www.horizon3.ai Open in urlscan Pro
104.197.16.226 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execu...
Submission: On June 18 via api (June 18th 2024, 1:07:25 am UTC) from US — Scanned from DE

Summary HTTP 128 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 24 IPs in 4 countries across 20 domains to perform 128 HTTP transactions. The main IP is 104.197.16.226, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.horizon3.ai.
TLS certificate: Issued by R3 on May 5th 2024. Valid for: 3 months.

This is the only time www.horizon3.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	104.197.16.226 104.197.16.226	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
79	2400:52e0:1e0... 2400:52e0:1e00::1082:1	60068 (CDN77 _) (CDN77 _)
1	54.166.73.119 54.166.73.119	14618 (AMAZON-AES) (AMAZON-AES)
4	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
2	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
2	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
2	52.54.96.194 52.54.96.194	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:480... 2a02:26f0:480:15::213:7e63	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:20:... 2606:4700:20::681a:d98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	34.120.220.80 34.120.220.80	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
2	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.184.195 142.250.184.195	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:44c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.92.120.28 3.92.120.28	14618 (AMAZON-AES) (AMAZON-AES)
128	24

7 104.197.16.226 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 226.16.197.104.bc.googleusercontent.com

www.horizon3.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

79 2400:52e0:1e00::1082:1 (Germany)

ASN60068 (CDN77 _, GB)

p7i3u3x3.rocketcdn.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.166.73.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-166-73-119.compute-1.amazonaws.com

boards.greenhouse.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.54.96.194 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-96-194.compute-1.amazonaws.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:15::213:7e63 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:d98 (United States)

ASN13335 (CLOUDFLARENET, US)

io.clickguard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.120.220.80 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 80.220.120.34.bc.googleusercontent.com

cdn.dreamdata.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:44c4 (United States)

ASN13335 (CLOUDFLARENET, US)

pulse.clickguard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.92.120.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-120-28.compute-1.amazonaws.com

go.horizon3.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
79	rocketcdn.me p7i3u3x3.rocketcdn.me	2 MB
8	horizon3.ai www.horizon3.ai go.horizon3.ai	216 KB
7	gstatic.com fonts.gstatic.com	192 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 352 www.linkedin.com — Cisco Umbrella Rank: 558 px4.ads.linkedin.com — Cisco Umbrella Rank: 6457	4 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 373	20 KB
3	dreamdata.cloud cdn.dreamdata.cloud — Cisco Umbrella Rank: 60249	43 KB
3	clickguard.com io.clickguard.com — Cisco Umbrella Rank: 71401 pulse.clickguard.com — Cisco Umbrella Rank: 56841	4 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	293 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2067 alb.reddit.com — Cisco Umbrella Rank: 1388	761 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3078	308 B
2	pardot.com pi.pardot.com — Cisco Umbrella Rank: 6458	4 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1179	13 KB
2	ml314.com ml314.com — Cisco Umbrella Rank: 2090	13 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 814	132 KB
1	google.de www.google.de — Cisco Umbrella Rank: 8196	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 132	254 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 958	17 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 5178	2 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 265	17 KB
1	greenhouse.io boards.greenhouse.io — Cisco Umbrella Rank: 53785	2 KB
128	20

	Domain	Requested by
79	p7i3u3x3.rocketcdn.me	www.horizon3.ai
7	fonts.gstatic.com	www.horizon3.ai
7	www.horizon3.ai	www.horizon3.ai p7i3u3x3.rocketcdn.me
5	px.ads.linkedin.com	3 redirects snap.licdn.com
4	cdn.jsdelivr.net	www.horizon3.ai
3	cdn.dreamdata.cloud	www.horizon3.ai cdn.dreamdata.cloud
3	www.googletagmanager.com	www.horizon3.ai www.googletagmanager.com
2	pulse.clickguard.com	io.clickguard.com
2	region1.analytics.google.com	www.googletagmanager.com
2	pi.pardot.com	www.horizon3.ai pi.pardot.com
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
2	ml314.com	www.horizon3.ai ml314.com
2	code.jquery.com	www.horizon3.ai
1	go.horizon3.ai	pi.pardot.com
1	px4.ads.linkedin.com	www.horizon3.ai
1	www.linkedin.com	1 redirects
1	alb.reddit.com	www.horizon3.ai
1	pixel-config.reddit.com	www.redditstatic.com
1	www.google.de	www.horizon3.ai
1	stats.g.doubleclick.net	www.googletagmanager.com
1	io.clickguard.com	www.googletagmanager.com
1	snap.licdn.com	www.horizon3.ai
1	ws.zoominfo.com	www.horizon3.ai
1	cdnjs.cloudflare.com	www.horizon3.ai
1	boards.greenhouse.io	www.horizon3.ai
128	25

This site contains links to these domains. Also see Links.

Domain
docs.horizon3.ai
partners.horizon3.ai
portal.horizon3ai.com
www.businesswire.com
intellyx.com
risingincyber.com
www.zerodayinitiative.com
github.com
p7i3u3x3.rocketcdn.me
www.linkedin.com
twitter.com
www.youtube.com
trust.horizon3.ai
www.cookieyes.com

Subject Issuer	Validity	Valid
www.horizon3.ai R3	`2024-05-05` - `2024-08-03`	3 months	crt.sh
*.rocketcdn.me R3	`2024-05-14` - `2024-08-12`	3 months	crt.sh
*.greenhouse.io R3	`2024-05-25` - `2024-08-23`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
event-horizon.gcp.bomm.in GTS CA 1D4	`2024-04-26` - `2024-07-25`	3 months	crt.sh
zoominfo.com E5	`2024-06-17` - `2024-09-15`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
pi.pardot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-06-05` - `2025-06-04`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
clickguard.com GTS CA 1P5	`2024-05-13` - `2024-08-11`	3 months	crt.sh
cdn.dreamdata.cloud GTS CA 1D4	`2024-04-30` - `2024-07-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.google.de WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.gstatic.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
go.horizon3.ai R3	`2024-05-04` - `2024-08-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Frame ID: 0B136E4F4635935934F0D84B5B793D9E
Requests: 127 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability – Horizon3.ai

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

jQuery Mobile (Mobile Frameworks) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]mobile(?:-([\d.]))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

128
Requests

99 %
HTTPS

50 %
IPv6

20
Domains

25
Subdomains

24
IPs

4
Countries

2847 kB
Transfer

6931 kB
Size

30
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://docs.horizon3.ai/getting_started/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://partners.horizon3.ai/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://portal.horizon3ai.com/?dd_uid=b453dcf4-2d29-453b-bbcd-bbff8bb5d7ce
Title: Log In

Search URL Search Domain Scan URL

URL: https://www.businesswire.com/news/home/20240612678571/en/Horizon3.ai-Appoints-Jill-Passalacqua-as-Chief-Legal-Officer
Title: Horizon3.ai Appoints Jill Passalacqua as Chief Legal Officer

Search URL Search Domain Scan URL

URL: https://www.businesswire.com/news/home/20240521518679/en/Horizon3.ai-Expands-Leadership-Team-with-New-Appointments
Title: Horizon3.ai Expands Leadership Team with New Appointments

Search URL Search Domain Scan URL

URL: https://www.businesswire.com/news/home/20240502283399/en/Horizon3.ai-Appoints-Matt-Hartley-as-Chief-Revenue-Officer-to-Spearhead-Growth-Initiatives
Title: Horizon3.ai Appoints Matt Hartley as Chief Revenue Officer to Spearhead Growth Initiatives

Search URL Search Domain Scan URL

URL: https://intellyx.com/2024/06/04/2024-intellyx-digital-innovator-award-winners-announced-2/

Search URL Search Domain Scan URL

URL: https://risingincyber.com/

Search URL Search Domain Scan URL

URL: https://www.zerodayinitiative.com/advisories/ZDI-24-507/
Title: advisory

Search URL Search Domain Scan URL

URL: https://github.com/horizon3ai/CVE-2024-29824
Title: here

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-11-at-1.07.12%E2%80%AFPM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-11-at-1.10.33%E2%80%AFPM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.12.07%E2%80%AFAM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.13.52%E2%80%AFAM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.15.36%E2%80%AFAM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.19.34%E2%80%AFAM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.23.44%E2%80%AFAM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.26.16%E2%80%AFAM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.35.31%E2%80%AFAM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.38.17%E2%80%AFAM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.43.51%E2%80%AFAM.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/03/Screenshot-2024-03-20-at-4.56.43%E2%80%AFPM.png
Title: NodeZero Attack Path utilizing CVE-2024-29824 to load a remote access tool and access files

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/streamlinehq-cog-approved-interface-essential-100.png

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/horizon3ai
Title: Follow

Search URL Search Domain Scan URL

URL: https://twitter.com/Horizon3ai
Title: Follow

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCruHUp4feksCLYU6CbNvdlw
Title: Follow

Search URL Search Domain Scan URL

URL: https://github.com/horizon3ai
Title: Follow

Search URL Search Domain Scan URL

URL: https://trust.horizon3.ai/
Title: Trust Center

Search URL Search Domain Scan URL

URL: https://www.cookieyes.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3527860%26time%3D1718672838259%26url%3Dhttps%253A%252F%252Fwww.horizon3.ai%252Fattack-research%252Fattack-blogs%252Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&cookiesTest=true&liSync=true&e_ipv6=AQLLcmgnx9_9SwAAAZAo4lNGQnjuH0dVRJK37AyrdYp9mFt1XB88_7eoBJtRg2i_19wPGDjvQV9z

128 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/ 479 KB
64 KB 594ms
271ms Document
text/html 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

1fd1a4380ee3832cd6fcda318d76a91c3b632f37468013698a7ad8b9b95a76ab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: max-age=600, must-revalidate
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 18 Jun 2024 01:07:17 GMT
last-modified: Wed, 12 Jun 2024 10:27:47 GMT
link: <https://www.horizon3.ai/wp-json/>; rel="https://api.w.org/" <https://www.horizon3.ai/wp-json/wp/v2/posts/260804>; rel="alternate"; type="application/json" <https://www.horizon3.ai/?p=260804>; rel=shortlink
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-tec-api-origin: https://www.horizon3.ai
x-tec-api-root: https://www.horizon3.ai/wp-json/tribe/events/v1/
x-tec-api-version: v1
x-xss-protection: "1; mode=block"

GET
H2 200 style.min.css
p7i3u3x3.rocketcdn.me/wp-includes/css/dist/block-library/ 111 KB
16 KB 133ms
53ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-includes/css/dist/block-library/style.min.css?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 27 Feb 2024 14:48:23 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"65ddf637-1bae5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 2190e9a94ab442c7c7169289b6ec83ce
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-includes/css/dist/block-library/style.min.css?ver=6.5.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 aiwp-public.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/aiwp/public/css/ 98 B
2 KB 100ms
21ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/aiwp/public/css/aiwp-public.css?ver=2.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1081
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:48 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"651e190c-62"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: e5e858540349346fe30983ac474cc6e4
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/aiwp/public/css/aiwp-public.css?ver=2.0.0>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 cookie-law-info-public.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/ 3 KB
2 KB 100ms
21ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.2.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:54:11 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de723-c22"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 7f76ea6141e07950a5966fbdfe433f81
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.2.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 cookie-law-info-gdpr.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/ 27 KB
6 KB 144ms
65ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.2.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:54:11 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de723-6a71"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 4e2303c17b60bb78294e9260a4fb45a4
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.2.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804-late.css
p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/ 199 KB
20 KB 101ms
65ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804-late.css?ver=1718549225

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

8cd9f7a987ec2f62408533ab4ac13ef1e7b1cd9300f4d28b721cbe71e13dc50d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 16 Jun 2024 14:47:08 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"666efaec-31b96"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 0d41af190203aaafb3908db4f621940b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/et-cache/260804/et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804-late.css?ver=1718549225>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804.css
p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/ 5 KB
3 KB 94ms
59ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804.css?ver=1718549225

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

42533cfc647d950631655f901e1cdebdeab3737487d6c3d848b2440ad12b1465

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 16 Jun 2024 14:47:05 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"666efae9-14ef"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: f20772139ff87f73301a21249b949776
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/et-cache/260804/et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804.css?ver=1718549225>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 style.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/styles/ 152 KB
13 KB 102ms
68ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/styles/style.min.css?ver=3.1.7.3

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

751a73d9a95700a13e0592a06cfa3680c9a50f8105bcc1332b4ed0b92dc78ca2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 25 Apr 2024 00:54:51 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"6629a9db-25f4a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: c1b6c1c4a4fd3a9f4bc8f175d3c36fdb
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/divi-ajax-filter/styles/style.min.css?ver=3.1.7.3>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 style.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-blog-extras/styles/ 70 KB
11 KB 101ms
67ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-blog-extras/styles/style.min.css?ver=2.6.5

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

3fa3f0c4c099718595c4e25e55810cca92181c72d6233512fb51c2f74fa55cd7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:47 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"651e190b-1196f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 10c17d5d9d7fbaa8a3cc9e0c01696189
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/divi-blog-extras/styles/style.min.css?ver=2.6.5>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 style.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/styles/ 80 KB
18 KB 77ms
43ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/styles/style.min.css?ver=1.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

e18fe1d33ada37ef55fff1480facdb68824cc4264dd43221382ad8632669e43b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:47 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"651e190b-140f1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: d135b760abac6b33713053ac3590d765
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/divi-event-calendar-module/styles/style.min.css?ver=1.0.0>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 style.min.css
www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/ 86 KB
8 KB 166ms
164ms Stylesheet
text/css 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/style.min.css?ver=1.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

3b0b3b2876c9a3ed08e9cf6b115cb335783e93148c12b0811202e1fe69da3755

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:49:11 GMT
server: nginx
etag: W/"665de5f7-15755"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()

GET
H2 200 style.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/styles/ 422 KB
31 KB 102ms
68ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/styles/style.min.css?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

083ae1cb51dc0047d8ff7a356210c1fbe68ff124e31cdea2d52a1b6035dabf21

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686456-69878"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 9d2826c4b7730ec1eb4071eca107474d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/styles/style.min.css?ver=4.9.97.7>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 style.min.css
www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/ 86 KB
8 KB 167ms
165ms Stylesheet
text/css 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/style.min.css?ver=1.2.9

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

3b0b3b2876c9a3ed08e9cf6b115cb335783e93148c12b0811202e1fe69da3755

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:49:11 GMT
server: nginx
etag: W/"665de5f7-15755"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()

GET
H2 200 magnific_popup.css
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/ 6 KB
3 KB 100ms
66ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/magnific_popup.css?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-1946"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 8ffbc6f8d381b3fed31d637b99d43ce4
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/magnific_popup.css?ver=4.9.97.7>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 swiper.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 22 KB
5 KB 100ms
67ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/swiper.css?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

c1b94e225b989e86f8b6c589c0778c17ec25d2465f33fd10dc7e2e45f060fa6c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686456-5865"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 4f3315d73de5128f9cee0225e718e2d8
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/swiper.css?ver=4.9.97.7>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 popup.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 5 KB
2 KB 104ms
71ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/popup.css?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

2f1e0ba0f1a9560f8d67fb010c58f8995fa681625c321e18133ccec0043bce47

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686456-1389"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: f7c51f91cd8b6fe5800b1bcd39d01e78
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/popup.css?ver=4.9.97.7>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 animate.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 83 KB
6 KB 104ms
71ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/animate.css?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686456-14d7b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: a9ba33fe45e52ebabc1bcb494490c961
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/animate.css?ver=4.9.97.7>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 readmore.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 2 KB
2 KB 100ms
67ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/readmore.css?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

009e58f3632270c3fa8d127a9e132807a0920ac00512a2a0c5f3e8d5d728d373

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1081
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686456-6bd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 85c54a45bcc431d339dcc1176e1aae05
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/readmore.css?ver=4.9.97.7>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/ 86 KB
32 KB 104ms
72ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"64ecd5ef-15601"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 1dd763ec3598bc1b87f26583e8fa8229
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-includes/js/jquery/jquery.min.js?ver=3.7.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery-migrate.min.js Show response
p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/ 13 KB
6 KB 105ms
73ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"6482bd64-3509"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 704dda0aa579c05158480437b10750c6
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 aiwp-public.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/aiwp/public/js/ 913 B
2 KB 102ms
70ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/aiwp/public/js/aiwp-public.js?ver=2.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

2053ab9b2531576c619c6136fab9db876c237e61d6e0deaffe2969e52c5d1f67

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:48 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"651e190c-391"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: c3ad682e2a1533bff6f82565fe286401
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/aiwp/public/js/aiwp-public.js?ver=2.0.0>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 cookie-law-info-public.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/js/ 33 KB
9 KB 103ms
72ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.2.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

c6d0d78d73c8618c4c22287fb022469bfc689b5eb6f58523b49c0ecf4c306e2f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:54:11 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de723-8589"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: c2404751b8224e02da2257473ed32df4
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.2.4>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 frontend.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/stop-user-enumeration/frontend/js/ 486 B
1 KB 104ms
73ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.6

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

8bbc0a7737643dd7c2344ba961592632153cb5353c92c5127339627e14b09143

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:03 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686457-1e6"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 2256e524d9420c6916b2d7e719e1e927
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.6>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 divi-filter-loadmore.min.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/js/ 8 KB
4 KB 102ms
71ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/js/divi-filter-loadmore.min.js?ver=3.1.7.3

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

3fecac074476b2081f0fdff03d66d02072029542362e7b6f7265c86c0d29c50b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 25 Apr 2024 00:54:51 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"6629a9db-2147"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 2f45ba610776a6d2620ec326f703d1fb
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/divi-ajax-filter/js/divi-filter-loadmore.min.js?ver=3.1.7.3>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 et-divi-customizer-global.min.css
p7i3u3x3.rocketcdn.me/wp-content/et-cache/global/ 13 KB
5 KB 97ms
66ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1718549025

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

a109db1c99f436d1e42aa8e93c4c80f355ceffb35b32eb79e1720ed87150005a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 16 Jun 2024 14:43:45 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"666efa21-3487"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: a9992175d56961a31751ddcdb7e58233
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1718549025>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 et-core-unified-tb-242536-tb-4381-tb-243092-deferred-260804.min.css
p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/ 83 KB
10 KB 55ms
54ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/et-core-unified-tb-242536-tb-4381-tb-243092-deferred-260804.min.css?ver=1718549228

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

3a90b9f96a76c6d7ee4e890525f1bcfc1885627aa8e8d75f795186875171582c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 16 Jun 2024 14:47:08 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"666efaec-14a0c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 222b3642d87687a9d3b46605291a59e0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/et-cache/260804/et-core-unified-tb-242536-tb-4381-tb-243092-deferred-260804.min.css?ver=1718549228>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 Email_Logo.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/08/ 8 KB
10 KB 56ms
55ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/08/Email_Logo.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

2c8a5a9e00ece176ee83b23eef0d0d721effe3fcc0707ca2ef9c80b6fcb9dc2b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1082
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 8488
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:34 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "651e18fe-2128"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 010574e383475c2608fe71e2c1337587
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2022/08/Email_Logo.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/ 13 KB
14 KB 55ms
55ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 12820
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:36 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "651e1900-3214"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: fe5c7e17f1dc538399fe54a40ac049e5
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 video-game-sword.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/09/ 470 B
2 KB 53ms
47ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/09/video-game-sword.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

0b58d82b60be4aa0041234b625c3f8d60899d17b440587da514346c2d2193421

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 470
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:27 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "651e18f7-1d6"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 3fc9a0f8ff062bc1a29317e51134c22c
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2023/09/video-game-sword.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Target-Path-Streamline-Ultimate.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/03/ 9 KB
10 KB 22ms
21ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/03/Target-Path-Streamline-Ultimate.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

255d67153c707d1926f571d5e1c7051911138caf15d1dc4bb6759049221566fa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1080
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 8788
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Mar 2024 16:41:17 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "65f085ad-2254"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 5a57cfe38c396d3ee354bfaab35e1e39
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/03/Target-Path-Streamline-Ultimate.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 entra_compromise_2-980x367.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/05/ 15 KB
16 KB 22ms
22ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/05/entra_compromise_2-980x367.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

798b31a18cae3f6010e75b292d5efa21b347cb479c319b0b7344e023f1ed022a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1080
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 15310
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 21 May 2024 00:33:44 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "664bebe8-3bce"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: b70aa12d7a8827cde515e057cedbcb44
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/05/entra_compromise_2-980x367.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Wild-Bird-Eagle-Streamline-Ultimate.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/03/ 11 KB
12 KB 22ms
21ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/03/Wild-Bird-Eagle-Streamline-Ultimate.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

9782e3d5058b8388a63b064ecef2b128614205e1e003382c7bb8d6f13b3c912b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 11066
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 11 Mar 2024 23:01:21 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "65ef8d41-2b3a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 6226f838fed758932fce8cbfd303c786
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/03/Wild-Bird-Eagle-Streamline-Ultimate.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 400x250-Award-Intellyx-24.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 19 KB
20 KB 55ms
55ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/400x250-Award-Intellyx-24.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

8205d888f22bd7c24358689dc83a660090dc55d45f86ee9a4f521e135b56cc25

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 19516
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 04 Jun 2024 14:18:31 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "665f2237-4c3c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 828b49b3f11d874a7e551a59ec542559
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/400x250-Award-Intellyx-24.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 400x250-Award-rising-cyber-24.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 9 KB
10 KB 49ms
43ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/400x250-Award-rising-cyber-24.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

4d1684e8ca54d16b0d619fb2ea385db632162ce778ee3851a3b8b98107ad5bc4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 9256
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 04 Jun 2024 14:17:07 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "665f21e3-2428"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 1b88d1e47edaac41c09e718f022775b9
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/400x250-Award-rising-cyber-24.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 24-VSA-CV.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/05/ 20 KB
22 KB 49ms
44ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/05/24-VSA-CV.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

eb26d806205f76aa405e71e7e08897babf02c5ff4d8c8e54284b8fd8f03e9906

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 20780
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 20 May 2024 15:32:35 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "664b6d13-512c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 4ec78b6ceca8f375e3d75f40186077ec
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/05/24-VSA-CV.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-10.15.31%E2%80%AFAM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 91 KB
92 KB 49ms
44ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-10.15.31%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

e06a87ff3bc2999833d841a3e0a2da0c9b749530a84ecc9c57e775a76d502244

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1082
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 93018
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 14:16:47 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "6669adcf-16b5a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: e562b7776267a7797fe143ad4d424c0a
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-10.15.31%E2%80%AFAM.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-11-at-1.07.12%E2%80%AFPM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 21 KB
22 KB 49ms
44ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-11-at-1.07.12%E2%80%AFPM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

952f89167cf3fa6bb4763f0b7cb6f76e6a92401b5ddc2f4dc91530854ead4988

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1081
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 21300
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 17:08:13 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "6668847d-5334"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 56e43f10efa4536c69d4165b5569b005
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-11-at-1.07.12%E2%80%AFPM.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-11-at-1.10.33%E2%80%AFPM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 109 KB
111 KB 55ms
50ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-11-at-1.10.33%E2%80%AFPM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

d1ab6bdb097fd8e4f4c8d0e88611ddde752bcbd2c614c63f8d1dbf22f4e9c7e9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 112046
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 17:11:26 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "6668853e-1b5ae"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: c1f452f5b434d6162254e29b625b832b
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-11-at-1.10.33%E2%80%AFPM.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-9.12.07%E2%80%AFAM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 27 KB
29 KB 49ms
44ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.12.07%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

d2c4a60625c7b0c149c567a33ab472cfc3cfda840511f4f38bd622e28176b0a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1082
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 28010
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:12:47 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "66699ecf-6d6a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: e04aea404ba0feaa8dfebf2b0749f79a
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.12.07%E2%80%AFAM.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-9.13.52%E2%80%AFAM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 58 KB
59 KB 49ms
45ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.13.52%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

56f85bb4020571f6dbd5978f5619c816ec02db0df02bc48215c89c00f08278a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1081
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 59514
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:15:42 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "66699f7e-e87a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: cea63269fdbde979cfabecb11326f1a8
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.13.52%E2%80%AFAM.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-9.15.36%E2%80%AFAM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 24 KB
25 KB 49ms
45ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.15.36%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

92ba0f2c66af0a276a0f6b42bbef355f2e7c9ea4802fa65dacd30bc6c5d706ff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1081
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 24120
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:16:28 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "66699fac-5e38"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: d892b8c28ceed563eccac71ffb96401e
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.15.36%E2%80%AFAM.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-9.19.34%E2%80%AFAM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 22 KB
23 KB 50ms
46ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.19.34%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

938bfe79e9c0f97e693d1cf09aef4fff06e153f6c0e0bcf1101b0177db68e4db

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1080
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 22466
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:19:59 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "6669a07f-57c2"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 810f3bf6d57c857c8a45fec8c0f16a3e
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.19.34%E2%80%AFAM.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-9.23.44%E2%80%AFAM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 47 KB
48 KB 49ms
45ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.23.44%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

c5cbd87659de7774ef01d6fca854bba189f2c1d313f25401e9d7ae4f8326a01c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 48084
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:26:41 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "6669a211-bbd4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 6594ce08f2267c5014cb8bc023f19c30
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.23.44%E2%80%AFAM.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-9.26.16%E2%80%AFAM-2048x824.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 76 KB
78 KB 50ms
46ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.26.16%E2%80%AFAM-2048x824.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

1b2be13885abac86d69b6d3efbacfbd67b9baaf7cb92c42e217dfa3409fb3a0a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1081
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 78086
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:27:37 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "6669a249-13106"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 93bbe4ef66c0805d6b7f2b88255d658c
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.26.16%E2%80%AFAM-2048x824.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-9.35.31%E2%80%AFAM-2048x1398.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 192 KB
193 KB 51ms
47ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.35.31%E2%80%AFAM-2048x1398.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

bd3a50ae0a3ebbd81e5b81317539f667aebe5195381c2b34c2f06107a6d026ac

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1081
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 196298
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:36:21 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "6669a455-2feca"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 6016c9a8ccbdc2acf771ca4f9b9e5d08
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.35.31%E2%80%AFAM-2048x1398.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-9.38.17%E2%80%AFAM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 21 KB
22 KB 50ms
47ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.38.17%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

2ae870bbd1b5424339ed5960d369fce78d94a8c127e3b98a4b779e5afd0aa464

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1080
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 21740
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:39:46 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "6669a522-54ec"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 33b3df54ca61e16af7b52e5436fcb064
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.38.17%E2%80%AFAM.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Screenshot-2024-06-12-at-9.43.51%E2%80%AFAM-2048x883.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 174 KB
176 KB 55ms
51ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.43.51%E2%80%AFAM-2048x883.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

0f0ea2e7e42f50958867913bacfdd3f62f1f65a9fb4b239d9313adf396dfae5c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1080
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 178596
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:44:46 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "6669a64e-2b9a4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: eefbf110c62832ba139fd692ae27ad2a
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/Screenshot-2024-06-12-at-9.43.51%E2%80%AFAM-2048x883.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 image.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 38 KB
39 KB 51ms
47ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/image.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

3fe7485f45d408164fab2da56c171727a7f346899c570c75c66a0ec0c9dcf9aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 38654
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2024 13:06:45 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "66699d65-96fe"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: aecff8b18c7ff1eb97c665e3f1d5dce4
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2024/06/image.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 streamlinehq-cog-approved-interface-essential-100.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/ 1 KB
3 KB 49ms
46ms Image
image/webp 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/streamlinehq-cog-approved-interface-essential-100.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

744e2c69f12052b2251ea97566999dfd68e9529558cc6d647f9deef86152f0c4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1080
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
content-length: 1462
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:33 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "651e18fd-5b6"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 24e401851916efcdeec9ccd25f0ae796
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2022/10/streamlinehq-cog-approved-interface-essential-100.png.webp>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 logo-cookieyes.svg
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/images/ 3 KB
2 KB 50ms
46ms Image
image/svg+xml 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/images/logo-cookieyes.svg

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

fab005de52ce54d75f373c5a020e7ddd194caea5b4bf6e87886196e5d4451adc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:54:11 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de723-a15"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: c370b412a6804a8718fe3a4f8eff3cee
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/images/logo-cookieyes.svg>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 js Show response
boards.greenhouse.io/embed/job_board/ 5 KB
2 KB 428ms
142ms Script
text/html 54.166.73.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://boards.greenhouse.io/embed/job_board/js?for=horizon3

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.166.73.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-166-73-119.compute-1.amazonaws.com

Software

Resource Hash

4f01ef64b40e21b7f02f85a38475ddf6cac957b187c40987c964a1db424423d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-runtime: 0.010741
date: Tue, 18 Jun 2024 01:07:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
etag: W/"4f01ef64b40e21b7f02f85a38475ddf6"
x-download-options: noopen
vary: Accept-Encoding
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
x-xss-protection: 1; mode=block
x-request-id: d3de52add4d73498c6003eb0fe941c6e

GET
H2 200 mediaelementplayer-legacy.min.css
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 11 KB
4 KB 21ms
21ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"5f735862-2bf8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 18244a8de4bbbf10a9bee902c68c528c
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 wp-mediaelement.min.css
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 4 KB
2 KB 27ms
26ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"5cfaccce-105a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 0ae68ef4c0e0eba3c538551022eb3578
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.5.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 bootstrap.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/assets/css/ 13 KB
3 KB 21ms
21ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/assets/css/bootstrap.min.css?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

5617c251ed51f42797b789d282460813a798d8402a95cd633d3d8f0e82d44819

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:47 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"651e190b-35dd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: e4bcc127d258dcdcfe223b0ad93458fc
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/divi-event-calendar-module/assets/css/bootstrap.min.css?ver=6.5.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 daterangepicker.css
cdn.jsdelivr.net/npm/daterangepicker/ 8 KB
2 KB 86ms
20ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 18 Jun 2024 01:07:17 GMT
x-content-type-options: nosniff
content-encoding: br
age: 39769
x-jsd-version: 3.1.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1754
x-served-by: cache-fra-etou8220044-FRA
x-jsd-version-type: version
etag: W/"1f85-jqRIojRLzDZKkujJKC/BWFh0US4"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 jquery-ui.css
code.jquery.com/ui/1.13.2/themes/hot-sneaks/ 36 KB
9 KB 119ms
48ms Stylesheet
text/css 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.13.2/themes/hot-sneaks/jquery-ui.css?ver=6.5.4
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5f9f44351d8cb1c857cc8d29a64c97dd4efc0659fc90bd160a42ea0d715ead79

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2824074
x-cache: HIT, HIT
content-length: 8576
x-served-by: cache-lga21942-LGA, cache-fra-etou8220122-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1718672838.971080,VS0,VE1
etag: W/"28feccc0-8fc4"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 7875, 1

GET
H2 200 cookie-law-info-table.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/ 6 KB
3 KB 32ms
22ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-table.css?ver=3.2.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

2e2f2336b5e6698b628afc75fa9a24c67b73d5872c1d4af99ca436064f636ee0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1081
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:54:11 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de723-17e1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 42808d6be8a73a7784fe2b2497a10006
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-table.css?ver=3.2.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 scripts.min.js Show response
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/js/ 268 KB
61 KB 42ms
32ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/js/scripts.min.js?ver=4.25.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

1d5b19f81ae284a59aee36257fc8b157c4f48a99ef5692b038adb56ec48d09bb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-42f9b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 70b2258d7c609d5128bba01a0cdeed79
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/themes/Divi/js/scripts.min.js?ver=4.25.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery.fitvids.js Show response
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 3 KB
2 KB 31ms
21ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.25.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1081
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-d15"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 4981dd6ab9e9a54e2ddcf928b7b64268
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.25.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 comment-reply.min.js Show response
p7i3u3x3.rocketcdn.me/wp-includes/js/ 3 KB
2 KB 54ms
51ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-includes/js/comment-reply.min.js?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"625095f6-ba5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: e56a71a4481aa52d2e536f51af042315
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-includes/js/comment-reply.min.js?ver=6.5.4>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery.mobile.js Show response
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 8 KB
4 KB 33ms
23ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js?ver=4.25.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

55a084b5f4c439a2786141108b266370e0e4accc4e72629b2177dc6aa658d6c8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-1f18"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: c01260abd4da75fa14befb9af496b39e
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js?ver=4.25.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 magnific-popup.js Show response
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 22 KB
10 KB 32ms
22ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/magnific-popup.js?ver=4.25.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

0a47c6e6f24e634cb79f886e70bbfd65e1e85b0d2aa4fc133488fd1bc1910e3e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-5902"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: b65db0f5da9dd9d1dfd7d0afb98c8dd4
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/magnific-popup.js?ver=4.25.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 easypiechart.js Show response
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 9 KB
4 KB 34ms
25ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.25.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

5aa24e4ab926693e29ffb0d0ca1557141defd3ca61b3b4e7caebaa2fcd5bf327

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1081
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:27
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-2466"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 5e4cb6d9117c307c1aac2d5f81f8af57
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.25.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 salvattore.js Show response
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 8 KB
5 KB 35ms
26ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/salvattore.js?ver=4.25.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

b6205029e1016596807b655c8f57818736a787e32ceb1407effa152ac3bb9380

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-217e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 46a8f026383a2af51b86a4f3523714ee
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/salvattore.js?ver=4.25.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 frontend-bundle.min.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/scripts/ 699 B
2 KB 33ms
24ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/scripts/frontend-bundle.min.js?ver=3.1.7.3

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

05c86a01cec19a9f9931163c42515adaab424be687667ef09f7d9b3cd0765cb5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 25 Apr 2024 00:54:51 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"6629a9db-2bb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: cc3c93cb1872de77255c4c15bbcebef8
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/divi-ajax-filter/scripts/frontend-bundle.min.js?ver=3.1.7.3>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 frontend-bundle.min.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-blog-extras/scripts/ 35 KB
8 KB 33ms
24ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-blog-extras/scripts/frontend-bundle.min.js?ver=2.6.5

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

fc28654bf4d567cdbc91b5089345699eb8fff900d723b6dc635631eb0cb26fe5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:48 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"651e190c-8dee"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 9afdce923cc8abef03be3ad52336cf27
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/divi-blog-extras/scripts/frontend-bundle.min.js?ver=2.6.5>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 frontend-bundle.min.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/scripts/ 733 B
2 KB 40ms
31ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/scripts/frontend-bundle.min.js?ver=1.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

74ca4b4a7f9ee76d71e312306ea01f5d0661796d4caa0a2170058d2a27ed328d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:47 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"651e190b-2dd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 9736bb088a6ba038609877b46db31fd1
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/divi-event-calendar-module/scripts/frontend-bundle.min.js?ver=1.0.0>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 new-tab.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/page-links-to/dist/ 34 KB
14 KB 52ms
43ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:39
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 25 Apr 2024 00:54:57 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"6629a9e1-8687"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: e8aa9838736d539f62a112c9af921f7b
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 common.js Show response
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/js/ 1 KB
2 KB 42ms
34ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/js/common.js?ver=4.25.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-53f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 39de289c01503f85c5596f49c5e199b5
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/themes/Divi/core/admin/js/common.js?ver=4.25.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 script.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-module-code-snippet/features/DBCSCopyToClipboardFeature/ 1 KB
2 KB 43ms
34ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-module-code-snippet/features/DBCSCopyToClipboardFeature/script.js?ver=1.4.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

a1fc4d2a1d472a69f0736655a1de5a136b9daad166b23b065c96facb834b3724

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 10 Jun 2024 17:26:29 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66673745-4f8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 69ce9df1ea68c4ed4a4427f658abe4b8
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/divi-module-code-snippet/features/DBCSCopyToClipboardFeature/script.js?ver=1.4.4>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 frontend.min.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/AdvancedTabs/ 3 KB
2 KB 44ms
35ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/AdvancedTabs/frontend.min.js?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

e74280e28094cb4792f2e647de9d0d456f7115efb5ff3538f98ae0b7b4c23780

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1081
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:27
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686456-d4d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 817362598a567b3e75e726aa2b5fa419
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/AdvancedTabs/frontend.min.js?ver=4.9.97.7>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 jquery.magnific-popup.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/ 21 KB
9 KB 48ms
40ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/jquery.magnific-popup.js?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

00bd70a9e2b51ce68971a89a29d07b1e06e49a5d1e71c6a44d1a7ccb41828095

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686456-5251"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 8bbc66729528500b50bb9a996740ea5d
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/js/jquery.magnific-popup.js?ver=4.9.97.7>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 mediaelement-and-player.min.js Show response
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 154 KB
39 KB 45ms
36ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

b15c3ea03d50c2430490e7416733a254feea4237bb60b54181bd3473ebe4149f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1081
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:27
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Sep 2022 14:21:11 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"6335a9d7-26935"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: d153a987ee6ec972ece43bca1848207a
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 mediaelement-migrate.min.js Show response
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 1 KB
2 KB 44ms
36ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"625095f6-4a7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 71014557b4aa8d9b8c0ca67b77fd3164
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.5.4>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 wp-mediaelement.min.js Show response
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 1 KB
2 KB 50ms
42ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

79cb399203843f65199bec32bc4abac5dfd20f141d3e4ec1424bf00c7108fa45

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1082
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 07 Feb 2023 16:00:42 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"63e275aa-453"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 1c0a80ef491350692734037942768966
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.5.4>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 swiper-bundle.min.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/ 142 KB
40 KB 50ms
42ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/swiper-bundle.min.js?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

568c3ba372e075ecceb821409f5d45be311c896c3c784910eb5f2f20e5c90670

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686456-239c1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 68dd1e1b72677568c0d57ee9fbdc5fbc
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/js/swiper-bundle.min.js?ver=4.9.97.7>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 frontend.min.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/BlogCarousel/ 3 KB
2 KB 48ms
41ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/BlogCarousel/frontend.min.js?ver=4.9.97.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

a314e4c39a406b80af166f001cb0400257b1301f3f96d7d670e9feadaeae07ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1080
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2024 14:51:02 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"66686456-a85"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 6bbe33637eb6943ba11f1e08b0292a2e
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/BlogCarousel/frontend.min.js?ver=4.9.97.7>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 moment.min.js Show response
cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/ 57 KB
17 KB 79ms
35ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

081737985335af4be15fc676ed4ccc0703c7446c6b5cbc9317e40bcdc6428e5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2689299
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 16837
last-modified: Wed, 06 Jul 2022 23:03:56 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "62c614dc-41c5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=655gF6Gn8Zt4T1ppBKCbLkbV8chcMPRVKVHUh1KKCsDadOsJ64f7LazIHqAW3ME810hiQ2%2FmoalTuuaGmFnSYCd5rvfcfKGd6569hWxSfAn14%2BIW0CYcyNPkqhZpqH8kxkE75GKS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 895761b53e83a02b-FRA
expires: Sun, 08 Jun 2025 01:07:17 GMT

GET
H2 200 daterangepicker.min.js Show response
cdn.jsdelivr.net/npm/daterangepicker/ 32 KB
8 KB 81ms
19ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.min.js?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

837f3f510b4be76f36c097ca94f9efe87c0a0581daf5e8b2bf980d9f3788bc37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 18 Jun 2024 01:07:17 GMT
x-content-type-options: nosniff
content-encoding: br
age: 15191
x-jsd-version: 3.1.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7242
x-served-by: cache-fra-etou8220044-FRA
x-jsd-version-type: version
etag: W/"8092-XxjDQopdrufpJf5BZ3ADy4siD68"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 jquery-ui.js Show response
code.jquery.com/ui/1.13.2/ 517 KB
124 KB 86ms
18ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.13.2/jquery-ui.js?ver=6.5.4
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c4b0fb9e123ad9f72c1192b6feff0bb0171be251bb76050b92e5e85c1fe3f757

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 566877
x-cache: HIT, HIT
content-length: 126267
x-served-by: cache-lga21926-LGA, cache-fra-etou8220122-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1718672838.970910,VS0,VE0
etag: W/"28feccc0-81307"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 60, 10756

GET
H2 200 loadFilter.js Show response
cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/ 44 KB
6 KB 83ms
21ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/loadFilter.js?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b0a9a22da3f67f5e35770bedef0e2ec034eddd871243a6b80d09b285372d1863

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 18 Jun 2024 01:07:17 GMT
x-content-type-options: nosniff
content-encoding: br
age: 34238
x-jsd-version: 2.7.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6186
x-served-by: cache-fra-etou8220044-FRA
x-jsd-version-type: branch
etag: W/"b08f-hyuFhPhDAFE5gn7UWPXhS1S5p0w"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 loadmore.js Show response
cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/EventFeed/ 31 KB
4 KB 83ms
21ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/EventFeed/loadmore.js?ver=6.5.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0907683649854f8c34c1c89b06ac8256e5414e1c2db6019fa0c0f347e9e240e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 18 Jun 2024 01:07:17 GMT
x-content-type-options: nosniff
content-encoding: br
age: 6047
x-jsd-version: 2.7.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4509
x-served-by: cache-fra-etou8220044-FRA
x-jsd-version-type: branch
etag: W/"7b9e-g8xMzqvVKM5J7uC4u0KIn/Wvuw4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 frontend-bundle.min.js Show response
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-mega-menu/scripts/ 8 KB
3 KB 49ms
42ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-mega-menu/scripts/frontend-bundle.min.js?ver=1.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

ef71ea60e9d99a764eae745ada2724a4bc3175114330ee3786d144831e562147

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:49:11 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de5f7-2092"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 9d75922c7054974a1055c2f3825500fc
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/plugins/supreme-mega-menu/scripts/frontend-bundle.min.js?ver=1.0.0>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 motion-effects.js Show response
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 154 KB
39 KB 49ms
43ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.25.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

21299aa0cfccae6adfc1fdc2d6dfd6895c47f6f8b714b2683df914f9b5b485a3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1081
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:27
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-26902"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 728dff156ac90d850ed183321056d651
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.25.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 sticky-elements.js Show response
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 204 KB
57 KB 49ms
43ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements.js?ver=4.25.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

e133ed1ae38d54fc651a16b69201398f49452e7b207f7a49a3773706f1e17648

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
cdn-edgestorageid: 1079
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:26
cdn-pullzone: 1682947
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"665de646-33098"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 947bb5eccb4e7e2d1660b017b18cd5d9
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements.js?ver=4.25.1>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 283 KB
97 KB 111ms
42ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6edb432096f78466b36787f2a73603d73cce0d0de8adcd63737c7f464412c553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 99334
x-xss-protection: 0
last-modified: Tue, 18 Jun 2024 00:40:28 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 18 Jun 2024 01:07:17 GMT

GET
H2 200 tag.aspx Show response
ml314.com/ 37 KB
12 KB 92ms
22ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?185
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 00:19:45 GMT
via: 1.1 google
content-encoding: br
age: 2852
x-guploader-uploadid: ACJd0NqPJj1skVpZJcnv0d5vC4ckZUFVJbW_UMoOKpUJqcUyLZuxwfBPmQxVH25uIpNndZA5rVg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12140
last-modified: Wed, 12 Jun 2024 23:47:10 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1718236030191817
x-goog-hash: crc32c=jdP4zA==, md5=YRx2m1aKFpugF5vA5Ps9ng==
content-type: application/javascript
cache-id: FRA
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 37568
accept-ranges: bytes

GET
H3 200 61eaf806342d59001e8ed916 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 296ms
263ms Script
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/61eaf806342d59001e8ed916

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

78dec84cbdacabaa17ea18e6ccd7a66d791883797b72c7c0b8dd7aef58ee4aeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 895761b55e629b31-FRA

GET
H2 200 et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804-late.css
www.horizon3.ai/wp-content/et-cache/260804/ 199 KB
20 KB 161ms
161ms Stylesheet
text/css 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/et-cache/260804/et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804-late.css

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

8cd9f7a987ec2f62408533ab4ac13ef1e7b1cd9300f4d28b721cbe71e13dc50d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:17 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 16 Jun 2024 14:47:08 GMT
server: nginx
etag: W/"666efaec-31b96"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()

GET
H2 200 utsync.ashx Show response
ml314.com/ 62 B
254 B 53ms
52ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=81430&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&pv=1718672837998_yotcu58or&bl=de-de&cb=1127618&return=&ht=&d=&dc=&si=1718672837998_yotcu58or&cid=6cde07f1-6e0d-4162-bf0a-d382a9285bc8&s=1600x1200&rp=&v=2.7.3.180
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?185
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 18 Jun 2024 01:07:18 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
content-type: application/javascript
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 325 KB
104 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

47aee8cb757f7ad275b1ebdd71a2e69b4f1377599843425686b0536b6bc15360

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 106407
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 18 Jun 2024 01:07:18 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 264 KB
91 KB 38ms
38ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10792903506&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a52905c33a00c02530c87fff269629edd52aa6380c6f12f888887b8393fe0f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93139
x-xss-protection: 0
last-modified: Tue, 18 Jun 2024 00:28:23 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 18 Jun 2024 01:07:18 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 86ms
22ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 5eee7eef8c43d97d6c92ce9000b3f2424647e58f985c2df5711690c8b95f1495

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Wed, 22 May 2024 17:01:28 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "16b7761205515ddc0668c12c434e8f00"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 12104

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 427ms
124ms Script
application/javascript 52.54.96.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-96-194.compute-1.amazonaws.com
Software: /
Resource Hash: 41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 18 Jun 2024 01:07:18 GMT
content-encoding: gzip
X-Pardot-Route: 16b0ab393667a33fe86adedc3141e88c
last-modified: Mon, 17 Jun 2024 14:27:24 GMT
etag: "15f4-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
Connection: keep-alive
accept-ranges: bytes
Content-Length: 1988
expires: Thu, 18 Jun 2026 01:07:18 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 82ms
21ms Script
application/javascript 2a02:26f0:480:15::213:7e63
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:15::213:7e63 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 20 May 2024 16:52:20 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=78726
accept-ranges: bytes
content-length: 16683

GET
H/1.1 200
OK PLwGhTJP Show response
io.clickguard.com/s/cHJvdGVjdG9y/ 8 KB
3 KB 206ms
145ms Script
application/javascript 2606:4700:20::681a:d98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://io.clickguard.com/s/cHJvdGVjdG9y/PLwGhTJP
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c991484aa85db0913b74c477bc850c4125ac52f9df0554f32c8f09bf2e138d1a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 18 Jun 2024 01:07:18 GMT
via: 1.1 google
Content-Encoding: br
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
x-powered-by: Express
etag: W/"1eaf-X5zGa84rjUK38wtrsLl76XNyS1s"
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pIlaNICOC6wJmkXQC84HEFRcG6as20kNYSRDvkXV4vIemU7qZm5YLxRbrM%2F8po3MHdVJwcBI1HOsQ8Q2SDYbV9mZY8S8SsBJwg4ZjNWIRWt8mipFycwhQefLLjxi4SAIpktYwI025tytsbyodrPp"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=utf-8
access-control-allow-origin: *
Connection: keep-alive
CF-RAY: 895761b69b9f3684-FRA

GET
H2 200 dreamdata.min.js Show response
cdn.dreamdata.cloud/scripts/analytics/v1/ 127 KB
39 KB 130ms
31ms Script
text/javascript 34.120.220.80
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.dreamdata.cloud/scripts/analytics/v1/dreamdata.min.js

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.220.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

80.220.120.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

8e78bcb85c5e969c9fbd74ade48ae59d1e8c94bc928b61947bab57c5f8576a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 00:57:55 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000;includeSubdomains
age: 563
x-guploader-uploadid: ACJd0NpSyITPKMRmyExJoQ_AQZIuJ59J-luzgsbd2MT9Zo75B_-odu3ggzaG0_xojzNFhcQ7wrQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39064
referrer-policy: origin
last-modified: Tue, 19 Dec 2023 15:12:09 GMT
server: UploadServer
etag: "5a0c242829201a80f498d4959d83ebfc"
vary: Accept-Encoding
x-goog-generation: 1702998729480704
x-goog-hash: crc32c=9JeVgg==, md5=WgwkKCkgGoD0mNSVnYPr/A==
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public,max-age=1800
x-goog-stored-content-length: 39064
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
expires: Tue, 18 Jun 2024 01:27:55 GMT

GET
H2 200 identify-form.min.js Show response
cdn.dreamdata.cloud/scripts/identify-form/v1/ 20 KB
5 KB 162ms
63ms Script
text/javascript 34.120.220.80
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.dreamdata.cloud/scripts/identify-form/v1/identify-form.min.js

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.220.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

80.220.120.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

66c5889779331f1942f8bf56933acbab2f3c264c7e77f367795a8cb04506e9ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000;includeSubdomains
x-guploader-uploadid: ACJd0NoOybj8tcpPQg81qii8LQZPrnyM8Kfd540KANKnrkDiUYKrFFRFvMwMs-dd7ak7FJxkTDY
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4325
referrer-policy: origin
last-modified: Fri, 12 Apr 2024 10:25:35 GMT
server: UploadServer
etag: "8a6a5d6c3a6974d0bc37e53710962146"
vary: Accept-Encoding
x-goog-generation: 1712917535471168
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=5dIwaw==, md5=impdbDppdNC8N+U3EJYhRg==
access-control-expose-headers: *
cache-control: public, max-age=1800
x-goog-stored-content-length: 4325
accept-ranges: bytes
expires: Tue, 18 Jun 2024 01:37:18 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 97ms
36ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-V462VSRXXS&gtm=45je46c0v889089095z8852319646za200zb852319646&_p=1718672837887&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1851226726.1718672838&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.61%7CGoogle%2520Chrome%3B126.0.6478.61&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718672838&sct=1&seg=0&dl=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&dt=CVE-2024-29824%20Deep%20Dive%3A%20Ivanti%20EPM%20SQL%20Injection%20Remote%20Code%20Execution%20Vulnerability%20%E2%80%93%20Horizon3.ai&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1259&_z=sendBeacon
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 18 Jun 2024 01:07:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.horizon3.ai
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 98ms
31ms Ping
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-V462VSRXXS&cid=1851226726.1718672838&gtm=45je46c0v889089095z8852319646za200zb852319646&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 18 Jun 2024 01:07:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.horizon3.ai
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 80ms
38ms Image
image/gif 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V462VSRXXS&cid=1851226726.1718672838&gtm=45je46c0v889089095z8852319646za200zb852319646&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=322028118

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 18 Jun 2024 01:07:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_rwb6eefi/ 3 B
124 B 800ms
721ms XHR
application/json 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_rwb6eefi/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:19 GMT
content-encoding: gzip
via: 1.1 varnish
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
content-length: 27

GET
H2 200 t2_rwb6eefi_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
699 B 76ms
29ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_rwb6eefi_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 97

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 107ms
29ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1718672838257&id=t2_rwb6eefi&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=27e34c50-ce6a-4d7f-9c2e-4cd85a61dd40&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_8d515a58&dpm=&dpcc=&dprc=
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
813 B 206ms
128ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: *
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 8C8CBE6A67AC46758486650F198221BB Ref B: DUS30EDGE0412 Ref C: 2024-06-18T01:07:18Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYbH7QEksBM1cQ2e9ahwQ==
x-fs-uuid: 00061b1fb40492c04cd5c4367bd6a1c1

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3527860%26time%3D1718672838259%26url%3Dhttps%253A%252F%252Fwww.horizon3.ai%252Fat...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection...

0
264 B

343ms
218ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&cookiesTest=true&liSync=true&e_ipv6=AQLLcmgnx9_9SwAAAZAo4lNGQnjuH0dVRJK37AyrdYp9mFt1XB88_7eoBJtRg2i_19wPGDjvQV9z
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BBB7B0052D5147B3921C8454D95EA416 Ref B: FRAEDGE1822 Ref C: 2024-06-18T01:07:19Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYbH7QaUrA/sukDt9eFlg==

Redirect headers

date: Tue, 18 Jun 2024 01:07:19 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BD697B85C8004B2DB0922794BCF5FF5F Ref B: FRAEDGE1816 Ref C: 2024-06-18T01:07:19Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1718672838259&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&cookiesTest=true&liSync=true&e_ipv6=AQLLcmgnx9_9SwAAAZAo4lNGQnjuH0dVRJK37AyrdYp9mFt1XB88_7eoBJtRg2i_19wPGDjvQV9z
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYbH7QVD2CwnhLJot6VjA==

POST
H3 200 p Show response
cdn.dreamdata.cloud/api/v1/ 16 B
33 B 67ms
38ms XHR
application/json 34.120.220.80
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.dreamdata.cloud/api/v1/p

Requested by

Host: cdn.dreamdata.cloud
URL: https://cdn.dreamdata.cloud/scripts/analytics/v1/dreamdata.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.220.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

80.220.120.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
via: 1.1 google
referrer-policy: nosniff
strict-transport-security: max-age=63072000;includeSubdomains
server: Google Frontend
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: a3e8f6ba4a7275a83f86c4714fd37a1f
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 200 Red-Team-Blog-BG.jpg
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/ 51 KB
53 KB 23ms
23ms Image
image/jpeg 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/Red-Team-Blog-BG.jpg

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

6555189a58cede3f19c2269dfa21e1e86734f122f0e190bfaaee35895dcbd9fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1080
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:46:14
cdn-pullzone: 1682947
content-length: 52684
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:33 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "651e18fd-cdcc"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 54325fbf727684051ffc6f3a8cc82eb3
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2022/10/Red-Team-Blog-BG.jpg>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 25 KB
25 KB 108ms
51ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUU1.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8189eb6330e9f0b62e4fe2be8bbad8129ebf1db97e390c2386e0b5a2880aa403

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 05:05:43 GMT
x-content-type-options: nosniff
age: 417695
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25500
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 16:13:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 05:05:43 GMT

GET
H2 200 modules.woff
www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/social/ 10 KB
11 KB 156ms
153ms Font
font/woff 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/social/modules.woff

Requested by

Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804-late.css?ver=1718549225

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

b4d9b5f545245d9781d491989a77089f380de3a58898ea70116cc59f61257e92

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/et-divi-dynamic-tb-242536-tb-4381-tb-243092-260804-late.css?ver=1718549225
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:18 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 10320
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: nginx
etag: "665de646-2850"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 25 KB
26 KB 83ms
26ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46ed19e2d021296a35c1632b877c5fff1aa3c3eaec27d49d892e94545b792b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 04:15:47 GMT
x-content-type-options: nosniff
age: 420691
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25656
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 16:17:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 04:15:47 GMT

GET
H2 200 fa-solid-900.woff2
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 78 KB
80 KB 87ms
43ms Font
font/woff2 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-solid-900.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.04
etag: "665de646-139ac"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
link: <https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-solid-900.woff2>; rel="canonical"
date: Tue, 18 Jun 2024 01:07:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cdn-edgestorageid: 1080
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:27
content-length: 80300
x-xss-protection: "1; mode=block"
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-requestpullcode: 200
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 5842833c5991efa307cfc67a18f05ed7
accept-ranges: bytes
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 25 KB
25 KB 137ms
81ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fbf0d9704506b1ad0def13dc96bf24602d807afe597a754ae59fe1d2c0efcec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 02:15:24 GMT
x-content-type-options: nosniff
age: 427914
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25320
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 16:18:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 02:15:24 GMT

GET
H2 200 S6uyw4BMUTPHjxAwXg.woff2
fonts.gstatic.com/s/lato/v24/ 25 KB
25 KB 113ms
58ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXg.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

386a206aade080bb0045005cfdbb660430ed46d652039eef6bc299d54d7c43ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 18:26:26 GMT
x-content-type-options: nosniff
age: 369652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25284
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 18:26:26 GMT

GET
H2 200 fa-brands-400.woff2
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 77 KB
78 KB 94ms
53ms Font
font/woff2 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.04
etag: "665de646-1327c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
link: <https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff2>; rel="canonical"
date: Tue, 18 Jun 2024 01:07:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:27
content-length: 78460
x-xss-protection: "1; mode=block"
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-requestpullcode: 200
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 8bf804b17e536d853eac29bbf2ed7c5f
accept-ranges: bytes
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-WYiFWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 23 KB
23 KB 119ms
78ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-WYiFWUU1.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b305496a376155dbf4b51c26fc3d4ebca6083945fc20aa60c47817836f86366

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 09:14:31 GMT
x-content-type-options: nosniff
age: 575567
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23316
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 16:13:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 09:14:31 GMT

GET
H2 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUz.woff
fonts.gstatic.com/s/rubik/v28/ 32 KB
32 KB 23ms
22ms Font
font/woff 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUz.woff

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d1b0d7af8eb5e8dafc681f282db58efb53d808ac1701694fe3420992ed58d72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 17:57:36 GMT
x-content-type-options: nosniff
age: 371382
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32848
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 16:13:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 17:57:36 GMT

GET
H2 200 modules.woff
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/modules/all/ 90 KB
91 KB 26ms
26ms Font
font/woff 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

fe67b77ac7e0ef4b482dafb86adfa403db1b89a2f337d2dc8bd1278cfe975196

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.04
etag: "665de646-167b4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
link: <https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff>; rel="canonical"
date: Tue, 18 Jun 2024 01:07:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cdn-edgestorageid: 1079
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 20:32:28
content-length: 92084
x-xss-protection: "1; mode=block"
last-modified: Mon, 03 Jun 2024 15:50:30 GMT
server: BunnyCDN-DE1-1082
cdn-requestpullcode: 200
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 116252eb7721effad6fc17b066a681dd
accept-ranges: bytes
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUw.ttf
fonts.gstatic.com/s/rubik/v28/ 68 KB
36 KB 32ms
32ms Font
font/ttf 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUw.ttf

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

977b03a17e6c623ab63583f72b1639b1ad6aef1ae044993c66b4c8328e571272

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/
Origin: https://www.horizon3.ai
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 13:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 561739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37076
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 16:13:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 13:04:59 GMT

GET
H/1.1 200
OK analytics Show response
pi.pardot.com/ 1 KB
2 KB 559ms
558ms Script
text/javascript 52.54.96.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17120&account_id=972073&title=CVE-2024-29824%20Deep%20Dive%3A%20Ivanti%20EPM%20SQL%20Injection%20Remote%20Code%20Execution%20Vulnerability%20%E2%80%93%20Horizon3.ai&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&referrer=

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-54-96-194.compute-1.amazonaws.com

Software

Resource Hash

05bb06f68e862847f1dc8d5ce72b1d49c40044be70ff2c565124d07415c3f03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
Date: Tue, 18 Jun 2024 01:07:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
vary: Accept-Encoding,User-Agent
Content-Type: text/javascript; charset=utf-8
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
x-pardot-canary: true
Content-Length: 535
expires: Thu, 19 Nov 1981 08:52:00 GMT

OPTIONS
H/1.1 204
No Content PLwGhTJP
pulse.clickguard.com/r/cHJvdGVjdG9y/ 0
0 313ms
145ms Preflight 2606:4700:20::ac43:44c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pulse.clickguard.com/r/cHJvdGVjdG9y/PLwGhTJP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.horizon3.ai
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 895761bbed0465dd-FRA
Connection: keep-alive
Content-Length: 0
Date: Tue, 18 Jun 2024 01:07:19 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=927BOeD6MxrQkLPPCbw17QYvuy2xkkhTf8Ta4uo1DTScVu5r7iXG9dvYzgN%2F47c2La%2BoJ12uwZqdmFkm%2BrUh8CX%2BeKmY8uFkAkCiItv7CjwNHElQ0pEgmfsfoBl1uXKmNEkokmxtbB2Kxn4CSLNru0r%2F"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
vary: Access-Control-Request-Headers
via: 1.1 google
x-powered-by: Express

POST
H/1.1 200
OK PLwGhTJP Show response
pulse.clickguard.com/r/cHJvdGVjdG9y/ 0
598 B 148ms
148ms XHR
text/plain 2606:4700:20::ac43:44c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pulse.clickguard.com/r/cHJvdGVjdG9y/PLwGhTJP
Requested by: Host: io.clickguard.com
URL: https://io.clickguard.com/s/cHJvdGVjdG9y/PLwGhTJP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Date: Tue, 18 Jun 2024 01:07:19 GMT
via: 1.1 google
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
x-powered-by: Express
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vaV9SOyGJgzAlbQwNSG8ztodNp0TtIjFpV9tEepS1JhwirnGyh1p0lUxoAafa%2BlNgtPLv1pQqJ%2FM1tFBDWJ0R%2Bb6UDSwK6p4jCVl2LjP1AG%2FyKqh%2BQzu0fEpK6H4pYtjKeHByEtCoolQJ%2Bj%2Fz1qlcXId"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
Connection: keep-alive
CF-RAY: 895761bcdd9365dd-FRA
Content-Length: 0

GET
H/1.1 200
OK analytics Show response
go.horizon3.ai/ 50 B
1020 B 747ms
232ms Script
text/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.horizon3.ai/analytics?conly=true&visitor_id=123648372&visitor_id_sign=85f2be0b5090a5842ac9f3b814f27e23440e25abe012c6ac47c6c461c676f1b96c2d09f4c8aef804b1275aed6a6091a28c3ac594&pi_opt_in=&campaign_id=17120&account_id=972073&title=CVE-2024-29824%20Deep%20Dive:%20Ivanti%20EPM%20SQL%20Injection%20Remote%20Code%20Execution%20Vulnerability%20%E2%80%93%20Horizon3.ai&url=https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17120&account_id=972073&title=CVE-2024-29824%20Deep%20Dive%3A%20Ivanti%20EPM%20SQL%20Injection%20Remote%20Code%20Execution%20Vulnerability%20%E2%80%93%20Horizon3.ai&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&referrer=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
Date: Tue, 18 Jun 2024 01:07:20 GMT
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
vary: User-Agent
Content-Type: text/javascript; charset=utf-8
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 50
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 205ms
204ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:19 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 7605FEBC9EE7408B9B269A8742839C71 Ref B: FRAEDGE1816 Ref C: 2024-06-18T01:07:19Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.horizon3.ai
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYbH7QdqjDps6djZ8d+6A==

POST
H2 200 admin-ajax.php Show response
www.horizon3.ai/wp-admin/ 4 KB
2 KB 527ms
526ms XHR
text/html 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-admin/admin-ajax.php

Requested by

Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

f699c950a3249853c07d8f4e9818afd14ec205e91d7a6fd201f1ab7e393c2674

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: WP Engine
content-length: 768
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.horizon3.ai
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 Menu-BG-NodeZero-v2.png
www.horizon3.ai/wp-content/uploads/2023/11/ 101 KB
102 KB 164ms
163ms Image
image/png 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.horizon3.ai/wp-content/uploads/2023/11/Menu-BG-NodeZero-v2.png

Requested by

Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/et-core-unified-tb-242536-tb-4381-tb-243092-deferred-260804.min.css?ver=1718549228

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

f677faa4afd9b8b4424f9021d8e6c09892ace736ca435ceaba00c6b030cc1846

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/260804/et-core-unified-tb-242536-tb-4381-tb-243092-deferred-260804.min.css?ver=1718549228
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:20 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 103768
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 16 Nov 2023 00:52:55 GMT
server: nginx
etag: "655567e7-19558"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 cropped-favicon-32x32.png
p7i3u3x3.rocketcdn.me/wp-content/uploads/2021/06/ 2 KB
3 KB 22ms
21ms Other
image/png 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2021/06/cropped-favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 / RocketCDN - b

Resource Hash

f80d87f46f45bb648d45a1de343befaf9eefa5604cdde3f5a53d95d3d6a900f9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 18 Jun 2024 01:07:20 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1080
x-powered-by: RocketCDN - b
cdn-cachedat: 06/17/2024 21:06:42
cdn-pullzone: 1682947
content-length: 1932
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Oct 2023 02:01:40 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "651e1904-78c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control: public, max-age=31919000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid: 8f779f207c371c2f21e8d29bdd90866d
accept-ranges: bytes
cdn-requestcountrycode: DE
link: <https://www.horizon3.ai/wp-content/uploads/2021/06/cropped-favicon-32x32.png>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 33ms
32ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-V462VSRXXS&gtm=45je46c0v889089095za200zb852319646&_p=1718672837887&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1851226726.1718672838&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.61%7CGoogle%2520Chrome%3B126.0.6478.61&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1718672838&sct=1&seg=0&dl=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fattack-blogs%2Fcve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability%2F&dt=CVE-2024-29824%20Deep%20Dive%3A%20Ivanti%20EPM%20SQL%20Injection%20Remote%20Code%20Execution%20Vulnerability%20%E2%80%93%20Horizon3.ai&en=scroll&epn.percent_scrolled=90&_et=7&tfd=6273&_z=sendBeacon
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 18 Jun 2024 01:07:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.horizon3.ai
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.horizon3.ai/	1970-01-20 23:34:08	Name: _gcl_au Value: 1.1.1269351142.1718672838
.ws.zoominfo.com/	1970-01-21 06:10:08	Name: visitorId Value: 1997010ef0a30079ee146084d233442d4c8e60f87f1b70a07c75e4014d8fd158
.zoominfo.com/	1970-01-20 21:24:34	Name: __cf_bm Value: umcc8GGl2taQYcQxVnGrctFc956AP3SMtaiFUPiYmCo-1718672838-1.0.1.1-TNnBRnqRkHabIqSPr6NZV3rj6y0xkOc_GlEA1N1d5UX0zCzI.vParyWZmxAbOWRWeuKD7BK6MnY1fFmF7AEGDg
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: xj2pOv9AWPFCkdZs0VOmhfJNDNT2eddxdPOGw.Y1D5I-1718672838212-0.0.1.1-604800000
.horizon3.ai/	1970-01-21 07:00:32	Name: _ga Value: GA1.1.1851226726.1718672838
.horizon3.ai/	1970-01-21 07:00:32	Name: _ga_V462VSRXXS Value: GS1.1.1718672838.1.0.1718672838.60.0.0
.horizon3.ai/	1970-01-20 23:34:08	Name: _rdt_uuid Value: 1718672838256.27e34c50-ce6a-4d7f-9c2e-4cd85a61dd40
.horizon3.ai/	1970-01-21 06:10:08	Name: ajs_user_id Value: null
.horizon3.ai/	1970-01-21 06:10:08	Name: ajs_group_id Value: null
.horizon3.ai/	1970-01-21 06:10:08	Name: ajs_anonymous_id Value: %22b453dcf4-2d29-453b-bbcd-bbff8bb5d7ce%22
www.horizon3.ai/	1970-01-21 06:10:08	Name: cookielawinfo-checkbox-necessary Value: yes
www.horizon3.ai/	1970-01-21 06:10:08	Name: cookielawinfo-checkbox-functional Value: no
www.horizon3.ai/	1970-01-21 06:10:08	Name: cookielawinfo-checkbox-performance Value: no
www.horizon3.ai/	1970-01-21 06:10:08	Name: cookielawinfo-checkbox-analytics Value: no
www.horizon3.ai/	1970-01-21 06:10:08	Name: cookielawinfo-checkbox-advertisement Value: no
www.horizon3.ai/	1970-01-21 06:10:08	Name: cookielawinfo-checkbox-others Value: no
.linkedin.com/	1970-01-20 23:34:08	Name: li_sugr Value: 23424d6a-341f-41ac-83c3-6f1f2fc3e27b
.linkedin.com/	1970-01-21 06:10:08	Name: bcookie Value: "v=2&4f7ffe9f-b802-4136-8f3c-8a997515ee71"
.linkedin.com/	1970-01-20 21:25:59	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2850:u=1:x=1:i=1718672838:t=1718759238:v=2:sig=AQHGaL-4xe-InQKk-QL4fnB8C1X4Uc9S"
.linkedin.com/	1970-01-20 22:07:44	Name: UserMatchHistory Value: AQJt355mpjNGNwAAAZAo4lAF6b29JKHhkO1Qm4RA0K8cX9_Y6s6hnW9uWQuMY-FSLNkQooyVyYiarg
.linkedin.com/	1970-01-20 22:07:44	Name: AnalyticsSyncHistory Value: AQLls3qNtyMvpQAAAZAo4lAFgxXIRcvfLKVSGUwpeXhvg6KFc804PYEz6GpGMbPfxbxHBQq3DFsAVoTTniVtFQ
.www.linkedin.com/	1970-01-21 06:10:08	Name: bscookie Value: "v=1&202406180107190fe3f211-a4ac-46e5-8cad-eec98355128aAQEMPPf9w-bHHQHyg-ApofCdLuuNTxuT"
.linkedin.com/	1970-01-21 01:43:44	Name: li_gc Value: MTswOzE3MTg2NzI4Mzk7MjswMjE8YMCyGyl6GUU9tWxc55C4keRAr7TNdMlRtiDB/qj3Mw==
.pardot.com/	1970-01-21 07:00:32	Name: visitor_id971073 Value: 123648372
.pardot.com/	1970-01-21 07:00:32	Name: visitor_id971073-hash Value: 85f2be0b5090a5842ac9f3b814f27e23440e25abe012c6ac47c6c461c676f1b96c2d09f4c8aef804b1275aed6a6091a28c3ac594
pi.pardot.com/	1970-01-20 21:24:34	Name: lpv971073 Value: aHR0cHM6Ly93d3cuaG9yaXpvbjMuYWkvYXR0YWNrLXJlc2VhcmNoL2F0dGFjay1ibG9ncy9jdmUtMjAyNC0yOTgyNC1kZWVwLWRpdmUtaXZhbnRpLWVwbS1zcWwtaW5qZWN0aW9uLXJlbW90ZS1jb2RlLWV4ZWN1dGlvbi12dWxuZXJhYmlsaXR5Lw%3D%3D
www.horizon3.ai/	1970-01-21 07:00:32	Name: visitor_id971073 Value: 123648372
www.horizon3.ai/	1970-01-21 07:00:32	Name: visitor_id971073-hash Value: 85f2be0b5090a5842ac9f3b814f27e23440e25abe012c6ac47c6c461c676f1b96c2d09f4c8aef804b1275aed6a6091a28c3ac594
go.horizon3.ai/	1970-01-21 07:00:32	Name: visitor_id971073 Value: 123648372
go.horizon3.ai/	1970-01-21 07:00:32	Name: visitor_id971073-hash Value: 85f2be0b5090a5842ac9f3b814f27e23440e25abe012c6ac47c6c461c676f1b96c2d09f4c8aef804b1275aed6a6091a28c3ac594

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'oversized-images'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'wake-lock'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
boards.greenhouse.io
cdn.dreamdata.cloud
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.gstatic.com
go.horizon3.ai
io.clickguard.com
ml314.com
p7i3u3x3.rocketcdn.me
pi.pardot.com
pixel-config.reddit.com
pulse.clickguard.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
stats.g.doubleclick.net
ws.zoominfo.com
www.google.de
www.googletagmanager.com
www.horizon3.ai
www.linkedin.com
www.redditstatic.com
104.16.117.43
104.17.25.14
104.197.16.226
13.107.42.14
142.250.184.195
142.250.186.67
151.101.65.140
2001:4860:4802:34::36
2400:52e0:1e00::1082:1
2606:4700:20::681a:d98
2606:4700:20::ac43:44c4
2620:1ec:21::14
2a00:1450:4001:80b::2008
2a00:1450:4001:829::2003
2a00:1450:400c:c07::9d
2a02:26f0:480:15::213:7e63
2a04:4e42:200::649
2a04:4e42:400::485
2a04:4e42:600::396
3.92.120.28
34.117.77.79
34.120.220.80
52.54.96.194
54.166.73.119
009e58f3632270c3fa8d127a9e132807a0920ac00512a2a0c5f3e8d5d728d373
00bd70a9e2b51ce68971a89a29d07b1e06e49a5d1e71c6a44d1a7ccb41828095
05bb06f68e862847f1dc8d5ce72b1d49c40044be70ff2c565124d07415c3f03e
05c86a01cec19a9f9931163c42515adaab424be687667ef09f7d9b3cd0765cb5
081737985335af4be15fc676ed4ccc0703c7446c6b5cbc9317e40bcdc6428e5d
083ae1cb51dc0047d8ff7a356210c1fbe68ff124e31cdea2d52a1b6035dabf21
0907683649854f8c34c1c89b06ac8256e5414e1c2db6019fa0c0f347e9e240e6
0a47c6e6f24e634cb79f886e70bbfd65e1e85b0d2aa4fc133488fd1bc1910e3e
0b58d82b60be4aa0041234b625c3f8d60899d17b440587da514346c2d2193421
0f0ea2e7e42f50958867913bacfdd3f62f1f65a9fb4b239d9313adf396dfae5c
1b2be13885abac86d69b6d3efbacfbd67b9baaf7cb92c42e217dfa3409fb3a0a
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
1d5b19f81ae284a59aee36257fc8b157c4f48a99ef5692b038adb56ec48d09bb
1fd1a4380ee3832cd6fcda318d76a91c3b632f37468013698a7ad8b9b95a76ab
2053ab9b2531576c619c6136fab9db876c237e61d6e0deaffe2969e52c5d1f67
21299aa0cfccae6adfc1fdc2d6dfd6895c47f6f8b714b2683df914f9b5b485a3
2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f
255d67153c707d1926f571d5e1c7051911138caf15d1dc4bb6759049221566fa
2ae870bbd1b5424339ed5960d369fce78d94a8c127e3b98a4b779e5afd0aa464
2c8a5a9e00ece176ee83b23eef0d0d721effe3fcc0707ca2ef9c80b6fcb9dc2b
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e2f2336b5e6698b628afc75fa9a24c67b73d5872c1d4af99ca436064f636ee0
2f1e0ba0f1a9560f8d67fb010c58f8995fa681625c321e18133ccec0043bce47
386a206aade080bb0045005cfdbb660430ed46d652039eef6bc299d54d7c43ed
3a90b9f96a76c6d7ee4e890525f1bcfc1885627aa8e8d75f795186875171582c
3b0b3b2876c9a3ed08e9cf6b115cb335783e93148c12b0811202e1fe69da3755
3fa3f0c4c099718595c4e25e55810cca92181c72d6233512fb51c2f74fa55cd7
3fe7485f45d408164fab2da56c171727a7f346899c570c75c66a0ec0c9dcf9aa
3fecac074476b2081f0fdff03d66d02072029542362e7b6f7265c86c0d29c50b
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136
42533cfc647d950631655f901e1cdebdeab3737487d6c3d848b2440ad12b1465
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace
46ed19e2d021296a35c1632b877c5fff1aa3c3eaec27d49d892e94545b792b43
47aee8cb757f7ad275b1ebdd71a2e69b4f1377599843425686b0536b6bc15360
4d1684e8ca54d16b0d619fb2ea385db632162ce778ee3851a3b8b98107ad5bc4
4f01ef64b40e21b7f02f85a38475ddf6cac957b187c40987c964a1db424423d6
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
55a084b5f4c439a2786141108b266370e0e4accc4e72629b2177dc6aa658d6c8
5617c251ed51f42797b789d282460813a798d8402a95cd633d3d8f0e82d44819
568c3ba372e075ecceb821409f5d45be311c896c3c784910eb5f2f20e5c90670
56f85bb4020571f6dbd5978f5619c816ec02db0df02bc48215c89c00f08278a8
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5aa24e4ab926693e29ffb0d0ca1557141defd3ca61b3b4e7caebaa2fcd5bf327
5eee7eef8c43d97d6c92ce9000b3f2424647e58f985c2df5711690c8b95f1495
5f9f44351d8cb1c857cc8d29a64c97dd4efc0659fc90bd160a42ea0d715ead79
6555189a58cede3f19c2269dfa21e1e86734f122f0e190bfaaee35895dcbd9fe
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
66c5889779331f1942f8bf56933acbab2f3c264c7e77f367795a8cb04506e9ff
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9
6edb432096f78466b36787f2a73603d73cce0d0de8adcd63737c7f464412c553
70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
744e2c69f12052b2251ea97566999dfd68e9529558cc6d647f9deef86152f0c4
74ca4b4a7f9ee76d71e312306ea01f5d0661796d4caa0a2170058d2a27ed328d
751a73d9a95700a13e0592a06cfa3680c9a50f8105bcc1332b4ed0b92dc78ca2
773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7
78dec84cbdacabaa17ea18e6ccd7a66d791883797b72c7c0b8dd7aef58ee4aeb
798b31a18cae3f6010e75b292d5efa21b347cb479c319b0b7344e023f1ed022a
79cb399203843f65199bec32bc4abac5dfd20f141d3e4ec1424bf00c7108fa45
7d1b0d7af8eb5e8dafc681f282db58efb53d808ac1701694fe3420992ed58d72
8189eb6330e9f0b62e4fe2be8bbad8129ebf1db97e390c2386e0b5a2880aa403
8205d888f22bd7c24358689dc83a660090dc55d45f86ee9a4f521e135b56cc25
837f3f510b4be76f36c097ca94f9efe87c0a0581daf5e8b2bf980d9f3788bc37
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
8bbc0a7737643dd7c2344ba961592632153cb5353c92c5127339627e14b09143
8cd9f7a987ec2f62408533ab4ac13ef1e7b1cd9300f4d28b721cbe71e13dc50d
8e78bcb85c5e969c9fbd74ade48ae59d1e8c94bc928b61947bab57c5f8576a54
92ba0f2c66af0a276a0f6b42bbef355f2e7c9ea4802fa65dacd30bc6c5d706ff
938bfe79e9c0f97e693d1cf09aef4fff06e153f6c0e0bcf1101b0177db68e4db
94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7
952f89167cf3fa6bb4763f0b7cb6f76e6a92401b5ddc2f4dc91530854ead4988
977b03a17e6c623ab63583f72b1639b1ad6aef1ae044993c66b4c8328e571272
9782e3d5058b8388a63b064ecef2b128614205e1e003382c7bb8d6f13b3c912b
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
9b305496a376155dbf4b51c26fc3d4ebca6083945fc20aa60c47817836f86366
a109db1c99f436d1e42aa8e93c4c80f355ceffb35b32eb79e1720ed87150005a
a1fc4d2a1d472a69f0736655a1de5a136b9daad166b23b065c96facb834b3724
a314e4c39a406b80af166f001cb0400257b1301f3f96d7d670e9feadaeae07ef
a52905c33a00c02530c87fff269629edd52aa6380c6f12f888887b8393fe0f66
b0a9a22da3f67f5e35770bedef0e2ec034eddd871243a6b80d09b285372d1863
b15c3ea03d50c2430490e7416733a254feea4237bb60b54181bd3473ebe4149f
b4d9b5f545245d9781d491989a77089f380de3a58898ea70116cc59f61257e92
b6205029e1016596807b655c8f57818736a787e32ceb1407effa152ac3bb9380
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bd3a50ae0a3ebbd81e5b81317539f667aebe5195381c2b34c2f06107a6d026ac
c1b94e225b989e86f8b6c589c0778c17ec25d2465f33fd10dc7e2e45f060fa6c
c4b0fb9e123ad9f72c1192b6feff0bb0171be251bb76050b92e5e85c1fe3f757
c5cbd87659de7774ef01d6fca854bba189f2c1d313f25401e9d7ae4f8326a01c
c6d0d78d73c8618c4c22287fb022469bfc689b5eb6f58523b49c0ecf4c306e2f
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c991484aa85db0913b74c477bc850c4125ac52f9df0554f32c8f09bf2e138d1a
ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
d1ab6bdb097fd8e4f4c8d0e88611ddde752bcbd2c614c63f8d1dbf22f4e9c7e9
d2c4a60625c7b0c149c567a33ab472cfc3cfda840511f4f38bd622e28176b0a8
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
e06a87ff3bc2999833d841a3e0a2da0c9b749530a84ecc9c57e775a76d502244
e133ed1ae38d54fc651a16b69201398f49452e7b207f7a49a3773706f1e17648
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e18fe1d33ada37ef55fff1480facdb68824cc4264dd43221382ad8632669e43b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74280e28094cb4792f2e647de9d0d456f7115efb5ff3538f98ae0b7b4c23780
eb26d806205f76aa405e71e7e08897babf02c5ff4d8c8e54284b8fd8f03e9906
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef71ea60e9d99a764eae745ada2724a4bc3175114330ee3786d144831e562147
f677faa4afd9b8b4424f9021d8e6c09892ace736ca435ceaba00c6b030cc1846
f699c950a3249853c07d8f4e9818afd14ec205e91d7a6fd201f1ab7e393c2674
f80d87f46f45bb648d45a1de343befaf9eefa5604cdde3f5a53d95d3d6a900f9
fab005de52ce54d75f373c5a020e7ddd194caea5b4bf6e87886196e5d4451adc
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
fbf0d9704506b1ad0def13dc96bf24602d807afe597a754ae59fe1d2c0efcec4
fc28654bf4d567cdbc91b5089345699eb8fff900d723b6dc635631eb0cb26fe5
fe67b77ac7e0ef4b482dafb86adfa403db1b89a2f337d2dc8bd1278cfe975196

www.horizon3.ai Open in urlscan Pro 104.197.16.226 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

128 Requests

99 %HTTPS

50 %IPv6

20 Domains

25 Subdomains

24 IPs

4 Countries

2847 kBTransfer

6931 kBSize

30 Cookies

29 Outgoing links

Redirected requests

128 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.horizon3.ai Open in urlscan Pro
104.197.16.226 Public Scan

Screenshot
Live screenshot

Full Image

128
Requests

99 %
HTTPS

50 %
IPv6

20
Domains

25
Subdomains

24
IPs

4
Countries

2847 kB
Transfer

6931 kB
Size

30
Cookies

128 HTTP transactions
0 data transactions