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2c5c92cd55477571c7e757c4105315c813e710586cf1f334f809e8c93d845c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 1464984
x-amz-request-id: 3KE2Z0CJV5WSQRXN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010934 PNNN RT(1705918191257 767) q(0 3 3 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f7049a9fa4c9ccda9202bfdca55095ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604438044
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 1a9dd6c2b59b927d771e7868530b32ca.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: i_ozlwX4ZN4wsFQgd.1gm.ZEAGKJ9w6P
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: AVNw3qRqGIOzmDy/ka+uwJa60PETs/D27zs0zYokYv72fpRcXMNESOu7nZ0gQFp2T8+e3Dyo8xc=
last-modified: Fri, 31 Mar 2023 01:17:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F6s%2FJcD1CS6mIfCvwYs%2FIlBryav1RyCuov7sZXxhrR2XS486SWKp31iiwCb%2FNO2VbOLHG9pACaz3Ftp2TYWWDeKZ%2B9nagaPdCZSi5cvaNwe4aPRxopfpvhx6GrMaBeLeGAw%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 3A5THavZdD5lul6hfvGJA/A+rmUAAAAA+LwtMevVYcWLOJLvm5O0Bw==
cf-ray: 849701047e245e1c-MAD
x-amz-cf-id: 6pGkWuPaOZ1hPrBHmQEah3b-CYpr26CJjsWVaKCBFx62Ly-EYihkYQ==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 114ms
43ms Script
application/javascript 2606:4700::6812:4ffd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:4ffd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 bc05735148d76549abe57f2fc185c1f4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: MAD56-P2
age: 2342883
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XEW0GbMbOAzLI0vVn6%2BQTj%2FfJ0mWDEYJP9augSDV1ge7yaOj3GRGlXV1d0ORYAm3sgUD6CcuKpZXhbPXQ5KNt7CkBWLdQaZfbD%2F9132JwCTRuAceTMcKhVZDb533BNP2uh4l8LeGAJLZEofBaJLujBdRcbk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 849701026d13866c-MAD
x-amz-cf-id: DzG5C1Ql8bzRxt_BMuIXb8b-fWRb8LPIOG7Mv4BvNsUTfW9WX4Xn0Q==
expires: Tue, 21 Jan 2025 10:09:53 GMT

GET
H2 200 announcement-banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/ 304 B
981 B 50ms
50ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/announcement-banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5ec6b8d820581f2d04713d3bea37883b0e5c2881f7bb108e13a3d63249c4867

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1130069
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:33:00 GMT
server: cloudflare
etag: W/"ed246e714d8f7084f9613208eb724cf5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550379808
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ve1Ke36Jvx6kmJJn39%2FRUh%2FulygglUtw%2B70ipoxWAqLM1v6v0yUOz%2BLlifJaTFAybYqZsHo8SWoW9jSqcjln6HT8432GpNGkd7X4EBelL6gX%2BPgmPVMcVrz4j6GHxVRrcTB4Vxo5lvvp2tojDz8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 849701014d3f0412-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 cse.js Show response
cse.google.com/ 9 KB
4 KB 242ms
93ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

ad0f5a6dc3a43590f7793e160b574b410c2799d836ce6b9444db888558406793

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-G73DXzkVkZ4uAiCiwr67Ew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-G73DXzkVkZ4uAiCiwr67Ew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding: br
date: Mon, 22 Jan 2024 10:09:53 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2983
x-xss-protection: 0
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
server: gws
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires: Mon, 22 Jan 2024 10:09:53 GMT

GET
H3 200 module_71662020467_Announcement_Banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/ 865 B
1 KB 80ms
80ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/module_71662020467_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6cc38542df851f8b331cdd5ac0dbe9929c7968d347c62d93c22b91ef560a931

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 351094
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 111
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3061770b-ff85-4056-965d-e71cfcd7cfec
last-modified: Mon, 30 Jan 2023 21:42:04 GMT
server: cloudflare
etag: W/"6eb6d7132999731493bad4b8e9e19c88"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1675114923395
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h4cd%2BF3euEJWunoTiGKQsoiLshg3jC8cSk7TW%2FdjjLvJPthJpO9Ilfq8LK5NYEcdnYpnEckWrvXCwfGMo4E3nUdQHei%2BqKTQOhGl5k2nvlokzKBPG%2FstNhFnvA2aLIVbsi4bfK6CO2GabfmDCdc%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6db9d854cb-qmj5d
cf-ray: 8497010198e1214e-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 module_97266453797_Remediation_Announcement_Banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/ 860 B
1 KB 62ms
61ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/module_97266453797_Remediation_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1562943
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:28:53 GMT
server: cloudflare
etag: W/"a25c4019cb8b6fc47eb8ed83cf1076d4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550132881
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wg6bLefiycAus72ivG1eTzv8u3v4sgOYJB64K50d%2Bo1dnv895%2BNeqVEL81vI2Ox2OkN9nxYswsr93FQqo8TMnJmZNmVfNpeywxD%2FlL7KP761yOYCXEbT%2B6XSDw4oMoEB4TvsdzPup98eVUHaxgo%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 84970101f99f214e-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 main.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/ 10 KB
4 KB 68ms
64ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/main.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 220352
x-amz-cf-pop: IAD61-P3
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 75fff1d4-4a23-46cc-a1b7-5653128d91f9
x-envoy-upstream-service-time: 164
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 75fff1d4-4a23-46cc-a1b7-5653128d91f9
last-modified: Fri, 01 Apr 2022 11:44:17 GMT
server: cloudflare
etag: W/"c4d1fac2b0b677aeaa2c2ade72813888"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1648813456943
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SVma9aLo224ZBDsNqe16s2wFpKymfZktMi0PuP3RqzZqTUT88NuMoQEazL2ulfkJJGmqc5MM4CJrtjrQ4gtjkyXhy3b7OEOdzwoNx0U%2BExLGZPZoATenBY1liAfVZaRj0kfn0ORW35XUBLtnhko%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 84970101f9bb214e-MAD
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 module_96126751858_Site_Navigation.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/ 4 KB
2 KB 58ms
54ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/module_96126751858_Site_Navigation.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 92507
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"066f9d11e54f30bcda41cc81ace646da"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030599466
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 490a3902-2e15-49cd-8cfe-50266492d64d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 244
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 490a3902-2e15-49cd-8cfe-50266492d64d
last-modified: Thu, 03 Aug 2023 02:43:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GMWczcdKtK85vYfRBCY6o8X3CspZ2Lk9GmcoLBu%2B4HvFofDsoAfpXgzh1kYy0jH3CdgIPd8qqAfarstQ%2FUJ8hYcdZ54NTIlhzggl93Wnu2tf6RPfpaXZ50cwkfUmr%2BIvukBAjAIP8tSo26mE7S0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-xgsnc
cf-ray: 84970101f9c3214e-MAD

GET
H3 200 module_125777074029_Navigation_Submenu.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/ 1 KB
1 KB 64ms
60ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/module_125777074029_Navigation_Submenu.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 1997984
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"131209442a05e734a14e3bd00f89bee6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210032469
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a49b94dd-3ec1-42db-ae0b-16ae77c012a3
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 167
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: a49b94dd-3ec1-42db-ae0b-16ae77c012a3
last-modified: Wed, 16 Aug 2023 18:20:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rSag9XvagAN41ofQMtISL7xQA8Ncy0lF4Otsy97kZdzucoV3iIqC0wo7sEsUYAvAPSys6TKn4GOjS5SDvED5A74LotcG0aJVtDmqrVY%2BgNbBgQ45DR3qWA0v3v9RF3J8zFJiqQqAvKA9E14j1do%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-7fw4c
cf-ray: 84970101f9c8214e-MAD

GET
H3 200 module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/ 2 KB
2 KB 63ms
59ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f5e45ba0c943167a203ccff2d9b3065c7767b1c32c33e6b21af38da1738b8a7

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 278120
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f95490701022c4b61b9aae62631a9ad7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779299533
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 47583cb8-397a-48c6-9b65-c7e53ea6169d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 199
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 47583cb8-397a-48c6-9b65-c7e53ea6169d
last-modified: Fri, 11 Aug 2023 18:41:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Do8SEHwLY85YWK1pY07ReLpkfY6m9Kn1XeX7SZS007crme8OFjeeHaMFHBFTlgEfPM9YTh0cXj7dYenxmCYmFYajYdi3wBX4gV7NaEf1hZMLcSMqbNrQkgQ6iz%2BYmmd6QGb9rH3yPsFz4S7D9bw%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray: 84970101f9cc214e-MAD

GET
H3 200 module_60280511003_blog-form.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/ 232 B
938 B 57ms
53ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/module_60280511003_blog-form.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dc5ff8e8d54854daa72a30a2bf8345b75255597251028dad23e18510e635b98

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1041056
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 14 Mar 2023 22:26:29 GMT
server: cloudflare
etag: W/"199d600316628445ac927b3b2b5d292b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678832788379
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsAM2ZV1LCMLNq47APo2Hfs0%2FG8JvKi7R6fwoKOlkuMBo0%2ByWTqkWhPfhvX04bnMMfGqTazzcXUfpuafbu5Lh80L%2BJbtv26lEqKSbANNq9wCJ2BAZ6lqZ3CS%2FSaPn6Bvd7dy7%2BRlQOoHgYf0epA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 84970101f9cf214e-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 blog.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/ 1 KB
2 KB 88ms
85ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/blog.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f6b8b612b0090fdd0032dfd7071745a0b99149bc01a55cd24b40086ede2b8d7

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 2085476
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"577f12ced843bbb8382cdbe78669b3ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1685000791604
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:52 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 69f16dee-0f40-46fc-8697-caaf98fc6ed8
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 176
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 69f16dee-0f40-46fc-8697-caaf98fc6ed8
last-modified: Thu, 25 May 2023 07:46:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cPVEG9azH0QtNSQOlwFuDjhcoL%2BlbUVA3O9UE9M3TS48IxGugWnccWUk6azrlENFQ3OEP3FgtgQqNuImWu2ovpyu5eU3KPDaTU%2BfTsfx0FC%2BTZhYOesHu5TnaERpPXm70heEYs%2BBa32wLxTTNdY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-7fw4c
cf-ray: 84970101f9d1214e-MAD

GET
H3 200 jquery.toc.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/ 1 KB
1 KB 60ms
57ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/jquery.toc.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 170305
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 14 Mar 2023 07:47:54 GMT
server: cloudflare
etag: W/"39e23085840845568c2de46aea67930a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678780073283
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jr%2FRDUBSxRkLFFKrLQlGzFCPwBGg2yuWt8EKZEB2WdceiJGaw3wzLCxHHOieg%2BMfeHvPO%2FNMKJnwbs4QtYnQyEIuj3tWEbOW9g6UrpX4lsOeQERTe0QWjSNlVkIbF3EUqHD3R5q3KLiq5%2BKbdkM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 84970101f9d5214e-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 module_87397221683_Footer_Site_Directory.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/ 577 B
1 KB 89ms
85ms Script
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/module_87397221683_Footer_Site_Directory.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 220352
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b7e1d67d9b7a486bb634ad966519a8bc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310222
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5717370c-62f7-4ee5-b9c6-1c0ee3bfab92
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 189
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5717370c-62f7-4ee5-b9c6-1c0ee3bfab92
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1DR51zzdY22zWQ%2BSgbOjGsFXnGyhAtJmF0JT4rM02WWCWYsTWu3q5MSetfA4kS0vIgqz7JZ91vDXIyS2WMt38O5r3HvuknI5fOInA7dXH21CXzYhMfP9lRDJYDPbAwDKYYKcT7BSNKpbX%2FQqAA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-5tx8p
cf-ray: 84970101f9d8214e-MAD

GET
H2 200 142972.js Show response
www.varonis.com/hs/scriptloader/ 2 KB
1 KB 851ms
850ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/scriptloader/142972.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df661bb428ea7003deafab21fa02d7b0d95db13cdcd72c141185d1b577b73296

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: abf94e1e-b863-4340-b328-4251c0c27eab
content-encoding: br
x-iinfo: 55-9010916-9010930 PNNy RT(1705918191257 768) q(0 4 4 -1) r(8 8) U24
x-envoy-upstream-service-time: 63
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: abf94e1e-b863-4340-b328-4251c0c27eab
last-modified: Mon, 22 Jan 2024 10:06:50 GMT
server: cloudflare
x-trace: 2B51ABDE36D3E36A56995D43B83469812F16104713000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-fcdc68c87-dqlwc
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBrEZkte7G%2B8dulqz%2FsEPUi2Ro7iniNMQUXQ795wmyI1SRWh88qzbzOK9FodU9tRkqSOKZ6JJ5Ec7%2F505crBvGk0vN0uEVojQddku6DpW4m6sWFyGCFoPXZzXP0BTi%2Bn7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 84970104ba915e24-MAD
expires: Mon, 22 Jan 2024 10:11:23 GMT

GET
H2 200 index.js Show response
www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 502ms
500ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 c19df961760c76bdd5a67949a9005b8c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 4672813
x-amz-cf-pop: MAD56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 55-9010916-9010921 PNNN RT(1705918191257 768) q(0 4 4 -1) r(4 4) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4xWduyFkmQCjAxA9RmbiLGUrSyIp4PyjhLcvsqWu84JCDwiSP9YHfafSBEij6eBfB%2FKecKYM54X8YeUZ5G%2BpDCxTx0Kgk36N%2Bi2OoUkSr%2Bb7NvhV6gMyuzY3zxu8aUkYbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 84970104b9492159-MAD
x-amz-cf-id: b_hy0hmkdh-SWOQA-HScQL0AtCz1GYb3qVYa0lnQrAm2zPTqI8fCiw==
expires: Tue, 21 Jan 2025 10:09:53 GMT

GET
H2 200 _Incapsula_Resource Show response
www.varonis.com/ 141 KB
20 KB 78ms
76ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1098143945

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

8a7cb8d38f0642ce41a410b6430233daa0ad9f12b2a1e9e92d01149d8ec19137

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 20160
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 343 KB
115 KB 200ms
77ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4d4a0972678371a6edf943fbc84f2e8997e783620d4040a1d21b378d44209d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 117100
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 22 Jan 2024 10:09:53 GMT

GET
H2 200 Frame%2036-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 584ms
583ms Other
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://info.varonis.com/hubfs/Frame%2036-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1163749
x-amz-request-id: 0JVXM33D567H8HSM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010994 PNNy RT(1705918191257 775) q(0 4 4 -1) r(5 5) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"4a0280ec41a09339bc32b34cd26d66f3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428417394
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 1b866e6eb5f6e3ef570f3588da8a7b3a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YmacvXukdtrqgcUXsZZPYD9p7.OCqpBh
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: napFDwSmc4SqB3HgpLrLsBZdT7K5M2HpQa3vkq2Xpwu6+2+V5Rw4v8mVkNJ26yNGvVqfo+Qf/8I=
last-modified: Tue, 11 Apr 2023 21:05:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qVpSSUK2o5jG2xPV7IqVxKexMxZ0EYTM8Gz%2BbV6Al47oBuzosKepIf5i81cTIKz%2BiRNIeIkWTvbynICRLydU7o4elfFzT7IUnW2dp2JpB8woMVbSJlJjANJ5nSNrqwkrdAA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Xe9aVFAglltlul6hfvGJA/A+rmUAAAAAVkDO3VHtOJWPzV/dQfb4GQ==
cf-ray: 849701051e7869ea-MAD
x-amz-cf-id: l7FQcYYpkZViqNk2iC0aIO3PJWP5FbpXq990T3NXAba4C6oRgXf4qQ==

GET Frame%2036%20(2).svg
info.varonis.com/hubfs/ 0
0

GET
H2 200 Frame%2036%20(1).svg
info.varonis.com/hubfs/ 1 KB
1 KB 605ms
605ms Other
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(1).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-cdn: Imperva
age: 1610918
x-amz-request-id: F050JNH6CSXJAAWP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 PNNN RT(1705918191257 780) q(0 4 4 -1) r(5 5) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"7cba335c1df43bbb31b831c70444dc5c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428464410
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 02f18a297253b2e336ff43d5a9bf889c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: jQIVfYXDwJPgRyEKdz3rJ1BSaSxuz0vz
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 2jZllGukpeqLXjKTZRMy/j/fqcLRkiYxYkp9lY9B9hmcEDlQIC6WIoPmPXaiEElL/ohs7wwxOpY=
last-modified: Fri, 07 Apr 2023 16:37:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QRtSMU0EJs5X2z%2BkDgGHo7r0FlYSmYDc33sXXkRSdArFcHBREkbAAuj%2F0B9sfC0hw7F2DdWgvUjl3%2BVDubJngKUMGlUTgLYDPA56w89gUKCwnPeWcIElenIlJnWpRHcMOMQ%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: trXIco1BrGhlul6hfvGJA/A+rmUAAAAAB0VnBhF3cgvmQpO+/sMxew==
cf-ray: 849701053c848675-MAD
x-amz-cf-id: hdd3ZoKioy2vO2s8uJACHaRhm6v4OdJg1fWfgr1NZXfIzzAvVuYAhw==

GET
H2 200 NavIcon_M365_2.svg
info.varonis.com/hubfs/ 6 KB
3 KB 624ms
624ms Other
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://info.varonis.com/hubfs/NavIcon_M365_2.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611764
x-amz-request-id: M84ZJ868QR74AAYF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010998 PNNy RT(1705918191257 782) q(0 5 5 -1) r(5 5) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8bcc6d027ad47e870fe16a237dc73bfe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674081974689
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 ba234662d889c0c3633ccca6966eb6a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: zwSqLSU0xjuOBDaiT8xXQbFQQAf95O6P
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OOzzR02g8kB0KMfCR2mMBJkFsuV/08eWZ+j8nN3+tSylI4TxLx+Uhf00EiSGOx3ctjSHghp0s6U=
last-modified: Fri, 07 Apr 2023 16:33:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WqE65suYFbt6LZQcwQwAjsfvA51jL45Wsr8ycO5UbfCkT%2BJiN02elw%2FSNUlOdYD4b%2BUl8Bgq1G9Wecl2%2FkDif9%2Bbd2UQB1Rtm%2BnFM5QLcS%2FIRhQuUSm98qzpnePJD5EjgtE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: kykcWF1BRGVlul6hfvGJA/A+rmUAAAAAlGi0htmmiKtzi7AjyB0msw==
cf-ray: 84970105492a5e1f-MAD
x-amz-cf-id: 7iDabbku46CNa7rdZ-MMjv571H1gRnN55taw2HPqyNqPLgBnLgwVew==

GET
H2 200 electric-blue-bullet.svg
info.varonis.com/hubfs/List%20Bullets/ 207 B
1 KB 548ms
547ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/List%20Bullets/electric-blue-bullet.svg

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

579b9f734819f583199cd70b03c4e919430a74dd7698921ef16465b41d934769

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-cdn: Imperva
age: 1611702
x-amz-request-id: 7CX0Z7YVNR4VHYPP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010998 PNNy RT(1705918191257 783) q(0 4 4 -1) r(5 5) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"11a69afb5c346ee7879933cb8018fb16"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1686756510007
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 43df20a5894fa784ae683a87c27deea8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .NxTwPt8HK_D1KNCw2RVpUG949n3i.Ds
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: qmQghOuU3oLaMRe8tBNThmbfC1kgu1G+FE5mkpp//LMfbxvF08TK0Wz78x0OhbZC6pgSdiwcki0=
last-modified: Wed, 14 Jun 2023 18:26:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rE3TWampt3B4Q8dXiU9q5pMVDtvoZTLsNuCtRC7vZze%2BnrRPCGFjAEh5JxjEVFb1K0IdGLeHJk52Awg4XAjE%2FXkqaWqW3KmDqIHwSNYpjPB8jJZnheNy%2FgvVb5JEk4Q9erQ%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: XsVVUZZkXntlul6hfvGJA/A+rmUAAAAA2W25eUXZYptRMaMDz1m7Pw==
cf-ray: 84970104d88d5e1f-MAD
x-amz-cf-id: VANCMV4FkLKWNPsIvKQ74g_N-5S4EuTpPDvGupKglGYNjAYSatFF-g==

GET
H2 200 left-dots.svg
info.varonis.com/hubfs/Blog%20Assets/ 2 KB
1 KB 549ms
549ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog%20Assets/left-dots.svg

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

842abfe134599c5d48d4ddd88bde8d24bd36b32b22bea540837311364b7ce2c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-cdn: Imperva
age: 666678
x-amz-request-id: 01C9WRCYNQAZRDDS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-iinfo: 55-9010916-9011000 PNNy RT(1705918191257 784) q(0 4 4 -1) r(5 5) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"254492fd49488a86ceb0dec13de43a23"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687458027842
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 2ca4ccff3a1366a36e81c34e56cb1296.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ehUGABsPDh.TzD7OR2EU0s227ASA3VJS
x-amz-cf-pop: TLV50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: JgWEFi0Z1fK5uCirKxHldziHwIXD0OuuhrgUXhrDRVr8aEYpGE8E+wNJtVDSJW+hGM+FvjlOl2zVdtbFSn3xdUNId+rkaLz+7qYBlpLAq40=
last-modified: Thu, 22 Jun 2023 18:20:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O7GGrs%2F3L53MhenH3BLqblKm0HoUr2aYW82s5sufcc6ZP6ojuBhECj0voIxCfeHptzGqrINuYYjFEzBfYwe8rU01%2BxL0HGlfmYiU35kddNWXn7VV%2FrLdkgyMOxHTt5rFfQw%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: mTisca5VaW9lul6hfvGJA/A+rmUAAAAAk/7NManhWhlvVkTo/5fQEA==
cf-ray: 84970104dd602fbb-MAD
x-amz-cf-id: i96j4GMggTvKi6sruAXxt3L7CINKLpIxUB-iWnh3kHH95jH8y0tc_Q==

GET
H2 200 Graphik-Medium-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 46 KB
47 KB 136ms
61ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Medium-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1705695999660/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
age: 183264
x-amz-request-id: W9X10X8JCFMPG65T
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "b1508d27f0878f1a2c67e3104acc6f04"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839921
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
via: 1.1 ba234662d889c0c3633ccca6966eb6a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: qsBQrK0UutXz6JHO9XDG7lT0R2bZ_P1t
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 47393
x-amz-id-2: mcXo0MsZ8usQTxzvr74fcN5NB3n7YxDtyeFViiabdye6O864ENbM3vp5sg8tFY10CroidBF2RYQ=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 849701028a052fca-MAD
x-amz-cf-id: jva-6MjewykNk42EkSlzuUPyFEVpQTG_QuxRa1jgzr6xvmA4hKhZzA==

GET
H2 200 Graphik-Semibold-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 47 KB
48 KB 195ms
120ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Semibold-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1705695999660/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
age: 2081806
x-amz-request-id: XAC5Q2BHX2BR89DN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "912a296360c873da4d505fecc03d44a5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839881
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
via: 1.1 dfd3734acf4e73247eaa30d1937f8b68.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: mxuwX8fqRvNjrtNo8SAnedwxdNDRhr6l
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 48237
x-amz-id-2: R4SQLR3j4pY8r0bY8qigmun/Ffv/oDR+b3YQ3BMUMPBFK0OCzBOim4jDpq9gOTbZTtBVBrYth04=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 849701028a022fca-MAD
x-amz-cf-id: IpTXAfL6VG_COWpavh5vHITf6nadBnYnoZYY1EvoWCTHD_NpNdTEHg==

GET
H2 200 Graphik-Regular-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 42 KB
43 KB 167ms
93ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Regular-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1705695999660/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
age: 2079463
x-amz-request-id: QCYQ1ASTVBJ4FYFV
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "3c6b915f90783765fd47bc0e05b46078"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839928
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
via: 1.1 7fa24b69976256db9d1911c711296394.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: dC1ZTBx86DO9UlmT3zytQkvsH.OIjcRF
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 43329
x-amz-id-2: zQkWdRNon7N8RFdZKu2uqPC1G0ls8+NoFQ6EZB+4idIaC9q4rPf8zfExCbsDsWFyjye6K+cSURvSWzb68orYD/Qw0LrgDq30F1yK0AwYqVI=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 849701028a072fca-MAD
x-amz-cf-id: pCf6U1BzLL0CNmROqpzFNMRUQewfnPQHUZgfvTpYBd9dldpyUnmwuw==

GET
H2 200 Graphik-RegularItalic-Cy-Web.woff2
info.varonis.com/hubfs/raw_assets/public/hook-www-varonis/fonts/ 46 KB
48 KB 516ms
155ms Font
application/font-woff2 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://info.varonis.com/hubfs/raw_assets/public/hook-www-varonis/fonts/Graphik-RegularItalic-Cy-Web.woff2

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/fonts.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72a5846a952eaeb4a8f0b74402e93565c5a7361ec5c129371d141633041dfbb8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-60281827331,FD-60282136660,P-142972,FLS-ALL
x-cdn: Imperva
age: 661166
x-amz-request-id: Y8J0E3DDJRC105BJ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-60281827331,FD-60282136660,P-142972,FLS-ALL
x-iinfo: 37-6503577-6503581 NNNN CT(0 12 0) RT(1705918192325 31) q(0 0 0 0) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "179518664378873527da97d38aae7eb4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1637600140418
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 7fa24b69976256db9d1911c711296394.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ypNO6ixl4lbzEnCs5Wc1MFnBwZ.Mh0iu
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-60281827331,FD-60282136660,P-142972,FLS-ALL
x-amz-meta-index-tag: none
alt-svc: h3=":443"; ma=86400
content-length: 46733
x-amz-id-2: 1FEedJscU3AzBYvqADvIDQM7wqBtD0ftKDc/UG0q5h89o1dv3T5CBbNmoAM1w9eSwhHYS87cWKU=
last-modified: Mon, 22 Nov 2021 16:55:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o1dxTE23D%2FcsCdzjt5J%2F4mA4uZ9PUHTZ6pL6LcogsLtFidEumjgKetqDPK8bM1s67BDSPP0Mqks7E0NcgUPIXDKHmHUSUu9J7286ESMqAOn5%2FofYwUCM%2BNDS8t5OlilSWI8%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: w7oLJxo7rVLuwF6hfvGJA/A+rmUAAAAA0P6DMYEnvJ8dvJGCw7f1Lg==
accept-ranges: bytes
cf-ray: 849701046a185e24-MAD
x-amz-cf-id: Kd6xUBTZAxetRGMsaA9K3zS_1jmfq8T_d5sShqjRAthYJwjdJAtcig==

GET
H2 200 Graphik-Bold-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 47 KB
48 KB 137ms
63ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Bold-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1705695999660/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e78c8571835c19bd1a941799d68bc14b99413f2679d3410c41d1d4d3a00f50f4

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524009070,FD-110532947091,P-142972,FLS-ALL
age: 66824
x-amz-request-id: NMA3753E22NG2VKQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524009070,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "188f3225882f51f9eff1c090718bee01"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681245085855
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
via: 1.1 3f2f1c546e63f10a66abd1c978af36f6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: SDMVhfZD04lWwW2k3U7RNnMB0Ks0y88s
x-amz-cf-pop: AMS1-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524009070,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 48457
x-amz-id-2: sIKTCcF8aCr+sWE4/yTARZK59GbBbxYTkB1H5PqyuympTTUZBZvrJwEiHl4ofTglq0br5Nrvkxo=
last-modified: Tue, 11 Apr 2023 20:31:26 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 849701028a062fca-MAD
x-amz-cf-id: Jiu7PDiKbFbh7UTfjpMfsVILPoh_-3-cZ_j2huovb5101R-aDcywhQ==

GET
H2 200 NTLM%2001%20Updated.png
info.varonis.com/hs-fs/hubfs/ 391 KB
392 KB 510ms
509ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hs-fs/hubfs/NTLM%2001%20Updated.png?width=1441&height=950&name=NTLM%2001%20Updated.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e370b75a6a33039216e3e6abcd18e40182646cf0dc6a4b3130b5163843de946

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 06742a79e1b18af724346d3eb743f3da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
x-cdn: Imperva
cache-tag: F-153493651236,P-142972,FLS-ALL
x-iinfo: 55-9010916-9010932 PNNN RT(1705918191257 785) q(0 4 4 -1) r(4 4) U24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 400504
cf-resized: internal=ok/m q=0 n=804+0 c=19+961 v=2024.1.1 l=400504
last-modified: Thu, 18 Jan 2024 14:33:17 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfLcDDgQDoyOqFrrjcegR9wgST-Wq1oloW2NsIH09zDQ:03b5788204724c6c20c84fbf9ea8b422"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XdodEu0y%2B1ywx3wd8ZHODis8GwOQHvk6ETNpUaDm%2FmAmH9eHJ%2FKrCn0nCNvvy3NIGBcvuCJWSCo742w%2BvmvVrm1SsFrvUNiPehS7q1BbLXknMahmtUORWX3wNBA7bmiz%2Fzo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-incap-sess-cookie-hdr: AiJsIUGWfQhlul6hfvGJA/A+rmUAAAAAY044dZWRPaMTg4neRBUdWQ==
accept-ranges: bytes
cf-ray: 84970104fc178675-MAD

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/8435450f13508ca1/ 318 KB
106 KB 189ms
66ms Script
text/javascript 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8435450f13508ca1/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c8cc3cef0d65c2d9912b24f27bd2f42a79d10be8e00439562a3984f90f05bdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108214
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 16:43:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Mon, 22 Jan 2024 10:09:53 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/8435450f13508ca1/ 41 KB
9 KB 324ms
201ms Stylesheet
text/css 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8435450f13508ca1/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9068
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 16:43:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Mon, 22 Jan 2024 10:09:53 GMT

GET
H2 200 minimalist.css
www.google.com/cse/static/style/look/v4/ 5 KB
2 KB 180ms
57ms Stylesheet
text/css 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/minimalist.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:55:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1452
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Mon, 22 Jan 2024 10:45:46 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
3 KB 164ms
55ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5405ac4720581a3b794bd47b00c79285506a0b6def6c1b769559079277b081da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 10:09:53 GMT
content-md5: 6oOsvUdeQ5SFXdnmMUUa7w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
reporting-endpoints
x-fb-debug: 6/VqmHaE8O4Vex3dNyhB1YWjuSzB2sTP6sx5679lym160u93NVoN/v8mwxhEHels0RMM9kgM5pVrF5LUspnlLw==
x-fb-content-md5: 0accd682acd14d5edc9ceee9b73103f7
cross-origin-opener-policy: same-origin-allow-popups
etag: "625dacb32946515a68884d26dc3f85ca"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Mon, 22 Jan 2024 10:10:55 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 138ms
30ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mdr/668D) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 10:09:53 GMT
Content-Encoding: gzip
Age: 912
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (mdr/668D)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238

Request headers

accept-language: es-ES,es;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e

Request headers

accept-language: es-ES,es;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 module_97266453797_Remediation_Announcement_Banner.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/ 860 B
1 KB 51ms
51ms Other
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/module_97266453797_Remediation_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1562944
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:28:53 GMT
server: cloudflare
etag: W/"a25c4019cb8b6fc47eb8ed83cf1076d4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550132881
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRIB7bVJtpFfyNj0fS%2BJM2C3yDJpL%2B3O5op8jhlAa3rlldq%2B4Ziy%2FIOVmQmAmmXRb3RT8Ijk4dp35oOcBpuogt%2FKfOv1NXldCxD%2FMR0BPbXZObeg98BS8iOS9Z9%2BvzV6EKnGKC5Bq4DevxpFXQA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 849701031be1214e-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 module_125777074029_Navigation_Submenu.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/ 1 KB
1 KB 54ms
54ms Other
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/module_125777074029_Navigation_Submenu.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 1997985
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"131209442a05e734a14e3bd00f89bee6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210032469
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a49b94dd-3ec1-42db-ae0b-16ae77c012a3
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 167
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: a49b94dd-3ec1-42db-ae0b-16ae77c012a3
last-modified: Wed, 16 Aug 2023 18:20:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=drXeMRsBJYShb4l4XY6GWWgXB%2BPW9z6Wy5OUvVM4plRfS7b0%2FqQmgTeOJgp8RdOCArM9zUIFNiTUw3LGM3SDFXXZ%2BmU%2BhFfh78FEPZuIFn9WFW3OpeNDReotQ0Nh%2BCO6pGLtaQtbxC8MTdXe%2BkM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-7fw4c
cf-ray: 849701031bf7214e-MAD

GET
H3 200 blog.min.js
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/ 1 KB
2 KB 57ms
57ms Other
application/javascript 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/blog.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f6b8b612b0090fdd0032dfd7071745a0b99149bc01a55cd24b40086ede2b8d7

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 2085477
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"577f12ced843bbb8382cdbe78669b3ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1685000791604
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 22 Jan 2024 10:09:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 69f16dee-0f40-46fc-8697-caaf98fc6ed8
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 176
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 69f16dee-0f40-46fc-8697-caaf98fc6ed8
last-modified: Thu, 25 May 2023 07:46:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WaJ0efJAefWmZ9CsIJ3jGTkyrqG%2BFDx82d%2FRvWPwgytKBYXoiwAdYkPBbpulDT3bYvJRER0L08hyA%2BxnPaKDWcy6hMHgHxOzsWU%2F%2BiFKZd9eWyO2VPeEHPeG21SG8mYHQfN3cVbSCGd8iO4Pieo%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-7fw4c
cf-ray: 849701031bf9214e-MAD

GET
H2 200 _Incapsula_Resource
www.varonis.com/ 1 B
84 B 35ms
35ms Image
text/plain 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.varonis.com/_Incapsula_Resource?SWKMTFSR=1&e=0.6328936863372754

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

POST
H2 202 event Show response
plausible.io/api/ 2 B
502 B 303ms
127ms XHR
text/plain 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/api/event
Requested by: Host: plausible.io
URL: https://plausible.io/js/plausible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
cdn-edgestorageid: 1081
cdn-cachedat: 01/22/2024 10:09:53
cdn-pullzone: 682664
application: 10.0.1.2
alt-svc: h3=":443"; ma=2592000
content-length: 2
x-request-id: F6yjjvsR_3Vnp9EFu64E
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 202
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: must-revalidate, max-age=0, private
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
cdn-requestid: 1610c9e4cc58e082369e738705578db3
cdn-requestcountrycode: ES
cdn-requestpullsuccess: True

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html Show response
platform.twitter.com/widgets/ Frame 26D0 319 KB
104 KB 30ms
30ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mdr/6688) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 3602900
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Jan 2024 10:09:53 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (mdr/6688)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 299 KB
84 KB 111ms
55ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=7912385256d70162bb7297f0f81b1d00

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5f9494db6a1767e64be7eb59e3ac312ff8659192507d7ad9cec7599990469953

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 10:09:53 GMT
content-md5: 72gdDDF4wj3RWomGe/pA/Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86380
reporting-endpoints
x-fb-debug: 31n2rS5WxfXahm98MYIIDrRljYM98IWgxSlfg+af7Dm3qJF+qbFB4Z/Gs+9XSNhngKN9I5o1jgfWXz7Kmc1F6w==
x-fb-content-md5: 8463be765392fb13d7922a678ac7dfe2
cross-origin-opener-policy: same-origin-allow-popups
etag: "8c5bf105c3b387764d4f19ed3eb88dd6"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Tue, 21 Jan 2025 09:40:26 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 26D0 869 B
656 B 281ms
167ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=5fab27e98f2d03e56efc5ecf32487cf99adb0361

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-response-time: 113
date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Mon, 22 Jan 2024 10:09:53 GMT
server: tsa_f
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: cfcc3bc002a0fc06
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7469935968
x-connection-hash: 10e1694b6250f355910c6cca10217145cf3ec76d677d00d52107051d0d3c15a0
content-length: 337

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 177ms
56ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 09:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1304
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 22 Jan 2024 11:48:09 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/ 3 KB
2 KB 212ms
92ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/?random=1705918193405&cv=11&fst=1705918193405&bg=ffffff&guid=ON&async=1&gtm=45He41h0v846391121&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&hn=www.googleadservices.com&frm=0&tiba=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac6bafef4a580401348f030ad7b090bdde74267abe00c65183dbc074ff583147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 26 KB
9 KB 98ms
30ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 5c4f333e017c9640455e5799950b8fbebded3b1f815debdb6f78a6bc9a599faf

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 11 Jan 2024 16:53:48 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "7e21c5a8cd33b5b26adb70efa1378617"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8123

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 145ms
30ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mdr/669C) /

Resource Hash

d9a20960a92a417e9ecbb15df8f2fedf11667f7c01398a266209444eba152ded

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
last-modified: Thu, 18 Jan 2024 19:52:59 GMT
server: ECS (mdr/669C)
age: 46643
etag: "66e96af0474ada1:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25393

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 213 KB
56 KB 55ms
55ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7d32db5e7f8166ca472c3703592e17b044a0bfd5b49150c5c888a20164105b08

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 22 Jan 2024 10:09:53 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57023
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: A+XlugNx6kqkaR5PhKcd1cc3glcCT/5RNIclYxduLW2BamthH/UMJ1X9JZL5Cxb0BXv/tuqlZF/UhSF3vJ+mRQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 142972.js Show response
js.hs-scripts.com/ 2 KB
1 KB 360ms
294ms Script
application/javascript 2606:4700::6810:bb59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/142972.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bb59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

986d69710000f052c223e9e6e697fbb746c193605c2cab27f912f8854e460b06

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c7426bd4-8684-4431-ac29-3c7c557622c3
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c7426bd4-8684-4431-ac29-3c7c557622c3
last-modified: Mon, 22 Jan 2024 10:07:59 GMT
server: cloudflare
x-trace: 2B9C6BFA753C2D3B71532AA8C7305296176584FF0B000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-fcdc68c87-2trhz
cf-ray: 849701054fa51ba3-MAD
expires: Mon, 22 Jan 2024 10:11:23 GMT

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 184ms
57ms Script
application/javascript 2606:4700::6811:4341
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4341 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: 789YV5T3JDCKDJE9
age: 2630
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ywTy4MvAoVnHZrtc2/6ucDCO9Yx35oVMoX52D64gF6qWE6bCmeyvuu0ON826dQQIZ+rK9jdpSeA=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 84970105ae5d385d-MAD
expires: Mon, 22 Jan 2024 14:09:53 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 277ms
151ms Script
text/javascript 18.195.106.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.106.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-106-3.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a62ffeff372624a510666a927d0fafb3e00606c355ab87c7c25fd8413e5a50f3

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Jan 2024 10:09:53 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 173ms
54ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230044-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 294 KB
94 KB 75ms
73ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1629c3289806816929132c3e1e29e025f7671a1eb36c72bd1e9616793f992284

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96283
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Jan 2024 10:09:53 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
17 KB 242ms
57ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 20 Dec 2023 22:26:49 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65836a29-fee9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17567
expires: Mon, 22 Jan 2024 10:09:53 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 43 KB
16 KB 182ms
59ms Script
application/javascript 2a02:26f0:3500:16::215:148b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Jan 2024 16:29:26 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=57690
accept-ranges: bytes
content-length: 15732

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 177ms
64ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 22 Jan 2024 10:09:53 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4C5CB594BA5743E0860D5C4D66E30CA4 Ref B: LON04EDGE1111 Ref C: 2024-01-22T10:09:53Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 404 cse.js
cse.google.com/ 0
0 88ms
88ms Script
text/html 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H/1.1 200
OK ktxevents.v1.js Show response
trackit.ktxlytics.io/ 98 KB
98 KB 205ms
70ms Script
application/javascript 18.165.183.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://trackit.ktxlytics.io/ktxevents.v1.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.165.183.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-165-183-12.zrh55.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id: 8nobErucU.TGbL_HVc3JJOzAiDrdj9pU
Date: Mon, 22 Jan 2024 04:16:13 GMT
Via: 1.1 fa2f998214db1c6c6bdb96ceff3ce5d8.cloudfront.net (CloudFront)
Last-Modified: Wed, 23 Oct 2019 19:11:31 GMT
Server: AmazonS3
X-Amz-Cf-Pop: ZRH55-P1
Age: 21221
ETag: "5350ce54b7969cfe1e9a0314b25964b6"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 99889
X-Amz-Cf-Id: 4DEZNptFkAM4C-bdcrl9pzehmpf8XW0amphYvicPuwnWhphYSN84dA==

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=993756413
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D993756413

43 B
1008 B

61ms
61ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D993756413

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
an-x-request-uuid: 7a80fdf3-8ff3-42d9-8c60-a6ad34b8e479
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 146.70.128.165; 146.70.128.165; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
an-x-request-uuid: 3f822f21-6c50-4dd4-aa26-d38f8a192476
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D993756413
cache-control: no-store, no-cache, private
x-proxy-origin: 146.70.128.165; 146.70.128.165; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
149 B 213ms
69ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=71679u3&ct=0:ms2x9ot&fmt=3&gtmcb=787975749
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 async-ads.js Show response
cse.google.com/adsense/search/ 137 KB
50 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/8435450f13508ca1/cse_element__en.js?usqp=CAI%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9038fcfd87e53d6ffca8e4e91f3986ab75ca99f55fbf10257a048fdfd36daaac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "17331755203964379523"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Mon, 22 Jan 2024 10:09:53 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
117 B 203ms
56ms Image
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 216ms
147ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=142972&callback=jsonpHandler

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 64859421-61b2-4951-844c-5bc290b16eaa
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=84970106ac080402&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 64859421-61b2-4951-844c-5bc290b16eaa
server: cloudflare
x-trace: 2BF6DBE7B9ADFF4F1DA3C5C4F0FB41607EC0D8715C000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-bf946f66b-57scl
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 84970106ac080402-MAD

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 96ms
30ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1705918193513&id=t2_4ofecxl5&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=c23fbeb3-104a-46b6-aeb6-f08f4327d4ea&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_97292340&dpm=&dpcc=&dprc=
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
245 B 135ms
53ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PCF2HBX32M&gtm=45je41h0v9102029281z8846391121&_p=1705918192927&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=2092891725.1705918194&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1705918193&sct=1&seg=0&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&dt=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1372
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ipv
cdn.bizible.com/ 43 B
305 B 32ms
32ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=b9868cd60e8640b8ec969cd52ba65dba&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&_biz_t=1705918193563&_biz_i=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&_biz_n=0&rnd=501775&cdn_o=a&_biz_z=1705918193563

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mdr/6691) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Tue, 16 Jan 2024 17:44:14 GMT
server: ECS (mdr/6691)
age: 491139
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
205 B 38ms
30ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=b9868cd60e8640b8ec969cd52ba65dba&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&_biz_t=1705918193565&_biz_i=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&rnd=977512&cdn_o=a&_biz_z=1705918193565

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mdr/6695) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000; includeSub
last-modified: Tue, 16 Jan 2024 17:44:18 GMT
server: ECS (mdr/6695)
age: 491135
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H3 200 179650485736885 Show response
connect.facebook.net/signals/config/ 143 KB
37 KB 153ms
153ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/179650485736885?v=2.9.141&r=stable&domain=www.varonis.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1eb53138d7cef1e86d31b18e2dd250c6149fe3d702a09a351a8437c4301672dd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 22 Jan 2024 10:09:53 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: bAvOdWrTgu7Us4msPTKJlwX9i09BBa3GWb/bF1SepkitaMkhm9Im7dQqY4staz+9fssPy6hmHyYSmXFKa2TXNw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/1/i/ 43 B
376 B 279ms
166ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=9760c0e4-1faf-4db4-9332-07de68d3ca23&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e9d76874-03b0-47bf-9206-af18391168e8&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-response-time: 114
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=0
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 60c6e97b229324bf
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 87c9c907e5218aa28ba9280679038b798722cfbf1f508629c7bc324296afa5eb
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
727 B 365ms
239ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=9760c0e4-1faf-4db4-9332-07de68d3ca23&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e9d76874-03b0-47bf-9206-af18391168e8&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-response-time: 186
date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=631138519
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: b2ffd2aa330bd32f
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: f972748ac427515140ec738ab51dc23bf955742ed9a7454144793910f9cf7355
content-length: 43

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
325 B 153ms
153ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=b9868cd60e8640b8ec969cd52ba65dba&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.01.18

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.15.58 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mdr/669F) /

Resource Hash

43bf52072aeb9126eb03eefb55dfc2d19c3e46f8187999291849043115cbed30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSub
server: ECS (mdr/669F)
etag: 43FB92A9
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 218

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 09:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 868
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 697
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 22 Jan 2024 10:55:25 GMT

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
356 B 367ms
118ms XHR
application/json 52.73.142.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMTQ3NX0.iI-HhwOQ2R9nR36t6D2kwo7l09ByrLMU2A7_XHc4Ar0

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.73.142.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-73-142-175.compute-1.amazonaws.com

Software

Resource Hash

e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: c8008b51a2a46f11dc80510dc5ac7992

GET
H2 200 /
www.google.com/pagead/1p-user-list/1015553108/ 42 B
340 B 68ms
68ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1015553108/?random=1705918193405&cv=11&fst=1705917600000&bg=ffffff&guid=ON&async=1&gtm=45He41h0v846391121&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&frm=0&tiba=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_z9zUSaYEVaZXAtM2ZDGSgmSfdv0dfQ&random=491003363&rmt_tld=0&ipr=y

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.es/pagead/1p-user-list/1015553108/ 42 B
455 B 191ms
68ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/pagead/1p-user-list/1015553108/?random=1705918193405&cv=11&fst=1705917600000&bg=ffffff&guid=ON&async=1&gtm=45He41h0v846391121&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&frm=0&tiba=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_z9zUSaYEVaZXAtM2ZDGSgmSfdv0dfQ&random=491003363&rmt_tld=1&ipr=y

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
618 B 354ms
248ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 260042C9941149C191E23956C4A6E453 Ref B: LON04EDGE0909 Ref C: 2024-01-22T10:09:53Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.varonis.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYPhgf1mR28V/QL4ry/ew==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesT...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1705918193629%26url%3Dhttps%253A%252F%252Fwww.varonis....
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesT...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookies...

0
265 B

320ms
214ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQL_79vPCaDi3wAAAY0wpeLlQcf132oO4N1K1S5v78AkEMSpUdlictlcFlmxAZHExUWV3w
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 07CE8848BC7A4DF4925283E324169BFB Ref B: LON04EDGE1222 Ref C: 2024-01-22T10:09:54Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYPhggDG31BMxGcu56Ztw==

Redirect headers

date: Mon, 22 Jan 2024 10:09:53 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 33C5C6D4984A4DBD81EAB44AFA551C22 Ref B: LON04EDGE0909 Ref C: 2024-01-22T10:09:54Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193629&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQL_79vPCaDi3wAAAY0wpeLlQcf132oO4N1K1S5v78AkEMSpUdlictlcFlmxAZHExUWV3w
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYPhgf+NToRjO+a24n+Bw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesT...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1705918193630%26url%3Dhttps%253A%252F%252Fwww.varonis....
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesT...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookies...

0
143 B

298ms
265ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQIf3X4rsU-JtAAAAY0wpeMqj49xPcwmn4Yoqfxw5X1-B0gvhaHgSNGMn2Cc2nREYGyuIw
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: DDDED25D621B47D9B1B918293D870D37 Ref B: LON04EDGE1222 Ref C: 2024-01-22T10:09:54Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYPhggDHlXDHA9Hs0osbg==

Redirect headers

date: Mon, 22 Jan 2024 10:09:53 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A727868318DE4B80B9FD0F78D23FAFD1 Ref B: LON04EDGE0909 Ref C: 2024-01-22T10:09:54Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1705918193630&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQIf3X4rsU-JtAAAAY0wpeMqj49xPcwmn4Yoqfxw5X1-B0gvhaHgSNGMn2Cc2nREYGyuIw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYPhgf/QWpIqSjKta/0hA==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
222 B 64ms
64ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1326078959&t=pageview&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&ul=en-us&de=UTF-8&dt=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAEAjAAAAACAAI~&jid=1576689622&gjid=1912761772&cid=2092891725.1705918194&tid=UA-2019109-1&_gid=595780914.1705918194&_r=1&_slc=1&gtm=45He41h0n81KMGCX7Vv846391121&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=1447776815

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a04f7efa05c1f9212a79b715568b9976977a4d8e8f0c7ee571ab4f71bf32ccc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 148008183.js Show response
bat.bing.com/p/action/ 0
117 B 64ms
63ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/148008183.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 22 Jan 2024 10:09:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 836C658F391744B38975A522C0361786 Ref B: LON04EDGE1111 Ref C: 2024-01-22T10:09:53Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
286 B 155ms
155ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=148008183&tm=gtm002&Ver=2&mid=267dfc24-2f11-4783-ab5a-5e165c1b6cbf&sid=6303a390b90e11ee928815ec7e1647f0&vid=6303abc0b90e11eebe519b9c3ef33993&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&p=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&r=&lt=1296&evt=pageLoad&sv=1&rn=308892

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 22 Jan 2024 10:09:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 87525B8C90FA4674A71AB77F5FF1EF44 Ref B: LON04EDGE1111 Ref C: 2024-01-22T10:09:53Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 149ms
149ms Stylesheet
text/css 18.195.106.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.106.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-106-3.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 811de82a796b59802011febde4f63c838593d50fcf8ef51e183dd2fdd85ebc6f

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Jan 2024 10:09:53 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 274ms
152ms Fetch
image/jpeg 18.195.106.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.106.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-106-3.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Jan 2024 10:09:53 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 274ms
152ms Fetch
image/jpeg 18.195.106.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.106.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-106-3.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Jan 2024 10:09:53 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 61ms
61ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 18 B
304 B 230ms
54ms XHR
text/html 2a02:26f0:ab00::214:8e70
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00::214:8e70 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a24f5642d64cca92376fa1017026a9022e7de73a768db9e37770fa3f0494a5a8

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.varonis.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:ac8:23:84::1e
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1705918193801_34901612_8522999_21_761_52_107_219";dur=1
content-length: 18
expires: Mon, 22 Jan 2024 10:09:53 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 295ms
294ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=a69799bc-eed9-44be-85bd-2473ceff342f&session=665bfcb1-cad2-4d55-8219-f98c693c174d&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A53%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Varonis%20Threat%20Labs%20discovered%20a%20new%20Outlook%20exploit%20and%20three%20new%20ways%20to%20access%20NTLM%20v2%20hashed%20passwords.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&pageViewId=d82af421-9a76-48fd-890c-d087c5ad73d6&v=1.1.14

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 330ms
329ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=a69799bc-eed9-44be-85bd-2473ceff342f&session=665bfcb1-cad2-4d55-8219-f98c693c174d&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2022%20Jan%202024%2010%3A09%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2208f833d2e9af1f124e201163df927e7c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2022%20Jan%202024%2010%3A09%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2022%20Jan%202024%2010%3A09%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c1b0175dc2b2ae319cf32b1dec3db9836bdaea3e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2022%20Jan%202024%2010%3A09%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2022%20Jan%202024%2010%3A09%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Varonis%20Threat%20Labs%20discovered%20a%20new%20Outlook%20exploit%20and%20three%20new%20ways%20to%20access%20NTLM%20v2%20hashed%20passwords.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&pageViewId=d82af421-9a76-48fd-890c-d087c5ad73d6&v=1.1.14

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
349 B 151ms
51ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2019109-1&cid=2092891725.1705918194&jid=1576689622&gjid=1912761772&_gid=595780914.1705918194&_u=aCDAAEAiAAAAACAAI~&z=1900925373

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

94dcf5556e059d9e35d347a9fdd7c295ec5d8001d8c00693dfc2a7d18f9fb0f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 22 Jan 2024 10:09:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 263 KB
86 KB 77ms
77ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b5f8755b63001cd6a58fd75f810ec918519c579f92d67c2c9d6f99dffa485be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87712
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Jan 2024 10:09:53 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/142972/ 72 KB
23 KB 353ms
291ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/142972/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22d773092387f04fd9df781484e07a72c66712196aa4c202c037de3d0a0f67e8

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
x-amz-version-id: pN_MPYoDqJLPHUjvR4FiQpLO9QPuLq61
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: TWFFB6E897E0R735
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 061b24e3-b503-46c9-a9ef-b3962837089b
x-envoy-upstream-service-time: 43
x-amz-id-2: 865s4KeKq8UniaH9lottsEZySCJgW78+ty0Gj1sSxVRiiYFSq0CDDDZKPUYaaE9qbkIRm8sQyXY=
x-evy-trace-listener: listener_https
x-request-id: 061b24e3-b503-46c9-a9ef-b3962837089b
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 11 Jan 2024 21:59:23 GMT
server: cloudflare
etag: W/"862effff9ff12d708674b8d5768b6f98"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-855d6bfb88-kff6g
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 84970107cbd38669-MAD
expires: Mon, 22 Jan 2024 10:14:54 GMT

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 80 KB
24 KB 127ms
64ms Script
application/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f285f832bdee154f19636c329d9812c7b37695e6af794fb7449831f7e5aa30ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Origin: https://www.varonis.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding: br
age: 304
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.811/bundles/project.js&cfRay=8496f9970b912faf-MAD
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b79a052e45d9ff379a2eebc5c01dff68"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.811/bundles/project.js
date: Mon, 22 Jan 2024 10:09:53 GMT
x-amz-version-id: ixWR37UqrUEzxfs2YVxH6u5QHtBGCTp4
via: 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: ce5b4ffe-0af0-40f1-a07c-723a1af95ff7
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-evy-trace-route-configuration: listener_https/all
x-request-id: ce5b4ffe-0af0-40f1-a07c-723a1af95ff7
last-modified: Tue, 16 Jan 2024 13:48:15 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TPmpwKXDep0zhnyhb1HAx7ZdTuNiZWYbJ8SawSNcwXfbJ%2Be3H5C9E%2BARuyoR34l%2BI9nEnsjOn0aFD%2BIll%2Fz4%2F5lzeKly57JANc3x2cUzG79VW3qPBeup3f8UjazxsLc96W6Sw%2Blt5jPGdpBk"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-bf946f66b-dhz6l
cf-ray: 84970107eba566a7-MAD
x-amz-cf-id: WVhlFBOBM1f05Ku5bKUIHiE2xmsUAYXfttGaK3g-W82cSRgFDqpqCA==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 117ms
54ms Script
application/javascript 2606:4700::6811:e6a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e6a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9092cb4fb3eafe925fa67a4dc6b62b7c769cbcb9a1420ecaf4b5d80edeae726

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
x-amz-version-id: 5iFzgPv7W58VCAVxkHMx4QTA.7HcSoUh
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 63
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.510/bundles/pixels-release.js&cfRay=8496ff7a5819216e-MAD
x-cache: Hit from cloudfront
x-hubspot-correlation-id: fbc6db8a-ebef-4d81-9bd2-b68f6eaeabcc
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fbc6db8a-ebef-4d81-9bd2-b68f6eaeabcc
last-modified: Mon, 08 Jan 2024 15:41:50 UTC
server: cloudflare
etag: W/"ef358d7718df65ca620b75c779a3c331"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-bf946f66b-jhgf8
cf-ray: 84970107ff180419-MAD
x-amz-cf-id: 9gLu7lh8oJEDOWgv6oVsKltgKjpu41aEwPXwmKayAy7Yj10-OZo3PA==
x-hs-target-asset: adsscriptloaderstatic/static-1.510/bundles/pixels-release.js

GET
H2 200 142972.js Show response
js.hs-analytics.net/analytics/1705917900000/ 67 KB
21 KB 112ms
48ms Script
text/javascript 2606:4700::6810:4cba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1705917900000/142972.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4cba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73f11950886980e6c5822827a4910d8d806e9b811cd4bb028c4e2b077d1cd73e

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:53 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: JGMNY56BC1JDY2V3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 7bd1cdc9-f38c-45da-8625-0012fcb618e4
age: 113
x-envoy-upstream-service-time: 49
x-amz-id-2: UrqxCycskmg4Ggs56chNwUJWrBGTXdkx+reZqKScGSz4Zmo2M68xwzvAPfPCuJI1MYN38r89f0Q=
x-evy-trace-listener: listener_https
x-request-id: 7bd1cdc9-f38c-45da-8625-0012fcb618e4
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 03 Jan 2024 16:24:14 GMT
server: cloudflare
etag: W/"e9a6af517691af0f1764bf9c545073a8"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-855d6bfb88-kff6g
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 84970108093a6665-MAD
expires: Mon, 22 Jan 2024 10:13:00 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 84 KB
24 KB 107ms
44ms Script
application/javascript 2606:4700::6811:fba8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:fba8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08f09e95e50ae9c0181382558ff935903a7b273b4a8e5006788e85ae1c72c7c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
x-amz-version-id: KYDl9V0le_8eNyhqu8y2yzPaUoKjKmsM
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 365
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.15030/bundles/project.js&cfRay=8496f820f9842166-MAD
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 098fac59-affe-4eda-a496-00a2eac6391c
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 098fac59-affe-4eda-a496-00a2eac6391c
last-modified: Wed, 20 Dec 2023 17:16:05 UTC
server: cloudflare
etag: W/"64e2daa01b1349fee44794df69e776a8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-bf946f66b-tgh6w
cf-ray: 849701087e6e1a82-MAD
x-amz-cf-id: QTQQwHmHk25vvazNZ3sPRIuJe2WgnRXzXOqRwUjasDEbyk7SEGRc_A==
x-hs-target-asset: conversations-embed/static-1.15030/bundles/project.js

OPTIONS
H2 200 tp2
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ Frame 0
0 380ms
124ms Preflight 18.233.143.160
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.233.143.160 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-143-160.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.varonis.com
access-control-max-age: 600
content-length: 0
date: Mon, 22 Jan 2024 10:09:54 GMT
server: nginx

POST
H2 200 tp2 Show response
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ 2 B
335 B 155ms
125ms XHR
text/plain 18.233.143.160
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.233.143.160 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-143-160.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://www.varonis.com
date: Mon, 22 Jan 2024 10:09:54 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
H2

200

v1
c2.ktxlytics.io/com.snowplowanalytics.iglu/
Redirect Chain

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=3859013269519159281
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=3859013269519159281&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs

43 B
386 B

124ms
124ms

Image
image/gif

18.233.143.160
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=3859013269519159281&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Server: 18.233.143.160 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-143-160.compute-1.amazonaws.com
Software: nginx /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 43

Redirect headers

date: Mon, 22 Jan 2024 10:09:54 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
location: https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=3859013269519159281&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 0

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 730 B
675 B 181ms
63ms XHR
application/json 3.127.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-184-242.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6c11a81403cc671a40a06177d5db361b70415e0f7f27519ba92749cc47eba4ae

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
accept-language: es-ES,es;q=0.9
Authorization: Token c1b0175dc2b2ae319cf32b1dec3db9836bdaea3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
X-6s-CustomID: WebTag1.0 08f833d2e9af1f124e201163df927e7c

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 391

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 197ms
61ms Preflight 3.127.184.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.184.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-184-242.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Mon, 22 Jan 2024 10:09:54 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 81ms
80ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2019109-1&cid=2092891725.1705918194&jid=1576689622&_u=aCDAAEAiAAAAACAAI~&z=622276428

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.es/ads/ 42 B
107 B 82ms
81ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2019109-1&cid=2092891725.1705918194&jid=1576689622&_u=aCDAAEAiAAAAACAAI~&z=622276428

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
245 B 133ms
52ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-36XYNTY1LS&_ono=1&gtm=45je41h0v9139046520&_p=1705918192927&_gaz=1&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=2092891725.1705918194&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&dt=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&sid=1705918193&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1774
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 51ms
50ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-36XYNTY1LS&cid=2092891725.1705918194&gtm=45je41h0v9139046520&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.es/ads/ 42 B
107 B 83ms
83ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-36XYNTY1LS&cid=2092891725.1705918194&gtm=45je41h0v9139046520&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l2&z=1885360342

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Jan 2024 10:09:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 286ms
286ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=a69799bc-eed9-44be-85bd-2473ceff342f&session=665bfcb1-cad2-4d55-8219-f98c693c174d&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A23%3A84%3A%3A1e%22%7D&isIframe=false&m=%7B%22description%22%3A%22Varonis%20Threat%20Labs%20discovered%20a%20new%20Outlook%20exploit%20and%20three%20new%20ways%20to%20access%20NTLM%20v2%20hashed%20passwords.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&pageViewId=d82af421-9a76-48fd-890c-d087c5ad73d6&v=1.1.14

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 369 B
1 KB 157ms
156ms Fetch
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=142972&currentUrl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&contentId=153514315916

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14103b64df9857f9f7ad1f02efaafba97ce4772e8d8b448857de69c3537c338d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 211a8365-9462-43d9-b483-55a4e469e4f9
content-encoding: br
x-envoy-upstream-service-time: 28
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 211a8365-9462-43d9-b483-55a4e469e4f9
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a8cEkdbPGu5s1wSFNRtXW8X%2BJ8KY%2F7YYrwhFgOG3n8Kj9Jy4tr464Ap0o7g6KzyUhx0JrV77wNoNxo4Gx5AhD0Yw%2BeAs4lErGZfC3sVHiCutBJa0LLdnDMprl0LiZ6qJpTwAoQj6w7RA1TkE8Mhd1wNCgETMSXxafYM%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 849701089cee66a7-MAD
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-547b899f8d-62w5d

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
464 B 119ms
119ms XHR
application/json 52.73.142.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.73.142.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-73-142-175.compute-1.amazonaws.com

Software

Resource Hash

bd35d2a61cf83428b48b1a0888612dac9c6db3b2e595e8cf4665554293301e8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 5080abdfce6ad3f53eb453755e440018

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 165ms
54ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=179650485736885&ev=PageView&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&rl=&if=false&ts=1705918194004&sw=1600&sh=1200&v=2.9.141&r=stable&ec=0&o=4126&fbp=fb.1.1705918193785.553697498&cs_est=true&ler=empty&it=1705918193573&coo=false&dpo=LDU&dpoco=0&dpost=0&cdl=&rqm=GET

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 22 Jan 2024 10:09:54 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
332 B 150ms
149ms XHR
text/plain 18.195.106.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=7DZRzfkZdpma72wkdfbzjA&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&t=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&tip=YaBqRXWw0ioyHmWkcw2wdKgfgFTbJfXHQoMHVVfbtPQ&host=https%3A%2F%2Fwww.varonis.com&sa_conv_data_css_value=&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd912b1041bb8ea5b1c41e2744bbcb5f58a924680a5&sa-user-id-v3=s%253AAQAKIMIC2ysSRElgzbnWoRhDHoO3kOl2Adhc2iFyVNEnQSVzEHwYBCDx_bitBjABOgQ7vvenQgSlsYgn.rwQqgog4IQ%252Fh57PJIMpfZ%252F4weSJxQ1MTdX5m7asZEqY&sa-user-id-v2=s%253AErEEG7jqWxxB4nRLvLX1ipJGgKU.j51c5wf9lw8Ym%252F66sXbuLzl%252BxpVSPPY9px5J8S6Ufeo&sa-user-id=s%253A0-12b1041b-b8ea-5b1c-41e2-744bbcb5f58a.tPYYVxDl%252BNrLWmHkUSELtAbt6OhHEWrLzXhvoHGIVqA
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.106.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-106-3.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: https://www.varonis.com
date: Mon, 22 Jan 2024 10:09:54 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 138
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
310 B 150ms
150ms XHR
text/plain 18.195.106.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=_9vH_OIoGoaDi4-zdBz9Vg&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&t=Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes&tip=YaBqRXWw0ioyHmWkcw2wdKgfgFTbJfXHQoMHVVfbtPQ&host=https%3A%2F%2Fwww.varonis.com&sa_conv_data_css_value=%270-12b1041b-b8ea-5b1c-41e2-744bbcb5f58a%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd912b1041bb8ea5b1c41e2744bbcb5f58a924680a5&sa-user-id-v3=s%253AAQAKIMIC2ysSRElgzbnWoRhDHoO3kOl2Adhc2iFyVNEnQSVzEHwYBCDx_bitBjABOgQ7vvenQgSlsYgn.rwQqgog4IQ%252Fh57PJIMpfZ%252F4weSJxQ1MTdX5m7asZEqY&sa-user-id-v2=s%253AErEEG7jqWxxB4nRLvLX1ipJGgKU.j51c5wf9lw8Ym%252F66sXbuLzl%252BxpVSPPY9px5J8S6Ufeo&sa-user-id=s%253A0-12b1041b-b8ea-5b1c-41e2-744bbcb5f58a.tPYYVxDl%252BNrLWmHkUSELtAbt6OhHEWrLzXhvoHGIVqA
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.195.106.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-106-3.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin: https://www.varonis.com
date: Mon, 22 Jan 2024 10:09:54 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 widget Show response
www.varonis.com/_hcms/livechat/ 312 B
1 KB 220ms
219ms XHR
application/json 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_hcms/livechat/widget?portalId=142972&conversations-embed=static-1.15030&mobile=false&messagesUtk=b94dbcc5f9d34beb94dc925dbc101d8e&traceId=b94dbcc5f9d34beb94dc925dbc101d8e

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

420b068c3abb243f491c5e23ad34644425b9eb73db7314e63bb7b1efd8ff90cb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
accept-language: es-ES,es;q=0.9
X-HubSpot-Messages-Uri: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 50ef5ecc-eb83-46fb-b1ba-f399b706985e
x-iinfo: 55-9010916-9010930 PNNy RT(1705918191257 1812) q(0 0 0 -1) r(2 2) U24
x-envoy-upstream-service-time: 9
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 50ef5ecc-eb83-46fb-b1ba-f399b706985e
server: cloudflare
x-trace: 2B89AB190803FBDEA57D9BD7AF56D8A8EC54C8175B000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-fcdc68c87-w2qjn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gvGM5bd%2Fm8SGWt86EbNus72F0La3%2FkA7GG61ZpCbiQChMc5QfGl9pQyp503LLuQIPHjwlU2HsD6WbgAlur1Oh3boPR2MC1Ve7y1IwiedJsP83vv9mWj7x9Jzf%2B2XWQMCJw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 84970108d8c95e24-MAD
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 206ms
142ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Mon, 22 Jan 2024 10:09:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 12f930a9-6c05-487f-a9fd-ec42c30a06e6
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 12f930a9-6c05-487f-a9fd-ec42c30a06e6
Last-Modified: Mon, 22 Jan 2024 10:09:54 GMT
Server: cloudflare
X-Trace: 2B0F524074514527E5797AB3719707F479A04F5097000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-547b899f8d-hzvvh
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 84970109fc3e2166-MAD

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 180ms
117ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8497010a1be46617-MAD
content-length: 0
content-type: application/octet-stream
date: Mon, 22 Jan 2024 10:09:54 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 1
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-855d6bfb88-kff6g
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 6aaf2315-3769-4a0a-8bc7-4bda6827d3a7
x-request-id: 6aaf2315-3769-4a0a-8bc7-4bda6827d3a7

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 151ms
151ms Fetch 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/142972/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: e12e173e-7d6e-473b-9dc2-3606d7cb0536
x-envoy-upstream-service-time: 29
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: e12e173e-7d6e-473b-9dc2-3606d7cb0536
server: cloudflare
x-trace: 2B8DBFAA1DABA2A0F1480B875DE067376787C18862000000000000000000
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-86cdd7ff89-9kv94, iad02/analytics-js-proxy-td/envoy-proxy-855d6bfb88-8jbvm
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8497010acd4b6617-MAD

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 253ms
252ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=a69799bc-eed9-44be-85bd-2473ceff342f&session=665bfcb1-cad2-4d55-8219-f98c693c174d&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A53%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Varonis%20Threat%20Labs%20discovered%20a%20new%20Outlook%20exploit%20and%20three%20new%20ways%20to%20access%20NTLM%20v2%20hashed%20passwords.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&pageViewId=d82af421-9a76-48fd-890c-d087c5ad73d6&v=1.1.14

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 114ms
45ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:55 GMT
x-amz-version-id: lFoq_FZJwJ3rDVe9.7kNMZjc5YKK6r5L
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 11 Dec 2023 12:17:02 GMT
server: cloudflare
via: 1.1 52923a8d354a8b3a1b839b39ec3a8ae6.cloudfront.net (CloudFront)
x-amz-cf-pop: MAD53-P3
etag: W/"15c02cdee0df6c26ba3d8c62d912c66c"
age: 41938
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cf-ray: 8497010f198c1bbb-MAD
x-amz-cf-id: ZeWnZ_H3MMZK_5h26nJoI6tod9KyqW4puEnpmK9UXqXTBK8yEFLNhQ==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
610 B 154ms
154ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=412147705&v=1.1&a=142972&pi=153514315916&ct=blog-post&ccu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&cpi=153514315916&cgi=740355147&lpi=153514315916&lvi=153514315916&lvc=en&pu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&t=Outlook+Vulnerability+Discovery+and+New+Ways+to+Leak+NTLM+Hashes&cts=1705918194980&rv=1&vi=171149a54e95e7a3f3d4c6ee6af4d5f6&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: fab9241b-ec5b-458b-bfb3-fd8507b9e278
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 19
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fab9241b-ec5b-458b-bfb3-fd8507b9e278
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u6lEBWTuhm7n0OD2sEHDEaYI9P45ATdWU3Vawgk66Om0vUb9h8Y4meydOLLj4ZAi5QxSv8BWL8cx6Ilhh%2BUHBFMC3aMh3kutaWc88POJ%2B94iC5MAiMpVYuyadzHQEUt7iXHUP2Ar64Z8KSsXirZg"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-865d96945d-rglst
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8497010eb9c80402-MAD
x-robots-tag: none

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
364 B 200ms
200ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e35939a8d0e8bf96f1c88fa6f7ba572c9b5f6cd8e6508699492c4825e7551e8a

Request headers

visited_url: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
accept-language: es-ES,es;q=0.9
Authorization: Bearer f17f1ae9341679920418
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 22 Jan 2024 10:09:55 GMT
via: 1.1 52923a8d354a8b3a1b839b39ec3a8ae6.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-amz-cf-pop: MAD53-P3
x-powered-by: Express
etag: W/"92-ZJTmwRe3YVqGys/gXvKcVtLDILU"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 849701111c672171-MAD
x-amz-cf-id: ZuanywoCLA1cZ667v9yhU5U1nNu8_FQ8XAWWpNJg_qRyxek4lLQdDw==
apigw-requestid: R77GFgxjvHcESVA=

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 271ms
205ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: R77GDgbuvHcES5w=
cf-cache-status: DYNAMIC
cf-ray: 8497010fca072171-MAD
date: Mon, 22 Jan 2024 10:09:55 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 52923a8d354a8b3a1b839b39ec3a8ae6.cloudfront.net (CloudFront)
x-amz-cf-id: Ynae0MtaRuKpU49UGApF0cZruGCcj8CrbWD9U0AoO0DnNr6lOF9jKw==
x-amz-cf-pop: MAD53-P3
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H3 200 / Show response
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ 3 KB
2 KB 680ms
645ms Fetch
text/javascript 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

32a1b5c01ece1db505890f5836e722cc7bbdb96184143d84e36c4e96ebdff6fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
_vtok: MTQ2LjcwLjEyOC4xNjU=
_zitok: 4d60b1d9c538f620df921705918195
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/javascript

Response headers

date: Mon, 22 Jan 2024 10:09:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 849701146fde2f8f-MAD

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ Frame 0
0 290ms
214ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.varonis.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84970112df4c5e1d-MAD
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 22 Jan 2024 10:09:55 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 297ms
297ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=a69799bc-eed9-44be-85bd-2473ceff342f&session=665bfcb1-cad2-4d55-8219-f98c693c174d&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A54%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Varonis%20Threat%20Labs%20discovered%20a%20new%20Outlook%20exploit%20and%20three%20new%20ways%20to%20access%20NTLM%20v2%20hashed%20passwords.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&pageViewId=d82af421-9a76-48fd-890c-d087c5ad73d6&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 243ms
242ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=a69799bc-eed9-44be-85bd-2473ceff342f&session=665bfcb1-cad2-4d55-8219-f98c693c174d&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A55%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Varonis%20Threat%20Labs%20discovered%20a%20new%20Outlook%20exploit%20and%20three%20new%20ways%20to%20access%20NTLM%20v2%20hashed%20passwords.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&pageViewId=d82af421-9a76-48fd-890c-d087c5ad73d6&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:56 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 276ms
275ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=a69799bc-eed9-44be-85bd-2473ceff342f&session=665bfcb1-cad2-4d55-8219-f98c693c174d&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A56%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Varonis%20Threat%20Labs%20discovered%20a%20new%20Outlook%20exploit%20and%20three%20new%20ways%20to%20access%20NTLM%20v2%20hashed%20passwords.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&pageViewId=d82af421-9a76-48fd-890c-d087c5ad73d6&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:57 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 264ms
264ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=a69799bc-eed9-44be-85bd-2473ceff342f&session=665bfcb1-cad2-4d55-8219-f98c693c174d&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2022%20Jan%202024%2010%3A09%3A57%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Varonis%20Threat%20Labs%20discovered%20a%20new%20Outlook%20exploit%20and%20three%20new%20ways%20to%20access%20NTLM%20v2%20hashed%20passwords.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Outlook%20Vulnerability%20Discovery%20and%20New%20Ways%20to%20Leak%20NTLM%20Hashes%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Foutlook-vulnerability-new-ways-to-leak-ntlm-hashes&pageViewId=d82af421-9a76-48fd-890c-d087c5ad73d6&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 10:09:58 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: info.varonis.com
URL: https://info.varonis.com/hubfs/Frame%2036%20(2).svg

Verdicts & Comments Add Verdict or Comment

125 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

62 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.varonis.com/	1970-01-20 17:51:59	Name: __cf_bm Value: nHLuVLBntfANycw7U2oOP4R_5E8H7r4ch89ZfM1OWEY-1705918192-1-AeWwQRhgz38g3K5NiRFIlkYbmWaylcXQ9FnK8JERZanXkl7hX6MXcrRtD2IfvgNwphGoOZPb9lmLDe2WEYH0WiA=
.www.varonis.com/	1969-12-31 23:59:59	Name: __cfruid Value: a3f96c725819df75f2cf58d3d6cac596dcb31c64-1705918192
.varonis.com/	1970-01-21 02:36:51	Name: visid_incap_2074238 Value: MHD8DUN3Rh6ChtPcRi8R1O8+rmUAAAAAQUIPAAAAAADmO65Bf7U01BfgAr+YaE1e
.varonis.com/	1969-12-31 23:59:59	Name: nlbi_2074238 Value: +FHuQ+pYLVL1K5sAV8um7wAAAACFiTqjB8wD9UywzUucxFGB
.varonis.com/	1969-12-31 23:59:59	Name: incap_ses_255_2074238 Value: x91tHyRWxUJlul6hfvGJA+8+rmUAAAAAXGkrTaJlp04Q8rI8z1wfHw==
.info.varonis.com/	1969-12-31 23:59:59	Name: __cfruid Value: a3f96c725819df75f2cf58d3d6cac596dcb31c64-1705918192
.info.varonis.com/	1970-01-20 17:51:59	Name: __cf_bm Value: OH28Ukf2MuNdUGwliPd0qaBt80lEkp4njFkNMIVPLOI-1705918192-1-AdFBalYMey8irVj0QcqWabXfPjf7elSe/hd75lpRlPLxRr4urw5LPHH2fyQgiNioz6/GxQK8Ihk/+5NE52ZKH90=
.varonis.com/	1970-01-20 20:01:34	Name: _gcl_au Value: 1.1.929039894.1705918193
.varonis.com/	1970-01-20 20:01:34	Name: _rdt_uuid Value: 1705918193513.c23fbeb3-104a-46b6-aeb6-f08f4327d4ea
.varonis.com/	1970-01-21 02:37:34	Name: _biz_uid Value: b9868cd60e8640b8ec969cd52ba65dba
.varonis.com/	1970-01-21 02:37:34	Name: _biz_nA Value: 1
.bizible.com/	1970-01-21 02:37:34	Name: _BUID Value: b9868cd60e8640b8ec969cd52ba65dba
.varonis.com/	1970-01-21 02:37:34	Name: _biz_pendingA Value: %5B%5D
.varonis.com/	1970-01-21 03:27:58	Name: _ga Value: GA1.2.2092891725.1705918194
.varonis.com/	1970-01-20 17:53:24	Name: _gid Value: GA1.2.595780914.1705918194
.doubleclick.net/	1970-01-20 17:51:59	Name: test_cookie Value: CheckForPermission
.varonis.com/	1970-01-20 17:51:58	Name: _gat_UA-2019109-1 Value: 1
tags.srv.stackadapt.com/	1970-01-21 02:37:34	Name: sa-user-id Value: s%3A0-12b1041b-b8ea-5b1c-41e2-744bbcb5f58a.tPYYVxDl%2BNrLWmHkUSELtAbt6OhHEWrLzXhvoHGIVqA
.srv.stackadapt.com/	1970-01-21 02:37:34	Name: sa-user-id Value: s%3A0-12b1041b-b8ea-5b1c-41e2-744bbcb5f58a.tPYYVxDl%2BNrLWmHkUSELtAbt6OhHEWrLzXhvoHGIVqA
tags.srv.stackadapt.com/	1970-01-21 02:37:34	Name: sa-user-id-v2 Value: s%3AErEEG7jqWxxB4nRLvLX1ipJGgKU.j51c5wf9lw8Ym%2F66sXbuLzl%2BxpVSPPY9px5J8S6Ufeo
.srv.stackadapt.com/	1970-01-21 02:37:34	Name: sa-user-id-v2 Value: s%3AErEEG7jqWxxB4nRLvLX1ipJGgKU.j51c5wf9lw8Ym%2F66sXbuLzl%2BxpVSPPY9px5J8S6Ufeo
tags.srv.stackadapt.com/	1970-01-21 02:37:34	Name: sa-user-id-v3 Value: s%3AAQAKIMIC2ysSRElgzbnWoRhDHoO3kOl2Adhc2iFyVNEnQSVzEHwYBCDx_bitBjABOgQ7vvenQgSlsYgn.rwQqgog4IQ%2Fh57PJIMpfZ%2F4weSJxQ1MTdX5m7asZEqY
.srv.stackadapt.com/	1970-01-21 02:37:34	Name: sa-user-id-v3 Value: s%3AAQAKIMIC2ysSRElgzbnWoRhDHoO3kOl2Adhc2iFyVNEnQSVzEHwYBCDx_bitBjABOgQ7vvenQgSlsYgn.rwQqgog4IQ%2Fh57PJIMpfZ%2F4weSJxQ1MTdX5m7asZEqY
.varonis.com/	1970-01-20 17:53:24	Name: _uetsid Value: 6303a390b90e11ee928815ec7e1647f0
.varonis.com/	1970-01-21 03:13:34	Name: _uetvid Value: 6303abc0b90e11eebe519b9c3ef33993
www.varonis.com/	1970-01-21 02:37:34	Name: sa-user-id Value: s%253A0-12b1041b-b8ea-5b1c-41e2-744bbcb5f58a.tPYYVxDl%252BNrLWmHkUSELtAbt6OhHEWrLzXhvoHGIVqA
www.varonis.com/	1970-01-21 02:37:34	Name: sa-user-id-v2 Value: s%253AErEEG7jqWxxB4nRLvLX1ipJGgKU.j51c5wf9lw8Ym%252F66sXbuLzl%252BxpVSPPY9px5J8S6Ufeo
www.varonis.com/	1970-01-21 02:37:34	Name: sa-user-id-v3 Value: s%253AAQAKIMIC2ysSRElgzbnWoRhDHoO3kOl2Adhc2iFyVNEnQSVzEHwYBCDx_bitBjABOgQ7vvenQgSlsYgn.rwQqgog4IQ%252Fh57PJIMpfZ%252F4weSJxQ1MTdX5m7asZEqY
www.varonis.com/	1970-01-21 03:27:58	Name: _gd_visitor Value: a69799bc-eed9-44be-85bd-2473ceff342f
www.varonis.com/	1970-01-20 17:52:12	Name: _gd_session Value: 665bfcb1-cad2-4d55-8219-f98c693c174d
.bizibly.com/	1970-01-21 02:37:34	Name: _BUID Value: dc9f9859832f796361cb9540db901860
.varonis.com/	1970-01-21 02:37:34	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.adnxs.com/	1970-01-20 20:01:34	Name: uuid2 Value: 3859013269519159281
.varonis.com/	1970-01-20 20:01:34	Name: _fbp Value: fb.1.1705918193785.553697498
.adnxs.com/	1970-01-20 20:01:34	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2In9u[%O$!]tbP6j2F-XstGt!@EH>%8efG
.hubspot.com/	1970-01-20 17:51:59	Name: __cf_bm Value: dbs7s84MHwLAQxGztWaySyjQqbm.afGiQvMSiA5LSNE-1705918193-1-AfzjdJGv8Y+YBo1gh1A3pVpmY+z+FywNy383LdAms8jhgRjc43fP0XggdSzO32UZKX2ghpTltBpD0A4FZs1h0SM=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: pYZ_QxhfVS_tVp8XYzzezWnQv1zy66WYklSQtjhC01k-1705918193821-0-604800000
.bing.com/	1970-01-21 03:13:34	Name: MUID Value: 211D0C81C4B96FA02018188FC5596EC1
.varonis.com/	1970-01-20 17:51:59	Name: _sp_ses.1082 Value: *
.varonis.com/	1970-01-21 03:27:58	Name: _sp_id.1082 Value: 3d1de1b1-83d8-4515-87bb-108a6acc39c4.1705918194.1.1705918194.1705918194.ee329c4d-95c7-4049-8bed-c39cd40ea555
.t.co/	1970-01-21 03:27:58	Name: muc_ads Value: c59e3843-1dab-4699-b641-bce701dfc18a
.linkedin.com/	1970-01-20 17:53:24	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2739:u=1:x=1:i=1705918193:t=1706004593:v=2:sig=AQHXi_1HFjrwkp2tXHDuejKcU2dNjkkL"
www.varonis.com/	1970-01-20 18:02:02	Name: slireg Value: https://scout.us1.salesloft.com
.adnxs.com/	1970-01-21 03:27:58	Name: XANDR_PANID Value: H3FxT_RVMSveQBtISTFTqnD2oXYD02b34kF3xPsiMmAQ1dUbTMhjXRd0OaTRMl5XHhJYNl7ZSZ8M78HO4QDodBl4mt4KliPlwOQHKvCgd7o.
.twitter.com/	1970-01-21 03:27:58	Name: guest_id_marketing Value: v1%3A170591819391468544
.twitter.com/	1970-01-21 03:27:58	Name: guest_id_ads Value: v1%3A170591819391468544
.twitter.com/	1970-01-21 03:27:58	Name: personalization_id Value: "v1_bn6kPoyXnkdqWEL42k6pFQ=="
.twitter.com/	1970-01-21 03:27:58	Name: guest_id Value: v1%3A170591819391468544
www.varonis.com/	1970-01-21 02:37:34	Name: sliguid Value: 05eeed07-0faf-44da-ab1b-fe6f4bdb5397
www.varonis.com/	1970-01-21 02:37:34	Name: slirequested Value: true
.linkedin.com/	1970-01-20 20:01:34	Name: li_sugr Value: c232c23d-c5e7-4dd5-8b99-6fddfb7bd31e
.linkedin.com/	1970-01-20 18:35:10	Name: UserMatchHistory Value: AQJfFiG-fU2SqQAAAY0wpeF_pa6K3W_srmfsEeE_r132bo4-_mT6TCcle_o7vDbcJExgS-AQkW3OGQ
.linkedin.com/	1970-01-20 18:35:10	Name: AnalyticsSyncHistory Value: AQIMbhb5t_56JQAAAY0wpeF_I-cQ4DPjzJs9pNf-cw21kdMd0csa40V4c0j_eBNaU1_eITfcS6dJjy4MF-5XKg
.linkedin.com/	1970-01-21 02:37:34	Name: bcookie Value: "v=2&29359754-3fb0-46da-856e-50e63e51bab0"
.6sc.co/	1970-01-21 03:27:58	Name: 6suuid Value: ce6411025ba30800f23eae65d800000084653800
.varonis.com/	1970-01-21 03:27:58	Name: _ga_PCF2HBX32M Value: GS1.1.1705918193.1.0.1705918194.0.0.0
.www.linkedin.com/	1970-01-21 02:37:34	Name: bscookie Value: "v=1&2024012210095498e7dedc-e4a6-4ce9-8d15-72707a5384dfAQFbZUThx9yZk_CgdJw67eA8GqtBMGbk"
.linkedin.com/	1970-01-20 22:11:10	Name: li_gc Value: MTswOzE3MDU5MTgxOTQ7MjswMjFa7xHlkyA05wBvgc6xzCfrlNIX5suMBPmsb9SLH/Izhw==
.ktxlytics.io/	1970-01-21 02:37:34	Name: sp Value: 7e7f7509-2462-4e6b-81ae-ed6cdeed7e0c
.www.varonis.com/	1970-01-21 02:37:34	Name: _zitok Value: 4d60b1d9c538f620df921705918195
.zoominfo.com/	1970-01-20 17:51:59	Name: __cf_bm Value: 73ekufE4NFPjNnk0rys.EtSQp4BtC7E.D56.4dOc5V4-1705918196-1-Ac8joZ3AKsMZ+QuNOEbcLcTeeJC7ZdBDgnnQ2xPkbBfhPzmQuKRmn02E83fjmg9rWHhYyWwvbCMJyD/r6oXYMeE=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: LyOpuMhdBqg9.WZmXXDoSURkM9oxG38UKfauoGD9RIU-1705918196518-0-604800000

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

142972.fs1.hubspotusercontent-na1.net
alb.reddit.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
bat.bing.com
c.6sc.co
c2.ktxlytics.io
cdn.bizible.com
cdn.bizibly.com
cdn2.hubspot.net
cdnjs.cloudflare.com
clients1.google.com
connect.facebook.net
cse.google.com
cta-service-cms2.hubspot.com
epsilon.6sense.com
fonts.googleapis.com
googleads.g.doubleclick.net
ib.adnxs.com
info.varonis.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hubspot.com
js.usemessages.com
js.zi-scripts.com
perf-na1.hsforms.com
platform.linkedin.com
platform.twitter.com
plausible.io
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
scout-cdn.salesloft.com
scout.salesloft.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
tags.srv.stackadapt.com
track.hubspot.com
trackit.ktxlytics.io
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.es
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.varonis.com
info.varonis.com
104.18.37.212
104.244.42.3
104.244.42.5
104.244.42.8
13.107.42.14
146.75.116.157
15.197.193.217
151.101.65.140
152.195.15.58
18.165.183.12
18.195.106.3
18.233.143.160
2.17.100.210
2001:4860:4802:32::36
2001:4860:4802:34::36
2400:52e0:1e00::1081:1
2606:2800:234:59:254c:406:2366:268c
2606:4700:4400::ac40:9284
2606:4700:4400::ac40:991b
2606:4700::6810:4cba
2606:4700::6810:6cd1
2606:4700::6810:890f
2606:4700::6810:bb59
2606:4700::6811:190e
2606:4700::6811:4341
2606:4700::6811:e6a3
2606:4700::6811:fba8
2606:4700::6812:4ffd
2606:4700::6812:b07d
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:806::2003
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2004
2a00:1450:4001:810::2008
2a00:1450:4001:813::200e
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::200e
2a00:1450:400c:c0c::9a
2a02:26f0:3500:16::215:148b
2a02:26f0:3500:16::215:1499
2a02:26f0:ab00::214:8e70
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a04:4e42:400::396
3.127.184.242
37.252.171.52
45.60.154.169
52.73.142.175
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94
0233342795c86e2079f7406bce72c481918b9ce416aedeb6b37044abae50fc8d
0420b36738d9457c3f40a67c69135b170861becd9bac983563b3aeada5287aa4
08f09e95e50ae9c0181382558ff935903a7b273b4a8e5006788e85ae1c72c7c6
0b4639302db82b725feb2fb5b7c2f16d1ef8abe70409c496fe0dc777e143f45d
0d514e3fc3d638136890b4a1f61d2f861af3bbd8f997ca15685efbd22554538c
0e370b75a6a33039216e3e6abcd18e40182646cf0dc6a4b3130b5163843de946
10426b160a932ef2b98908d2f32aca756777f9d0a90ee2d7bc334cb1629e0ddd
12feece8311f076308c2bbd3d8de66155192ea9df9a705a486f8e4684c45c5c5
14103b64df9857f9f7ad1f02efaafba97ce4772e8d8b448857de69c3537c338d
1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390
1629c3289806816929132c3e1e29e025f7671a1eb36c72bd1e9616793f992284
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1c8cc3cef0d65c2d9912b24f27bd2f42a79d10be8e00439562a3984f90f05bdd
1dc5ff8e8d54854daa72a30a2bf8345b75255597251028dad23e18510e635b98
1eb53138d7cef1e86d31b18e2dd250c6149fe3d702a09a351a8437c4301672dd
1f31e1ce1202bc0ee8105deb5885a4b7b389b2cf936bff83f05032c8a2cafd0a
1f5e45ba0c943167a203ccff2d9b3065c7767b1c32c33e6b21af38da1738b8a7
22d773092387f04fd9df781484e07a72c66712196aa4c202c037de3d0a0f67e8
2686933d879b6bfd72c788f272bdd65df6c7a6fee43784cba805ea641f72c862
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd
2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2ef71ca3de1b4e89664ec102fe490b2abfbc80350253421c50a31bd3b22b9722
2f24b7fa64d8f44ddd36d64d9a647d13caea3756513d97abd40e3c8754efc63b
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
32a1b5c01ece1db505890f5836e722cc7bbdb96184143d84e36c4e96ebdff6fe
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb
3daf9b6a39281fdc04a57bdabe589d9aa970719d22733e04fc1ab799b7a5db49
3f08978088fd2635efee64efe38bdf155d6258f8b547fca43381435d0048ce46
3ffd7ab24503a28bb9eb6137b4d1e1664ed138dca5d1ced6d1a98ff841a24541
420b068c3abb243f491c5e23ad34644425b9eb73db7314e63bb7b1efd8ff90cb
42222ea51046de258be17a4b61f802c94c29d8feeacaaa4ae194c590198ad002
43bf52072aeb9126eb03eefb55dfc2d19c3e46f8187999291849043115cbed30
4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a
456766b19e4bca3d3e998e25a416376f2158061b925f28f32527aee2ff1e28db
45c7614c18a99d6d92d12cd7f4f06a07ce88256882a8889574d265fc32eace0b
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8
4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67
4d4a0972678371a6edf943fbc84f2e8997e783620d4040a1d21b378d44209d66
4e2924c80f612bf59a0cb21d31b05f0575ed143922e412e3e061bf02f5d5960a
50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589
53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70
5405ac4720581a3b794bd47b00c79285506a0b6def6c1b769559079277b081da
5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49
579b9f734819f583199cd70b03c4e919430a74dd7698921ef16465b41d934769
5a074c8ee602a0b3416f69defbab28371abb92ce73f934afa6e58ecec72b9256
5c4f333e017c9640455e5799950b8fbebded3b1f815debdb6f78a6bc9a599faf
5db5a02e960dde70bbf77fb6d28c61d4f6b5c291b3dd08d76a678d17c2d96420
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5ea31af1ae38b9f8194f93234449262a79af7a7bdac0938c740c62f0eae9d85b
5f9494db6a1767e64be7eb59e3ac312ff8659192507d7ad9cec7599990469953
63e995f355c2258e59ba99ac1147cd1e4242a4f88d370a1a1bb6ba5c7cb86240
6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e
643cf3c8306417b9973a1c4f157ab3f899618b74b778c9e5f78370aafa157bad
64af3d2d385c08302f7b20f0c6673cd0319a08efc5103857eff847af42a69888
6a1f86c63c2ee772b07a6f678e7f8cd51b3aea064d83423eb213fb1df9d6b34c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bc3c3712e26de83ecb08d0360e70ff826b4fda86e8348a3ee2208b4ab2ebad1
6c11a81403cc671a40a06177d5db361b70415e0f7f27519ba92749cc47eba4ae
6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
72a5846a952eaeb4a8f0b74402e93565c5a7361ec5c129371d141633041dfbb8
73f11950886980e6c5822827a4910d8d806e9b811cd4bb028c4e2b077d1cd73e
7a5034e01d5b47ec7eee2b3a45a23919684146c27b715f4fd863037b11b2abff
7b5f8755b63001cd6a58fd75f810ec918519c579f92d67c2c9d6f99dffa485be
7c0fbbadde40aed1e86f4c46ea2fc1a26749994e48dc90a5bce7fd466712d99e
7d32db5e7f8166ca472c3703592e17b044a0bfd5b49150c5c888a20164105b08
7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238
7f6b8b612b0090fdd0032dfd7071745a0b99149bc01a55cd24b40086ede2b8d7
811de82a796b59802011febde4f63c838593d50fcf8ef51e183dd2fdd85ebc6f
842abfe134599c5d48d4ddd88bde8d24bd36b32b22bea540837311364b7ce2c7
8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da
8a7cb8d38f0642ce41a410b6430233daa0ad9f12b2a1e9e92d01149d8ec19137
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e648da8a366d494100d90e0af69a2945f34e53a2c70432ea12c0303039f2351
9038fcfd87e53d6ffca8e4e91f3986ab75ca99f55fbf10257a048fdfd36daaac
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
94dcf5556e059d9e35d347a9fdd7c295ec5d8001d8c00693dfc2a7d18f9fb0f3
95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4
986d69710000f052c223e9e6e697fbb746c193605c2cab27f912f8854e460b06
9b15ab10a2a109c8e59d604cd4101cebe7aab42ec227f8f521398e063bfe0217
9ed2a2edca25cc1dd846e20cab22088d9c5b7991f52ff78f8ed21930fe92ad46
a04f7efa05c1f9212a79b715568b9976977a4d8e8f0c7ee571ab4f71bf32ccc3
a1a1846f2d4d1abd1379f703e256e92f3b4b138f6dc90fdd8c99c58b7ca43457
a24f5642d64cca92376fa1017026a9022e7de73a768db9e37770fa3f0494a5a8
a40943594d5eaaa010c66254e2dc4a83d8bc53104602afda2e3b622b8e78e2f0
a4450600125b5cdb5761654bbe725c5b4fcbc8e1a89f0a14b20f77157afc5715
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
a62ffeff372624a510666a927d0fafb3e00606c355ab87c7c25fd8413e5a50f3
a6cc38542df851f8b331cdd5ac0dbe9929c7968d347c62d93c22b91ef560a931
a8499144a67d70c01a19de99fb20ca5e7da3337e44814419b9a9c867da619b2e
a89418bb17ba5d40237a7c0f6b101fe9381afe7a618d2e1e4449e0ffc9c11d9f
ac6bafef4a580401348f030ad7b090bdde74267abe00c65183dbc074ff583147
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad0f5a6dc3a43590f7793e160b574b410c2799d836ce6b9444db888558406793
ad6e4bd22817f7c57fba019ade1f5ce25d7e329977f8a1b210cd39c89f21fe60
ae925eb57e9822aec57086375bcf93fe910d7c6c0d83cf10bf448c5348aaf0b0
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b2c5c92cd55477571c7e757c4105315c813e710586cf1f334f809e8c93d845c1
b40e79c5d412914e928d19e3cda375d940ed037dd6a1f6d7613b894e39898094
b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0
b5ec6b8d820581f2d04713d3bea37883b0e5c2881f7bb108e13a3d63249c4867
ba1b3f329ba47639a8586777bb19db73a9c3e37954b5e72ff97df8e0ea931062
bd35d2a61cf83428b48b1a0888612dac9c6db3b2e595e8cf4665554293301e8d
bfa460081cd6d4b33b383902ed4854208b80b6eebcb75a7545ba76284f288012
bfae35edc61595bd27d16c01ddc44ef00c152c0006e16f836101d3b6a6621d01
c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23
c28ac55fc7b58aeff02bd76374813aa3cc7ea000583f6341b8a10d62ce06c7a0
c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72
c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ce52d3c9ed8217ae0ca3dd0479d5ced16baf2de6625e0c81166471aaa956136d
cf31d510ed313a8566d08e9b4fdbf94a0a51b35718372bc4bc75d6ff5c8282a5
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d9092cb4fb3eafe925fa67a4dc6b62b7c769cbcb9a1420ecaf4b5d80edeae726
d9a20960a92a417e9ecbb15df8f2fedf11667f7c01398a266209444eba152ded
db1e2dc64218b7044da50d01d0ffb83bcdca49a35b1ab7ffcdef6736863986cc
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc49d2e85964794551744c178395ff6f1da72c3f0c2e9592227ba20df7fa8828
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df661bb428ea7003deafab21fa02d7b0d95db13cdcd72c141185d1b577b73296
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
e35939a8d0e8bf96f1c88fa6f7ba572c9b5f6cd8e6508699492c4825e7551e8a
e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95
e78c8571835c19bd1a941799d68bc14b99413f2679d3410c41d1d4d3a00f50f4
e7b88bddc6c757b2fc8cb113e2469801ab14a78ec1a8fada4d6391e3573f5f9f
e8bb46d80302efabc7c4e63a92161bf286d14ff7ae3931127fd6cd6cb4428b27
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0adb972147098e0e4d6abbd7b83952363c8eab82429760136816142d675e321
f285f832bdee154f19636c329d9812c7b37695e6af794fb7449831f7e5aa30ab
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.varonis.com Open in urlscan Pro 45.60.154.169 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

181 Requests

97 %HTTPS

66 %IPv6

40 Domains

60 Subdomains

51 IPs

4 Countries

4441 kBTransfer

7491 kBSize

62 Cookies

28 Outgoing links

Redirected requests

181 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.varonis.com Open in urlscan Pro
45.60.154.169 Public Scan

Screenshot
Live screenshot

Full Image

181
Requests

97 %
HTTPS

66 %
IPv6

40
Domains

60
Subdomains

51
IPs

4
Countries

4441 kB
Transfer

7491 kB
Size

62
Cookies

181 HTTP transactions
2 data transactions