urlscan.io logo urlscan.io
SecurityTrails logo

www.horizon3.ai Open in urlscan Pro
104.197.16.226  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Submission: On August 27 via api from TR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 23 IPs in 5 countries across 19 domains to perform 130 HTTP transactions. The main IP is 104.197.16.226, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is www.horizon3.ai.
TLS certificate: Issued by R11 on July 12th 2024. Valid for: 3 months.
This is the only time www.horizon3.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 104.197.16.226 15169 (GOOGLE)
82 2400:52e0:1e0... 60068 (CDN77 _)
4 2a04:4e42:600... 54113 (FASTLY)
2 2a04:4e42:200... 54113 (FASTLY)
1 104.17.25.14 13335 (CLOUDFLAR...)
1 18.66.102.51 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 13.33.187.92 16509 (AMAZON-02)
2 2a04:4e42:400... 54113 (FASTLY)
2 52.54.96.194 14618 (AMAZON-AES)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
3 34.120.220.80 396982 (GOOGLE-CL...)
7 2a00:1450:400... 15169 (GOOGLE)
1 18.200.100.171 16509 (AMAZON-02)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.186.67 15169 (GOOGLE)
1 142.250.186.131 15169 (GOOGLE)
2 151.101.1.140 54113 (FASTLY)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 18.208.125.13 14618 (AMAZON-AES)
130 23
7    104.197.16.226 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 226.16.197.104.bc.googleusercontent.com
www.horizon3.ai
82    2400:52e0:1e00::1082:1 (Germany)

ASN60068 (CDN77 _, GB)
p7i3u3x3.rocketcdn.me
4    2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
2    2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    18.66.102.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-51.fra56.r.cloudfront.net
static.hotjar.com
3    2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    13.33.187.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-92.fra60.r.cloudfront.net
script.hotjar.com
2    2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
2    52.54.96.194 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-96-194.compute-1.amazonaws.com
pi.pardot.com
1    2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
3    2606:4700:20::681a:d98 (United States)

ASN13335 (CLOUDFLARENET, US)
io.clickguard.com
pulse.clickguard.com
3    34.120.220.80 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 80.220.120.34.bc.googleusercontent.com
cdn.dreamdata.cloud
7    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    18.200.100.171 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-100-171.eu-west-1.compute.amazonaws.com
content.hotjar.io
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net
www.google.de
1    142.250.186.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f3.1e100.net
fonts.gstatic.com
2    151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
pixel-config.reddit.com
alb.reddit.com
3    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    18.208.125.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-125-13.compute-1.amazonaws.com
go.horizon3.ai
Apex Domain
Subdomains		 Transfer
82 rocketcdn.me
p7i3u3x3.rocketcdn.me
2 MB
8 gstatic.com
fonts.gstatic.com
217 KB
8 horizon3.ai
www.horizon3.ai
go.horizon3.ai
195 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 669
px4.ads.linkedin.com — Cisco Umbrella Rank: 7330
2 KB
4 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 410
20 KB
3 dreamdata.cloud
cdn.dreamdata.cloud — Cisco Umbrella Rank: 126602
43 KB
3 clickguard.com
io.clickguard.com — Cisco Umbrella Rank: 109179
pulse.clickguard.com — Cisco Umbrella Rank: 84249
4 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
297 KB
2 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 3241
alb.reddit.com — Cisco Umbrella Rank: 1969
761 B
2 pardot.com
pi.pardot.com — Cisco Umbrella Rank: 12600
4 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1561
13 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 1335
script.hotjar.com — Cisco Umbrella Rank: 2017
60 KB
2 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
132 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 6716
63 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
254 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3773
1 hotjar.io
content.hotjar.io — Cisco Umbrella Rank: 8904
171 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1884
14 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
17 KB
130 19
Domain Requested by
82 p7i3u3x3.rocketcdn.me www.horizon3.ai
8 fonts.gstatic.com www.horizon3.ai
7 www.horizon3.ai www.horizon3.ai
p7i3u3x3.rocketcdn.me
4 cdn.jsdelivr.net www.horizon3.ai
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 cdn.dreamdata.cloud www.horizon3.ai
cdn.dreamdata.cloud
3 www.googletagmanager.com www.horizon3.ai
www.googletagmanager.com
2 pulse.clickguard.com io.clickguard.com
2 pi.pardot.com www.horizon3.ai
pi.pardot.com
2 www.redditstatic.com www.googletagmanager.com
www.redditstatic.com
2 code.jquery.com www.horizon3.ai
1 go.horizon3.ai pi.pardot.com
1 px4.ads.linkedin.com www.horizon3.ai
1 alb.reddit.com www.horizon3.ai
1 pixel-config.reddit.com www.redditstatic.com
1 www.google.de www.horizon3.ai
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 content.hotjar.io script.hotjar.com
1 io.clickguard.com www.googletagmanager.com
1 snap.licdn.com www.horizon3.ai
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com www.horizon3.ai
1 cdnjs.cloudflare.com www.horizon3.ai
130 24
Subject Issuer Validity Valid
www.horizon3.ai
R11		 2024-07-12 -
2024-10-10		 3 months crt.sh
*.rocketcdn.me
R11		 2024-08-01 -
2024-10-30		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
cdnjs.cloudflare.com
WE1		 2024-07-31 -
2024-10-29		 3 months crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-23 -
2024-11-18		 6 months crt.sh
pi.pardot.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-06-05 -
2025-06-04		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
clickguard.com
WE1		 2024-07-11 -
2024-10-09		 3 months crt.sh
cdn.dreamdata.cloud
WR3		 2024-08-21 -
2024-11-19		 3 months crt.sh
*.gstatic.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.hotjar.io
Amazon ECDSA 256 M02		 2024-01-31 -
2025-03-01		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.google.de
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-05-30 -
2024-11-26		 6 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-07-01 -
2025-01-01		 6 months crt.sh
go.horizon3.ai
R11		 2024-07-03 -
2024-10-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Frame ID: EEA8B8701A0A2084A12A66F0FA73A6DE
Requests: 129 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

NTLM Credential Theft in Python Windows Applications – Horizon3.ai

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • jquery[.-]mobile(?:-([\d.]))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • moment(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

130
Requests

99 %
HTTPS

48 %
IPv6

19
Domains

24
Subdomains

23
IPs

5
Countries

3012 kB
Transfer

7229 kB
Size

25
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 120
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1724724717250&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-applications%2F HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1724724717250&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-applications%2F&e_ipv6=AQKD7Cfi2GdUEwAAAZGRmqdstaIUZwlIlFqgC1YPDUsnFRuHD41amF8UwzUEnnpgkMCDcJs

130 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/ 		473 KB
66 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.197.16.226 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
226.16.197.104.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
7b3bbb76b4d7d09b5ce2d66277b80cca045ce36683988f07aa3bf1c9b50dd9b2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control
max-age=600, must-revalidate
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Tue, 27 Aug 2024 02:11:55 GMT
last-modified
Fri, 23 Aug 2024 09:23:19 GMT
link
<https://www.horizon3.ai/wp-json/>; rel="https://api.w.org/" <https://www.horizon3.ai/wp-json/wp/v2/posts/261711>; rel="alternate"; title="JSON"; type="application/json" <https://www.horizon3.ai/?p=261711>; rel=shortlink
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 1
x-cache-group
normal
x-cacheable
SHORT
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
WP Engine
x-tec-api-origin
https://www.horizon3.ai
x-tec-api-root
https://www.horizon3.ai/wp-json/tribe/events/v1/
x-tec-api-version
v1
x-xss-protection
"1; mode=block"
style.min.css
p7i3u3x3.rocketcdn.me/wp-includes/css/dist/block-library/ 		110 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
885c89e82436cfa3d0a0a5a9b2f6be6e1503457c810cc88ed2c09b4570ae9fd6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:12:20
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:03:56 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6aac-1b723"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
21a34b327139a33de673401b9a75b052
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1>; rel="canonical"
cdn-requestpullsuccess
True
aiwp-public.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/aiwp/public/css/ 		98 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/aiwp/public/css/aiwp-public.css?ver=2.0.0
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1081
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:48 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"651e190c-62"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
a41e55f91a8b5dc8df4be3edc07cb0cb
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/aiwp/public/css/aiwp-public.css?ver=2.0.0>; rel="canonical"
cdn-requestpullsuccess
True
cookie-law-info-public.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.2.5
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:40 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc4-c22"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
5d74aebf66e5bc6d47c24b9f9dc647fc
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.2.5>; rel="canonical"
cdn-requestpullsuccess
True
cookie-law-info-gdpr.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.2.5
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:40 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc4-6a71"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
47f731990f0aa265401924f89a4832af
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.2.5>; rel="canonical"
cdn-requestpullsuccess
True
et-divi-dynamic-tb-260934-tb-4381-261711-late.css
p7i3u3x3.rocketcdn.me/wp-content/et-cache/261711/ 		201 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/261711/et-divi-dynamic-tb-260934-tb-4381-261711-late.css?ver=1724701770
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
144285e8182c3c3f25bf4992fbd3bf2e790369b48ad7e65cde3d9a2f9937ad2f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 23 Aug 2024 13:23:37 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66c88d59-32497"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
6c86809d94d9c60a22a9c019fea6a646
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/et-cache/261711/et-divi-dynamic-tb-260934-tb-4381-261711-late.css?ver=1724419417>; rel="canonical"
cdn-requestpullsuccess
True
style.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/styles/ 		152 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/styles/style.min.css?ver=3.1.7.3
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
751a73d9a95700a13e0592a06cfa3680c9a50f8105bcc1332b4ed0b92dc78ca2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 25 Apr 2024 00:54:51 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"6629a9db-25f4a"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
79b8ec3a28ecb03ae67621b69dd5d1f7
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/divi-ajax-filter/styles/style.min.css?ver=3.1.7.3>; rel="canonical"
cdn-requestpullsuccess
True
style.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-blog-extras/styles/ 		70 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-blog-extras/styles/style.min.css?ver=2.6.5
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
3fa3f0c4c099718595c4e25e55810cca92181c72d6233512fb51c2f74fa55cd7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:47 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"651e190b-1196f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
ae4dd22893bf1a5b6944581072fd2124
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/divi-blog-extras/styles/style.min.css?ver=2.6.5>; rel="canonical"
cdn-requestpullsuccess
True
style.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/styles/ 		80 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/styles/style.min.css?ver=1.0.0
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
e18fe1d33ada37ef55fff1480facdb68824cc4264dd43221382ad8632669e43b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:47 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"651e190b-140f1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
258c4de57d7e16e021bee872c876c71b
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/divi-event-calendar-module/styles/style.min.css?ver=1.0.0>; rel="canonical"
cdn-requestpullsuccess
True
style.min.css
www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/ 		86 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/style.min.css?ver=1.0.0
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.197.16.226 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
226.16.197.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
261b64702c068f37759fd1ae7be99dc9cd31a0fb41af63fb3e87049d786d0a03
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:47 GMT
server
nginx
etag
W/"66ba6fcb-157cb"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
style.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/styles/ 		422 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/styles/style.min.css?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
fe676b7de732436eef5cc928e6ce2a5a87d51b34155753d343f88746c4bfb891
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:43 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc7-699d3"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
593047cdae186362be292e71c9fcf731
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/styles/style.min.css?ver=4.9.97.18>; rel="canonical"
cdn-requestpullsuccess
True
magnific_popup.css
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/magnific_popup.css?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:01 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9d-1946"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
f69ee0718ff1cf5970c3ce685cf9fce1
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/magnific_popup.css?ver=4.9.97.18>; rel="canonical"
cdn-requestpullsuccess
True
swiper.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/swiper.css?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
c1b94e225b989e86f8b6c589c0778c17ec25d2465f33fd10dc7e2e45f060fa6c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:43 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc7-5865"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
adf997f4441cb27252edfcfedc2e9959
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/swiper.css?ver=4.9.97.18>; rel="canonical"
cdn-requestpullsuccess
True
popup.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/popup.css?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
2f1e0ba0f1a9560f8d67fb010c58f8995fa681625c321e18133ccec0043bce47
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:43 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc7-1389"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
f91947f10436ca5a41855d20886ed179
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/popup.css?ver=4.9.97.18>; rel="canonical"
cdn-requestpullsuccess
True
animate.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 		83 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/animate.css?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:43 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc7-14d7b"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
b5e77c0b726d57fc35caf578739e0ad5
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/animate.css?ver=4.9.97.18>; rel="canonical"
cdn-requestpullsuccess
True
readmore.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/readmore.css?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
009e58f3632270c3fa8d127a9e132807a0920ac00512a2a0c5f3e8d5d728d373
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1081
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:43 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc7-6bd"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
3bc929523d0593745d6b38f343013e64
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/readmore.css?ver=4.9.97.18>; rel="canonical"
cdn-requestpullsuccess
True
style.min.css
www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/ 		86 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/style.min.css?ver=1.3.0
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.197.16.226 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
226.16.197.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
261b64702c068f37759fd1ae7be99dc9cd31a0fb41af63fb3e87049d786d0a03
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:47 GMT
server
nginx
etag
W/"66ba6fcb-157cb"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
jquery.min.js
p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/ 		86 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 28 Aug 2023 17:14:23 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"64ecd5ef-15601"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
2067f7f5a71bc8031950d67332f8f373
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-includes/js/jquery/jquery.min.js?ver=3.7.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
jquery-migrate.min.js
p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 09 Jun 2023 05:49:24 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"6482bd64-3509"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
1905827b391c63e9b1c704d8cbefae9c
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
aiwp-public.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/aiwp/public/js/ 		913 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/aiwp/public/js/aiwp-public.js?ver=2.0.0
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
2053ab9b2531576c619c6136fab9db876c237e61d6e0deaffe2969e52c5d1f67
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:48 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"651e190c-391"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
3c661a30bacce3dd8212f993b853c28e
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/aiwp/public/js/aiwp-public.js?ver=2.0.0>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
cookie-law-info-public.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/js/ 		33 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.2.5
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
c6d0d78d73c8618c4c22287fb022469bfc689b5eb6f58523b49c0ecf4c306e2f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:40 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc4-8589"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
1c1526019801331fc50514914ea58a81
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.2.5>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
frontend.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/stop-user-enumeration/frontend/js/ 		486 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
8bbc0a7737643dd7c2344ba961592632153cb5353c92c5127339627e14b09143
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:44 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc8-1e6"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
90814db9813dcf5b850367c1a688c83c
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.6.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
divi-filter-loadmore.min.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/js/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/js/divi-filter-loadmore.min.js?ver=3.1.7.3
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
3fecac074476b2081f0fdff03d66d02072029542362e7b6f7265c86c0d29c50b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 25 Apr 2024 00:54:51 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"6629a9db-2147"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
9ce2ca59c744045ed2b26f1e538f9d05
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/divi-ajax-filter/js/divi-filter-loadmore.min.js?ver=3.1.7.3>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
et-divi-customizer-global.min.css
p7i3u3x3.rocketcdn.me/wp-content/et-cache/global/ 		13 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1724701541
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
85375eab1610513e2743d5ecc157320b210104dbb86b3daa5a174e0ae90c0dae
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:12:20
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 19 Aug 2024 15:10:24 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66c36060-3382"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
131dc0f77d8492e36d1bb5acadedb460
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1724080224>; rel="canonical"
cdn-requestpullsuccess
True
et-core-unified-tb-260934-tb-4381-deferred-261711.min.css
p7i3u3x3.rocketcdn.me/wp-content/et-cache/261711/ 		72 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/261711/et-core-unified-tb-260934-tb-4381-deferred-261711.min.css?ver=1724701770
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
fb1a032a26a7cd756dd27469dd9df96abe5219d0c32fc15ca5a79e812271630e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1081
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:37
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 23 Aug 2024 13:23:37 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66c88d59-11e3f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
32ea72ceeb9dfcf6f04f0208e1b70646
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/et-cache/261711/et-core-unified-tb-260934-tb-4381-deferred-261711.min.css?ver=1724419417>; rel="canonical"
cdn-requestpullsuccess
True
Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
12820
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:36 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"651e1900-3214"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
2c4bb453def2402c785e860e1d0f98fa
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Horizon3ai_Logo_Bug_RGB.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/11/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/11/Horizon3ai_Logo_Bug_RGB.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
385825f3c978e51201237611398c837352a7cf4fc8f4dce0badef3871cad2dd4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
20342
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:32 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"651e18fc-4f76"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
7c7d6256580f38c57d6d7e07866f013f
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2022/11/Horizon3ai_Logo_Bug_RGB.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
isometric-laptop-mockup.png
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/ 		470 KB
472 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/06/isometric-laptop-mockup.png
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
0abb6b841ec88ed4a6de1540fd8f6cf921147c69a849a617989fab23f53b520c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1081
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
481722
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 27 Jul 2024 17:21:56 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66a52cb4-759ba"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
3f4e1ad2a81b9ce184c5eb5d8f476b9e
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2022/06/isometric-laptop-mockup.png>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Target-Path-Streamline-Ultimate.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/03/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/03/Target-Path-Streamline-Ultimate.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
255d67153c707d1926f571d5e1c7051911138caf15d1dc4bb6759049221566fa
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
8788
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 12 Mar 2024 16:41:17 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"65f085ad-2254"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
058a65a3441d38d1392917098c972d11
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/03/Target-Path-Streamline-Ultimate.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
entra_compromise_2-980x367.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/05/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/05/entra_compromise_2-980x367.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
798b31a18cae3f6010e75b292d5efa21b347cb479c319b0b7344e023f1ed022a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
15310
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 21 May 2024 00:33:44 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"664bebe8-3bce"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
5fa8f41b1903d3739d1a5db0b974345a
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/05/entra_compromise_2-980x367.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
video-game-sword.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/09/ 		470 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/09/video-game-sword.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
0b58d82b60be4aa0041234b625c3f8d60899d17b440587da514346c2d2193421
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
470
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:27 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"651e18f7-1d6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
de7a7db1ecf4960fb34edbce8b8e660a
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2023/09/video-game-sword.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
400x250-Award-Ascension2024.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/400x250-Award-Ascension2024.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
6bf44386a20716649e91ceff27bb8824fa56b8d63de6e6502f9a0960ab529c83
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1082
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
12520
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 06 Aug 2024 18:00:09 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66b264a9-30e8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
28f6c0e68838d7a01543f83d9d1ab66c
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/400x250-Award-Ascension2024.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
400x250-Award-Intellyx-24.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/400x250-Award-Intellyx-24.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
8205d888f22bd7c24358689dc83a660090dc55d45f86ee9a4f521e135b56cc25
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
19516
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 04 Jun 2024 14:18:31 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"665f2237-4c3c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
5753db5b46da60c2f3aaa410802cc2cb
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/06/400x250-Award-Intellyx-24.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
400x250-Award-rising-cyber-24.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/06/400x250-Award-rising-cyber-24.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
4d1684e8ca54d16b0d619fb2ea385db632162ce778ee3851a3b8b98107ad5bc4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
9256
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 04 Jun 2024 14:17:07 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"665f21e3-2428"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
7192cbf88315024ccf73a7058245179f
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/06/400x250-Award-rising-cyber-24.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-21-at-5.30.17%E2%80%AFPM.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		73 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-5.30.17%E2%80%AFPM.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
87789cac932501433e45db47c3f5b77c9f6b51462c60c760df9a410a0eed6102
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:42
cdn-pullzone
1682947
content-length
75144
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 21:30:55 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c65c8f-12588"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
244fb7ea3a7b5cf104ef7e929cd0cc7f
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-5.30.17%E2%80%AFPM.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-11.34.10%E2%80%AFAM-768x418.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-11.34.10%E2%80%AFAM-768x418.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
047cdde8519c12707a1d606c3bc13b5559c2177856e989b09b4e82394167b8a7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:43
cdn-pullzone
1682947
content-length
29644
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 20 Aug 2024 15:35:58 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c4b7de-73cc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
ab8eea520cf26b7897fb82e340155648
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-11.34.10%E2%80%AFAM-768x418.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-1.58.46%E2%80%AFPM-1280x367.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		49 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-1.58.46%E2%80%AFPM-1280x367.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
019382547726f05d5843ecf260acb807b8139aa7bc23929cfca779071b9d33b3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1082
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:43
cdn-pullzone
1682947
content-length
50518
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 20 Aug 2024 17:59:13 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c4d971-c556"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
71731dcae4bdbc300c99dad7539ecd07
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-1.58.46%E2%80%AFPM-1280x367.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-2.09.36%E2%80%AFPM-1280x316.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.09.36%E2%80%AFPM-1280x316.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
62e9626ff9c1913009fd31444fad54d3bd632b38eb1a3ecc8f7c5e44cacb0b73
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:44
cdn-pullzone
1682947
content-length
41814
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 20 Aug 2024 18:10:08 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c4dc00-a356"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
d12d5fa640ed2c19fa687c896377c258
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.09.36%E2%80%AFPM-1280x316.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-2.14.07%E2%80%AFPM-768x549.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.14.07%E2%80%AFPM-768x549.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
4cd89267146fdf6c5d0561b50c47763ac03daaceab42d91a098020bbfbac3b4e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:44
cdn-pullzone
1682947
content-length
30708
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 20 Aug 2024 18:14:35 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c4dd0b-77f4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
b4638853459dbe16bc9c99b46df40875
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.14.07%E2%80%AFPM-768x549.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-2.25.27%E2%80%AFPM-768x126.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.25.27%E2%80%AFPM-768x126.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
0cf160ad746b95ccc0c503d44cf143c3da9213c0fbd2fcc51b75a2110ed3caa8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:44
cdn-pullzone
1682947
content-length
9842
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 20 Aug 2024 18:25:51 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c4dfaf-2672"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
33a5651fffde46f8275ab9faddb0d7c8
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.25.27%E2%80%AFPM-768x126.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-2.28.19%E2%80%AFPM-768x131.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		9 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.28.19%E2%80%AFPM-768x131.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
de13fe4b277a77edcc2b73467600c5774eb3ac001eb2a58dad77f6b541c697d9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1082
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:44
cdn-pullzone
1682947
content-length
9556
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 20 Aug 2024 18:29:14 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c4e07a-2554"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
e8741948e56ae979ea83f311c59e4386
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.28.19%E2%80%AFPM-768x131.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-2.33.59%E2%80%AFPM-768x762.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.33.59%E2%80%AFPM-768x762.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
49084f1226cec1e9ab3be865ea72949549120d67ec95e8576fdf7de366c9f700
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:42
cdn-pullzone
1682947
content-length
40882
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 20 Aug 2024 18:34:29 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c4e1b5-9fb2"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
f7e39544dbba52f94576d71cbafbdeb2
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.33.59%E2%80%AFPM-768x762.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-2.38.57%E2%80%AFPM-480x293.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.38.57%E2%80%AFPM-480x293.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
0e6b25fadf48535f8dc48ec27f8d600c0f7c00dcb8e6fe9be695ab38a2a50d93
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1082
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:41
cdn-pullzone
1682947
content-length
13536
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 20 Aug 2024 18:39:07 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c4e2cb-34e0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
af41acf35bc3b5b96d7e69d110188fc0
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-2.38.57%E2%80%AFPM-480x293.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-21-at-5.30.17%E2%80%AFPM-480x488.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-5.30.17%E2%80%AFPM-480x488.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
575fbdd62dab0db04e29b382ab31a3531a08e3164ee629b9bccadaaff119639e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1082
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:41
cdn-pullzone
1682947
content-length
18484
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 21:30:32 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c65c78-4834"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
370ae9ece15225cf4c1ae029ab13a15c
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-5.30.17%E2%80%AFPM-480x488.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-10.24.24%E2%80%AFPM-768x474.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-10.24.24%E2%80%AFPM-768x474.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
ff51b64e16143b44883d0ef4b29f007fc9db52dc3404fa360d282feee885e096
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:42
cdn-pullzone
1682947
content-length
29296
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 02:24:58 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c54ffa-7270"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
7f36135366d33a49dea437760818b7c5
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-10.24.24%E2%80%AFPM-768x474.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-5.17.24%E2%80%AFPM-2048x497.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		140 KB
141 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-5.17.24%E2%80%AFPM-2048x497.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
068ed18bb865f538b5ab17721cb8de93fdec8596adc91a5db1338b8b9257d0bb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:42
cdn-pullzone
1682947
content-length
143008
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 20 Aug 2024 21:18:15 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c50817-22ea0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
4878ede1dd04791feda3a51d72d3e439
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-5.17.24%E2%80%AFPM-2048x497.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-11.14.04%E2%80%AFPM-2048x462.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		80 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-11.14.04%E2%80%AFPM-2048x462.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
6a9c2f9a2f04b8c724e2719404849d3c62e474a06a9ce48e53e28fe7f3b3476d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1081
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:41
cdn-pullzone
1682947
content-length
82380
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 03:14:46 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c55ba6-141cc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
a9cfe55c7530cc40d50197bc1bce6bc4
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-11.14.04%E2%80%AFPM-2048x462.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-20-at-11.17.20%E2%80%AFPM-768x638.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-11.17.20%E2%80%AFPM-768x638.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
20050434dcb9780b5002cdd869c30e7452bb66859d1b365a2706118183296cf4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1082
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:42
cdn-pullzone
1682947
content-length
41914
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 03:17:57 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c55c65-a3ba"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
e314fb1c911ef4be44e7b4b3807bbfa3
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-20-at-11.17.20%E2%80%AFPM-768x638.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-21-at-1.39.02%E2%80%AFPM-480x303.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-1.39.02%E2%80%AFPM-480x303.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
6b7d41c332102f852b87b158d88104d245d78ebab3d66c31433cbdadf85821a2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1081
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:42
cdn-pullzone
1682947
content-length
4610
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 17:39:15 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c62643-1202"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
e8137c2db29c33c26b9f8c16c30cfd70
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-1.39.02%E2%80%AFPM-480x303.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-21-at-1.59.38%E2%80%AFPM-980x151.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-1.59.38%E2%80%AFPM-980x151.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
973fc6f69c1055c268ed6677534dfe0fadad018e45f6b4e149886747657b21ab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:43
cdn-pullzone
1682947
content-length
26364
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 18:00:02 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c62b22-66fc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
42def2344b23fd2fc8317b42f81a2084
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-1.59.38%E2%80%AFPM-980x151.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-21-at-3.59.28%E2%80%AFPM-980x163.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-3.59.28%E2%80%AFPM-980x163.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
6d56ff0218e7e4f5943c6a757c8c72e295943700dff6351e806a23fe6dedcb56
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:42
cdn-pullzone
1682947
content-length
22618
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 19:59:45 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c64731-585a"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
33a6623830ef1afaa91389ef97d293b3
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-3.59.28%E2%80%AFPM-980x163.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-21-at-3.44.45%E2%80%AFPM-768x222.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-3.44.45%E2%80%AFPM-768x222.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
5117438ab15aa5af0b4c05510e8b4ca3bd01e0c4bcef83d2c1719666a15e18de
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:43
cdn-pullzone
1682947
content-length
19988
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 19:45:20 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c643d0-4e14"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
070859f77be2bf5f1a4ef46b55f3375e
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-3.44.45%E2%80%AFPM-768x222.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
Screenshot-2024-08-21-at-3.45.40%E2%80%AFPM-768x139.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-3.45.40%E2%80%AFPM-768x139.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
1ae9c3d01cb10398c1b121e311d18defdd4626aff8a46c92a7e8e850e7f78f1d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/23/2024 13:35:43
cdn-pullzone
1682947
content-length
30244
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 21 Aug 2024 19:46:18 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"66c6440a-7624"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
9acae1fcc24ae639b0ba167893ce424e
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2024/08/Screenshot-2024-08-21-at-3.45.40%E2%80%AFPM-768x139.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
streamlinehq-cog-approved-interface-essential-100.png.webp
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/ 		1 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/streamlinehq-cog-approved-interface-essential-100.png.webp
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
744e2c69f12052b2251ea97566999dfd68e9529558cc6d647f9deef86152f0c4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:12:21
cdn-pullzone
1682947
content-length
1462
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:33 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"651e18fd-5b6"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
a5cda4e20af46dd432d7df0449697fbb
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2022/10/streamlinehq-cog-approved-interface-essential-100.png.webp>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
logo-cookieyes.svg
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/images/logo-cookieyes.svg
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
fab005de52ce54d75f373c5a020e7ddd194caea5b4bf6e87886196e5d4451adc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:42
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:40 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc4-a15"
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
0a8ad116e66c3f3b0d49ebb9810b4957
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/images/logo-cookieyes.svg>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
mediaelementplayer-legacy.min.css
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 		11 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:41
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 29 Sep 2020 15:53:06 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"5f735862-2bf8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
ec2f041b66974e0860991d520b65fd4d
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17>; rel="canonical"
cdn-requestpullsuccess
True
wp-mediaelement.min.css
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:41
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 07 Jun 2019 20:45:02 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"5cfaccce-105a"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
59d7483be0a946a021cb882bbf37becb
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.6.1>; rel="canonical"
cdn-requestpullsuccess
True
bootstrap.min.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/assets/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/assets/css/bootstrap.min.css?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
5617c251ed51f42797b789d282460813a798d8402a95cd633d3d8f0e82d44819
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:41
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:47 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"651e190b-35dd"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
dee2124026d0f25031bde527c6bcda4a
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/divi-event-calendar-module/assets/css/bootstrap.min.css?ver=6.6.1>; rel="canonical"
cdn-requestpullsuccess
True
daterangepicker.css
cdn.jsdelivr.net/npm/daterangepicker/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 27 Aug 2024 02:11:56 GMT
x-content-type-options
nosniff
content-encoding
br
age
13402
x-jsd-version
3.1.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1754
x-served-by
cache-fra-eddf8230085-FRA, cache-cph2320033-CPH
x-jsd-version-type
version
etag
W/"1f85-jqRIojRLzDZKkujJKC/BWFh0US4"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
jquery-ui.css
code.jquery.com/ui/1.13.2/themes/hot-sneaks/ 		36 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/ui/1.13.2/themes/hot-sneaks/jquery-ui.css?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5f9f44351d8cb1c857cc8d29a64c97dd4efc0659fc90bd160a42ea0d715ead79

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
1799498
x-cache
HIT, HIT
content-length
8576
x-served-by
cache-lga21942-LGA, cache-cph2320034-CPH
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1724724717.654587,VS0,VE0
etag
W/"28feccc0-8fc4"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
1204, 303
cookie-law-info-table.css
p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-table.css?ver=3.2.5
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
2e2f2336b5e6698b628afc75fa9a24c67b73d5872c1d4af99ca436064f636ee0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1081
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 15:53:41
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:40 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc4-17e1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
6a33a65ed7da37bbdac30f6b4d6b4696
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
link
<https://www.horizon3.ai/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-table.css?ver=3.2.5>; rel="canonical"
cdn-requestpullsuccess
True
scripts.min.js
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/js/ 		268 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/js/scripts.min.js?ver=4.27.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
6af23fd5d68900400e981906d4bf799efb94d589616b846112f9e2684274c692
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:01 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9d-42f9f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
6a6fd1fb6d1c5ad3ea3b82f686370311
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/themes/Divi/js/scripts.min.js?ver=4.27.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
jquery.fitvids.js
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.27.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1081
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:01 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9d-d15"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
f4d2b2e90f5742d7c05b8fe64c835620
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.27.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
comment-reply.min.js
p7i3u3x3.rocketcdn.me/wp-includes/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/js/comment-reply.min.js?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Apr 2022 20:07:18 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"625095f6-ba5"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
e729f7fce134eba55623ff5e6ced4d3f
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-includes/js/comment-reply.min.js?ver=6.6.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
jquery.mobile.js
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js?ver=4.27.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
55a084b5f4c439a2786141108b266370e0e4accc4e72629b2177dc6aa658d6c8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:01 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9d-1f18"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
6708f20bceea1e12aa5898630ae3cc20
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js?ver=4.27.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
magnific-popup.js
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 		22 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/magnific-popup.js?ver=4.27.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
0a47c6e6f24e634cb79f886e70bbfd65e1e85b0d2aa4fc133488fd1bc1910e3e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:01 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9d-5902"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
29dfabffe9c3d18a80758728605f6787
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/magnific-popup.js?ver=4.27.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
easypiechart.js
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.27.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
5aa24e4ab926693e29ffb0d0ca1557141defd3ca61b3b4e7caebaa2fcd5bf327
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1081
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:01 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9d-2466"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
66c926c75e3dd2e42dd679f195636c95
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.27.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
salvattore.js
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 		8 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/salvattore.js?ver=4.27.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
b6205029e1016596807b655c8f57818736a787e32ceb1407effa152ac3bb9380
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:01 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9d-217e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
b0037a4826981a598882e2838e6fb2f9
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/salvattore.js?ver=4.27.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
frontend-bundle.min.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/scripts/ 		699 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-ajax-filter/scripts/frontend-bundle.min.js?ver=3.1.7.3
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
05c86a01cec19a9f9931163c42515adaab424be687667ef09f7d9b3cd0765cb5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 25 Apr 2024 00:54:51 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"6629a9db-2bb"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
e641d20fad3c3b5efcc2dcc3857b6676
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/divi-ajax-filter/scripts/frontend-bundle.min.js?ver=3.1.7.3>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
frontend-bundle.min.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-blog-extras/scripts/ 		35 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-blog-extras/scripts/frontend-bundle.min.js?ver=2.6.5
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
fc28654bf4d567cdbc91b5089345699eb8fff900d723b6dc635631eb0cb26fe5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:48 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"651e190c-8dee"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
ddfff08609651d6b2e77566c967d70f3
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/divi-blog-extras/scripts/frontend-bundle.min.js?ver=2.6.5>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
frontend-bundle.min.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/scripts/ 		733 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/scripts/frontend-bundle.min.js?ver=1.0.0
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
74ca4b4a7f9ee76d71e312306ea01f5d0661796d4caa0a2170058d2a27ed328d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:47 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"651e190b-2dd"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
607a1218088020f9c227a24172f417da
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/divi-event-calendar-module/scripts/frontend-bundle.min.js?ver=1.0.0>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
new-tab.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/page-links-to/dist/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 25 Apr 2024 00:54:57 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"6629a9e1-8687"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
3a3eacfd5c5e4020ba2f5b5bf4ff7057
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
common.js
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/js/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/js/common.js?ver=4.27.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:00 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9c-53f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
0c671cde49213c018cfbb1a533f58f0d
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/themes/Divi/core/admin/js/common.js?ver=4.27.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
script.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-module-code-snippet/features/DBCSCopyToClipboardFeature/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/divi-module-code-snippet/features/DBCSCopyToClipboardFeature/script.js?ver=1.4.4
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
a1fc4d2a1d472a69f0736655a1de5a136b9daad166b23b065c96facb834b3724
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 10 Jun 2024 17:26:29 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66673745-4f8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
69f6f24ec58f6cc24611a1fa23277145
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/divi-module-code-snippet/features/DBCSCopyToClipboardFeature/script.js?ver=1.4.4>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
mediaelement-and-player.min.js
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 		154 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
b15c3ea03d50c2430490e7416733a254feea4237bb60b54181bd3473ebe4149f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1081
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 29 Sep 2022 14:21:11 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"6335a9d7-26935"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
367c84f26d2f6940352c4ca2a6ee3911
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
mediaelement-migrate.min.js
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Apr 2022 20:07:18 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"625095f6-4a7"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
2d640122de6130f5136b1a0a3d039237
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.6.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
wp-mediaelement.min.js
p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
79cb399203843f65199bec32bc4abac5dfd20f141d3e4ec1424bf00c7108fa45
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1082
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 07 Feb 2023 16:00:42 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"63e275aa-453"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
72838c5fc9124cc5314f6559f34ca832
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.6.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
frontend.min.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/AdvancedTabs/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/AdvancedTabs/frontend.min.js?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
4e6745b6cf7915176dc87b6f02870c8d3bbb946adf48ef5ee636b46fd5c54f07
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1081
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:43 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc7-b03"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
7024e2f60a6a5187a64253ac1714bb2a
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/AdvancedTabs/frontend.min.js?ver=4.9.97.18>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
jquery.magnific-popup.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/ 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/jquery.magnific-popup.js?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
00bd70a9e2b51ce68971a89a29d07b1e06e49a5d1e71c6a44d1a7ccb41828095
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/26/2024 11:31:36
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:43 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc7-5251"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
e445a3771dab2364351e04b5caaff87e
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/js/jquery.magnific-popup.js?ver=4.9.97.18>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
swiper-bundle.min.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/ 		142 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/swiper-bundle.min.js?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
568c3ba372e075ecceb821409f5d45be311c896c3c784910eb5f2f20e5c90670
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:43 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc7-239c1"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
19cede807243e203b91f2127b470941e
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/js/swiper-bundle.min.js?ver=4.9.97.18>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
frontend.min.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/BlogCarousel/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/BlogCarousel/frontend.min.js?ver=4.9.97.18
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
a314e4c39a406b80af166f001cb0400257b1301f3f96d7d670e9feadaeae07ef
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1080
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:43 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fc7-a85"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
9c0ff7650f8dec94b69c2f21f6fec616
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/BlogCarousel/frontend.min.js?ver=4.9.97.18>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
moment.min.js
cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/ 		57 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
081737985335af4be15fc676ed4ccc0703c7446c6b5cbc9317e40bcdc6428e5d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
370139
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
16837
last-modified
Wed, 06 Jul 2022 23:03:56 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62c614dc-41c5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1UNkklJhwcbT5H%2BTd%2Bd9%2BD83w9FE7LyblBEyjIDLNTu9Qg8ni5xGYX9twXmBsIUTPVi8zTM3GRHYaXwNU6resBdU8eliQMqUnfrvkwOs4lX%2F9IydIBYOyBxRjWb17uEteTS%2BSbQD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8b9888a6cd03bbc7-FRA
expires
Sun, 17 Aug 2025 02:11:56 GMT
daterangepicker.min.js
cdn.jsdelivr.net/npm/daterangepicker/ 		32 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.min.js?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
837f3f510b4be76f36c097ca94f9efe87c0a0581daf5e8b2bf980d9f3788bc37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 27 Aug 2024 02:11:56 GMT
x-content-type-options
nosniff
content-encoding
br
age
33682
x-jsd-version
3.1.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
7242
x-served-by
cache-fra-eddf8230147-FRA, cache-cph2320033-CPH
x-jsd-version-type
version
etag
W/"8092-XxjDQopdrufpJf5BZ3ADy4siD68"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
jquery-ui.js
code.jquery.com/ui/1.13.2/ 		517 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/ui/1.13.2/jquery-ui.js?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c4b0fb9e123ad9f72c1192b6feff0bb0171be251bb76050b92e5e85c1fe3f757

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
4121969
x-cache
HIT, HIT
content-length
126267
x-served-by
cache-lga21926-LGA, cache-cph2320034-CPH
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1724724717.654229,VS0,VE0
etag
W/"28feccc0-81307"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
45, 27287
loadFilter.js
cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/ 		44 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/loadFilter.js?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b0a9a22da3f67f5e35770bedef0e2ec034eddd871243a6b80d09b285372d1863
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 27 Aug 2024 02:11:56 GMT
x-content-type-options
nosniff
content-encoding
br
age
3471
x-jsd-version
2.7.6
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
6186
x-served-by
cache-fra-etou8220127-FRA, cache-cph2320033-CPH
x-jsd-version-type
branch
etag
W/"b08f-hyuFhPhDAFE5gn7UWPXhS1S5p0w"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
loadmore.js
cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/EventFeed/ 		31 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/EventFeed/loadmore.js?ver=6.6.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0907683649854f8c34c1c89b06ac8256e5414e1c2db6019fa0c0f347e9e240e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 27 Aug 2024 02:11:56 GMT
x-content-type-options
nosniff
content-encoding
br
age
2873
x-jsd-version
2.7.6
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
4509
x-served-by
cache-fra-etou8220098-FRA, cache-cph2320033-CPH
x-jsd-version-type
branch
etag
W/"7b9e-g8xMzqvVKM5J7uC4u0KIn/Wvuw4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
frontend-bundle.min.js
p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-mega-menu/scripts/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/plugins/supreme-mega-menu/scripts/frontend-bundle.min.js?ver=1.0.0
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
6c742dbd1b71338da108a257be31d23bdde0a67b20440548db9ea70660bc7430
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:47 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6fcb-2075"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
0e8fd9cd1b026009c77a8d1da3fa4d0d
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/plugins/supreme-mega-menu/scripts/frontend-bundle.min.js?ver=1.0.0>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
motion-effects.js
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 		154 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.27.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
21299aa0cfccae6adfc1fdc2d6dfd6895c47f6f8b714b2683df914f9b5b485a3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1081
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:01 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9d-26902"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
c46723b31d89cb4c895fc261ab09ae4c
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.27.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
sticky-elements.js
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 		204 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements.js?ver=4.27.1
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
e133ed1ae38d54fc651a16b69201398f49452e7b207f7a49a3773706f1e17648
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
cdn-edgestorageid
1079
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:13
cdn-pullzone
1682947
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:01 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
W/"66ba6f9d-33098"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
6dd78de7d59e3ccfdc9d485bd290f4c5
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements.js?ver=4.27.1>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
hotjar-5039807.js
static.hotjar.com/c/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-5039807.js?sv=6
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-51.fra56.r.cloudfront.net
Software
/
Resource Hash
13ba5d027b16a5595c2291203107da56b3ec24f49f3cfa044a8eb02564e3b8e8
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Tue, 27 Aug 2024 02:11:31 GMT
via
1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
25
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/cedad0fd655cf21dc6c34f3f22bbf27d
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
KkLW1NGQQSZCqfPrs7m1x44kF4rSHWhvhsvC_iEiuZQUQCl4Qz50iA==
gtm.js
www.googletagmanager.com/ 		287 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
beb3f3e9322fafd70f7662b0b2a67af8cabe1ba8bc2669b9ea00cb50b7fc322f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100435
x-xss-protection
0
last-modified
Tue, 27 Aug 2024 00:34:25 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 27 Aug 2024 02:11:56 GMT
et-divi-dynamic-tb-260934-tb-4381-261711-late.css
www.horizon3.ai/wp-content/et-cache/261711/ 		201 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.horizon3.ai/wp-content/et-cache/261711/et-divi-dynamic-tb-260934-tb-4381-261711-late.css
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.197.16.226 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
226.16.197.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
144285e8182c3c3f25bf4992fbd3bf2e790369b48ad7e65cde3d9a2f9937ad2f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 26 Aug 2024 19:49:30 GMT
server
nginx
etag
W/"66ccdc4a-32497"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
modules.8da33a8f469c3b5ffcec.js
script.hotjar.com/ 		223 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-5039807.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-92.fra60.r.cloudfront.net
Software
/
Resource Hash
76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 30 Jul 2024 14:23:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 4770dda4e92393e930d8a34dcbb04db2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
2375330
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56385
last-modified
Tue, 30 Jul 2024 14:22:40 GMT
etag
"0728625a147ca79276a1790b9cf3175d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
uZK-nRBCsuxnfV3P5VvQ8bdV0p0PmDI0OQZ8ZikALs05xQCqFjQ4-g==
js
www.googletagmanager.com/gtag/ 		336 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cf6a64d01500d63aae030d32aaf499bfbde7d380d5ce84fde78a766cb5154c2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109161
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 27 Aug 2024 02:11:56 GMT
destination
www.googletagmanager.com/gtag/ 		268 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-10792903506&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
00a63af1618c92ef8693bd5eae4543bab822b77de19e87381b2df01f59f0a96b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94094
x-xss-protection
0
last-modified
Tue, 27 Aug 2024 00:34:25 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 27 Aug 2024 02:11:56 GMT
pixel.js
www.redditstatic.com/ads/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 20 Jun 2024 19:23:03 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
12116
pd.js
pi.pardot.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/pd.js
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
/
Resource Hash
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 27 Aug 2024 02:11:57 GMT
content-encoding
gzip
X-Pardot-Route
16b0ab393667a33fe86adedc3141e88c
last-modified
Mon, 26 Aug 2024 16:12:06 GMT
etag
"15f4-gzip"
vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
cache-control
max-age=63072000
Connection
keep-alive
accept-ranges
bytes
Content-Length
1988
expires
Thu, 27 Aug 2026 02:11:57 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 22 Aug 2024 10:43:55 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=54566
accept-ranges
bytes
content-length
14628
PLwGhTJP
io.clickguard.com/s/cHJvdGVjdG9y/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://io.clickguard.com/s/cHJvdGVjdG9y/PLwGhTJP
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
1181e1f99ee5bff570dff0f6ef45e5720b96da32d74d0e5c9f2b6a88f45d6591

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 27 Aug 2024 02:11:57 GMT
via
1.1 google
Content-Encoding
br
CF-Cache-Status
DYNAMIC
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
x-powered-by
Express
etag
W/"1eaf-mmFX+B52Jj2qLyNMp3jEDOi71og"
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ho2uLr5pZcctwuyY8cD8FgoqgloZIZ3wgLLsntrWXqcUzrtKRqHn0aYl3ujPrmLgOsnm%2B3hs7wn49R92lJ6pOLHrkrotwhG0g0NZoy9DpnukOGwuHKkQ4ci8G%2BUEa86lhj%2BHdzR9ziQKasMidrfJ"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript; charset=utf-8
access-control-allow-origin
*
Connection
keep-alive
CF-RAY
8b9888a8eeb9d29a-FRA
dreamdata.min.js
cdn.dreamdata.cloud/scripts/analytics/v1/ 		127 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dreamdata.cloud/scripts/analytics/v1/dreamdata.min.js
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.220.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
80.220.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
8e78bcb85c5e969c9fbd74ade48ae59d1e8c94bc928b61947bab57c5f8576a54
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;includeSubdomains

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 01:54:50 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000;includeSubdomains
age
1026
x-guploader-uploadid
AHxI1nMKe2szJpzBZ94PM1vqMGnuJB22CijpNjO4tBckpNmnjZmE_pbh8FhrbBtfqMOQCo_7PQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39064
referrer-policy
origin
last-modified
Tue, 19 Dec 2023 15:12:09 GMT
server
UploadServer
etag
"5a0c242829201a80f498d4959d83ebfc"
vary
Accept-Encoding
x-goog-generation
1702998729480704
x-goog-hash
crc32c=9JeVgg==, md5=WgwkKCkgGoD0mNSVnYPr/A==
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public,max-age=1800
x-goog-stored-content-length
39064
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
expires
Tue, 27 Aug 2024 02:24:50 GMT
identify-form.min.js
cdn.dreamdata.cloud/scripts/identify-form/v1/ 		20 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dreamdata.cloud/scripts/identify-form/v1/identify-form.min.js
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.220.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
80.220.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
66c5889779331f1942f8bf56933acbab2f3c264c7e77f367795a8cb04506e9ff
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;includeSubdomains

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 01:56:31 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000;includeSubdomains
age
925
x-guploader-uploadid
AHxI1nPWURTkm7m6zeCz0_NR7lJJGCJBeN_r5Z23XlvIRq2uzriojerQNf01sTFQksnWZPISa8Nxxwm9
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4325
referrer-policy
origin
last-modified
Fri, 12 Apr 2024 10:25:35 GMT
server
UploadServer
etag
"8a6a5d6c3a6974d0bc37e53710962146"
vary
Accept-Encoding
x-goog-generation
1712917535471168
x-goog-hash
crc32c=5dIwaw==, md5=impdbDppdNC8N+U3EJYhRg==
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=1800
x-goog-stored-content-length
4325
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
expires
Tue, 27 Aug 2024 02:26:31 GMT
Red-Team-Blog-BG.jpg
p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/ 		51 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2022/10/Red-Team-Blog-BG.jpg
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
6555189a58cede3f19c2269dfa21e1e86734f122f0e190bfaaee35895dcbd9fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
cdn-pullzone
1682947
content-length
52684
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:33 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"651e18fd-cdcc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
635a1fef1aed819f8072cec3aa4976bb
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2022/10/Red-Team-Blog-BG.jpg>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUU1.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8189eb6330e9f0b62e4fe2be8bbad8129ebf1db97e390c2386e0b5a2880aa403
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 14:12:33 GMT
x-content-type-options
nosniff
age
561564
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25500
x-xss-protection
0
last-modified
Thu, 29 Jun 2023 16:13:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Aug 2025 14:12:33 GMT
modules.woff
www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/social/ 		10 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/social/modules.woff
Requested by
Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/261711/et-divi-dynamic-tb-260934-tb-4381-261711-late.css?ver=1724701770
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.197.16.226 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
226.16.197.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
b4d9b5f545245d9781d491989a77089f380de3a58898ea70116cc59f61257e92
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/261711/et-divi-dynamic-tb-260934-tb-4381-261711-late.css?ver=1724701770
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
10320
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:00 GMT
server
nginx
etag
"66ba6f9c-2850"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
fa-solid-900.woff2
www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 		78 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-solid-900.woff2
Requested by
Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/261711/et-divi-dynamic-tb-260934-tb-4381-261711-late.css?ver=1724701770
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.197.16.226 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
226.16.197.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://p7i3u3x3.rocketcdn.me/wp-content/et-cache/261711/et-divi-dynamic-tb-260934-tb-4381-261711-late.css?ver=1724701770
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:56 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
80300
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 12 Aug 2024 20:25:00 GMT
server
nginx
etag
"66ba6f9c-139ac"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
46ed19e2d021296a35c1632b877c5fff1aa3c3eaec27d49d892e94545b792b43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 07:18:59 GMT
x-content-type-options
nosniff
age
67978
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25656
x-xss-protection
0
last-modified
Thu, 29 Jun 2023 16:17:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 26 Aug 2025 07:18:59 GMT
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fbf0d9704506b1ad0def13dc96bf24602d807afe597a754ae59fe1d2c0efcec4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 13:59:38 GMT
x-content-type-options
nosniff
age
562339
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25320
x-xss-protection
0
last-modified
Thu, 29 Jun 2023 16:18:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Aug 2025 13:59:38 GMT
iJWbBXyIfDnIV7nEt3KSJbVDV49rz8u6FHU5f4I.woff2
fonts.gstatic.com/s/rubik/v28/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v28/iJWbBXyIfDnIV7nEt3KSJbVDV49rz8u6FHU5f4I.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cecb655a326dfdeac7142da643de8728b0f9dfaa527cef7028dd1de0ed6350a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 15:59:43 GMT
x-content-type-options
nosniff
age
555134
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26276
x-xss-protection
0
last-modified
Thu, 29 Jun 2023 16:36:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Aug 2025 15:59:43 GMT
S6uyw4BMUTPHjxAwXg.woff2
fonts.gstatic.com/s/lato/v24/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXg.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
386a206aade080bb0045005cfdbb660430ed46d652039eef6bc299d54d7c43ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 14:13:02 GMT
x-content-type-options
nosniff
age
561535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25284
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Aug 2025 14:13:02 GMT
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-WYiFWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-WYiFWUU1.woff2
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b305496a376155dbf4b51c26fc3d4ebca6083945fc20aa60c47817836f86366
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 07:24:47 GMT
x-content-type-options
nosniff
age
67630
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23316
x-xss-protection
0
last-modified
Thu, 29 Jun 2023 16:13:32 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 26 Aug 2025 07:24:47 GMT
/
content.hotjar.io/ 		56 B
171 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.hotjar.io/?site_id=5039807&gzip=1
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.200.100.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-100-171.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
71602734cf3bfd868f66909028b71bad7747c2f139e1accedf3755eae689d7eb

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 27 Aug 2024 02:11:57 GMT
content-length
56
access-control-max-age
86400
content-type
application/json
modules.woff
p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/modules/all/ 		90 KB
91 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
fe67b77ac7e0ef4b482dafb86adfa403db1b89a2f337d2dc8bd1278cfe975196
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
cdn-pullzone
1682947
referrer-policy
no-referrer-when-downgrade
cdn-proxyver
1.04
etag
"66ba6f9c-167b4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
link
<https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff>; rel="canonical"
date
Tue, 27 Aug 2024 02:11:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cdn-edgestorageid
1079
x-powered-by
RocketCDN - b
cdn-cachedat
08/19/2024 16:06:14
content-length
92084
x-xss-protection
"1; mode=block"
last-modified
Mon, 12 Aug 2024 20:25:00 GMT
server
BunnyCDN-DE1-1082
cdn-requestpullcode
200
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
35121e3f0c26f9f60ad97e5c450c2845
accept-ranges
bytes
cdn-status
200
cdn-requestpullsuccess
True
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUz.woff
fonts.gstatic.com/s/rubik/v28/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUz.woff
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d1b0d7af8eb5e8dafc681f282db58efb53d808ac1701694fe3420992ed58d72
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 14:42:11 GMT
x-content-type-options
nosniff
age
559786
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32848
x-xss-protection
0
last-modified
Thu, 29 Jun 2023 16:13:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Aug 2025 14:42:11 GMT
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-V462VSRXXS&gtm=45je48q0v889089095z8852319646za200zb852319646&_p=1724724716535&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1956040301.1724724717&ecid=1720517029&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1724724717&sct=1&seg=0&dl=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-applications%2F&dt=NTLM%20Credential%20Theft%20in%20Python%20Windows%20Applications%20%E2%80%93%20Horizon3.ai&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1805
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 02:11:57 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.horizon3.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-V462VSRXXS&cid=1956040301.1724724717&gtm=45je48q0v889089095z8852319646za200zb852319646&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 02:11:57 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.horizon3.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V462VSRXXS&cid=1956040301.1724724717&gtm=45je48q0v889089095z8852319646za200zb852319646&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=417431829
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Aug 2024 02:11:57 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUw.ttf
fonts.gstatic.com/s/rubik/v28/ 		68 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUw.ttf
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f3.1e100.net
Software
sffe /
Resource Hash
977b03a17e6c623ab63583f72b1639b1ad6aef1ae044993c66b4c8328e571272
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.horizon3.ai/
Origin
https://www.horizon3.ai
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 26 Aug 2024 07:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
67674
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37076
x-xss-protection
0
last-modified
Thu, 29 Jun 2023 16:13:32 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 26 Aug 2025 07:24:03 GMT
config
pixel-config.reddit.com/pixels/t2_rwb6eefi/ 		3 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel-config.reddit.com/pixels/t2_rwb6eefi/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:57 GMT
content-encoding
gzip
via
1.1 varnish
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
content-length
27
t2_rwb6eefi_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
699 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_rwb6eefi_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:57 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
97
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1724724717248&id=t2_rwb6eefi&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=31dd6204-28b8-4c36-a4ec-17d6b9efad1a&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:57 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
attribution_trigger
px.ads.linkedin.com/ 		2 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=3527860&time=1724724717250&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-applications%2F
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
*
Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"4","priority":"0"}],"filters":[{"c":["329294036"]},{"c":["329274336"]},{"c":["329274176"]},{"c":["317013126"]},{"c":["298019076"]}],"debug_key":"14543964"}
content-encoding
gzip
date
Tue, 27 Aug 2024 02:11:56 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 92D59AF3613043E896033368DAA65073 Ref B: DUS30EDGE0313 Ref C: 2024-08-27T02:11:57Z
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYgoMQd7H0TpJta1DNSlA==
x-fs-uuid
000620a0c41dec7d13a49b5ad4335294
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1724724717250&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-application...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1724724717250&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-applicatio...
0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1724724717250&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-applications%2F&e_ipv6=AQKD7Cfi2GdUEwAAAZGRmqdstaIUZwlIlFqgC1YPDUsnFRuHD41amF8UwzUEnnpgkMCDcJs
Requested by
Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:57 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 40D78B4F873F42FEA280F0D2CCD66D7F Ref B: FRAEDGE1905 Ref C: 2024-08-27T02:11:57Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYgoMQhaB531VXoKPon6A==

Redirect headers

date
Tue, 27 Aug 2024 02:11:56 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 008EAC31BB05455C960E6FF508CA3671 Ref B: FRAEDGE1122 Ref C: 2024-08-27T02:11:57Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1724724717250&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-applications%2F&e_ipv6=AQKD7Cfi2GdUEwAAAZGRmqdstaIUZwlIlFqgC1YPDUsnFRuHD41amF8UwzUEnnpgkMCDcJs
x-li-proto
http/2
content-length
0
x-li-uuid
AAYgoMQd6XB2AJR5AWOqhg==
p
cdn.dreamdata.cloud/api/v1/ 		16 B
33 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.dreamdata.cloud/api/v1/p
Requested by
Host: cdn.dreamdata.cloud
URL: https://cdn.dreamdata.cloud/scripts/analytics/v1/dreamdata.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.220.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
80.220.120.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;includeSubdomains

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 27 Aug 2024 02:11:57 GMT
via
1.1 google
referrer-policy
nosniff
strict-transport-security
max-age=63072000;includeSubdomains
server
Google Frontend
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
4f9a0fe14381746f7b668beba3bc7d2a
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
analytics
pi.pardot.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17120&account_id=972073&title=NTLM%20Credential%20Theft%20in%20Python%20Windows%20Applications%20%E2%80%93%20Horizon3.ai&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-applications%2F&referrer=
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-96-194.compute-1.amazonaws.com
Software
/
Resource Hash
cc52914560b642e84948aa72028c08b52e76d8158aecffaffcc3926a9f7336bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
Date
Tue, 27 Aug 2024 02:11:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Pardot-Route
9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp
0/0/1
vary
Accept-Encoding,User-Agent
Content-Type
text/javascript; charset=utf-8
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
533
expires
Thu, 19 Nov 1981 08:52:00 GMT
PLwGhTJP
pulse.clickguard.com/r/cHJvdGVjdG9y/ 		0
598 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pulse.clickguard.com/r/cHJvdGVjdG9y/PLwGhTJP
Requested by
Host: io.clickguard.com
URL: https://io.clickguard.com/s/cHJvdGVjdG9y/PLwGhTJP
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Date
Tue, 27 Aug 2024 02:11:57 GMT
via
1.1 google
CF-Cache-Status
DYNAMIC
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
x-powered-by
Express
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GAq31rQ5XQPVRh8ihZqKD09TKDNSUzTGvN0%2BwPe%2BI54IN9sLhJkTx2WxfinGKWMPtTymh4JLk9KE%2Fwr2AJPYRXo5%2FduTdRAZpShL9dZaj%2BTjnsxaodJ8PE9GJ8YfApqKMGmpJE%2BqZMp%2BUKinhMzBFn3V"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
Connection
keep-alive
CF-RAY
8b9888acc9cd18d1-FRA
Content-Length
0
PLwGhTJP
pulse.clickguard.com/r/cHJvdGVjdG9y/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pulse.clickguard.com/r/cHJvdGVjdG9y/PLwGhTJP
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.horizon3.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
8b9888abc95218d1-FRA
Connection
keep-alive
Content-Length
0
Date
Tue, 27 Aug 2024 02:11:57 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ipGajQNfvGVopNY0w3qu%2FTAOjPsEbaYJLymssnybtIiiC%2FlkZGo0I%2F1vViiuCkxwg3nTiSaVYLTUd%2FhjDrXoK%2B5ia3uOM%2F%2BfbARtUr78I6bZ%2F40Mzdr4QQUCuj7XG6B9ci1BuYfofAccF1kSbkiex9HW"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
vary
Access-Control-Request-Headers
via
1.1 google
x-powered-by
Express
/
px.ads.linkedin.com/wa/ 		0
194 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 27 Aug 2024 02:11:57 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: AC8DB1A661A7437BB61102AAF1864E47 Ref B: FRAEDGE1122 Ref C: 2024-08-27T02:11:57Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
access-control-allow-origin
https://www.horizon3.ai
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYgoMQkDduwqPZhAVVIWw==
analytics
go.horizon3.ai/ 		50 B
1020 B 		Script
General
Check archive.org
Download Go to
Full URL
https://go.horizon3.ai/analytics?conly=true&visitor_id=132793942&visitor_id_sign=ace4115f4b602cb1d0ea61d0e2bf42856f4dcaec3d5a1ed8eece67392fb2325282c98ca5a8326b379c14bd2c9ee8e112b97ebb09&pi_opt_in=&campaign_id=17120&account_id=972073&title=NTLM%20Credential%20Theft%20in%20Python%20Windows%20Applications%20%E2%80%93%20Horizon3.ai&url=https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/&referrer=
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17120&account_id=972073&title=NTLM%20Credential%20Theft%20in%20Python%20Windows%20Applications%20%E2%80%93%20Horizon3.ai&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fdisclosures%2Fntlm-credential-theft-in-python-windows-applications%2F&referrer=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.208.125.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-208-125-13.compute-1.amazonaws.com
Software
/
Resource Hash
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
Date
Tue, 27 Aug 2024 02:11:58 GMT
X-Pardot-Route
9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp
0/0/1
vary
User-Agent
Content-Type
text/javascript; charset=utf-8
p3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
50
expires
Thu, 19 Nov 1981 08:52:00 GMT
admin-ajax.php
www.horizon3.ai/wp-admin/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.horizon3.ai/wp-admin/admin-ajax.php
Requested by
Host: p7i3u3x3.rocketcdn.me
URL: https://p7i3u3x3.rocketcdn.me/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.197.16.226 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
226.16.197.104.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
6681ca2e0bf53cdbbd6de26b654f10c5b62386709bcbd14056f19165fa273502
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Accept
*/*
Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 27 Aug 2024 02:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
WP Engine
content-length
884
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.horizon3.ai
cache-control
no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
x-robots-tag
noindex
expires
Wed, 11 Jan 1984 05:00:00 GMT
cropped-favicon-32x32.png
p7i3u3x3.rocketcdn.me/wp-content/uploads/2021/06/ 		2 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2021/06/cropped-favicon-32x32.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 / RocketCDN - b
Resource Hash
f80d87f46f45bb648d45a1de343befaf9eefa5604cdde3f5a53d95d3d6a900f9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Request headers

Referer
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 02:11:58 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-edgestorageid
1080
x-powered-by
RocketCDN - b
cdn-cachedat
08/25/2024 18:24:29
cdn-pullzone
1682947
content-length
1932
x-xss-protection
"1; mode=block"
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 05 Oct 2023 02:01:40 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"651e1904-78c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
9c62a85e-aade-42a0-9ab7-0e0ad624743f
cache-control
public, max-age=31919000
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
cdn-requestid
07885587ab5ec9aa7489960aa1378119
accept-ranges
bytes
cdn-requestcountrycode
DE
link
<https://www.horizon3.ai/wp-content/uploads/2021/06/cropped-favicon-32x32.png>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True

Verdicts & Comments Add Verdict or Comment

174 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERENCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE object| loadmore_ajax_object function| hj object| _hjSettings object| elm object| dataLayer function| sixteenNine object| et_animation_data object| tribe_l10n_datatables function| getParam function| getExpiryRecord function| addGclid object| hjSiteSettings object| hjLazyModules function| hjBootstrap object| hjBootstrapCalled function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| DIVI object| et_builder_utils_params object| et_frontend_scripts object| et_pb_custom object| et_pb_box_shadow_elements function| Waypoint function| et_pb_debounce function| et_pb_smooth_scroll function| et_pb_form_placeholders_init function| et_duplicate_menu function| et_pb_remove_placeholder_text function| et_fix_fullscreen_section function| et_bar_counters_init function| et_fix_pricing_currency_position function| et_pb_set_responsive_grid function| et_pb_set_tabs_height function| et_pb_box_shadow_apply_overlay function| et_pb_init_nav_menu function| et_pb_toggle_nav_menu function| et_pb_apply_sticky_image_effect function| et_pb_menu_inject_inline_centered_logo function| et_pb_menu_inject_item function| et_pb_reposition_menu_module_dropdowns boolean| et_load_event_fired function| et_pb_init_woo_star_rating function| et_pb_wrap_woo_attribute_fields_in_span function| et_calculate_fullscreen_section_size function| et_pb_init_modules function| etFixDividerSpacing function| etInitWooReviewsRatingStars object| salvattore object| DiviBlogExtrasFrontendData object| addComment object| mejsL10n object| mejs function| MediaElement object| HtmlMediaElement function| onYouTubePlayerAPIReady function| DefaultPlayer function| MediaElementPlayer object| _wpmejsSettings object| wp function| Swiper function| moment function| daterangepicker object| google_tag_manager object| google_tag_data function| rdt string| piAId string| piCId string| piHostname string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk string| iframeSelector string| gaEventName object| analytics object| __DD_TEMP_ANALYTICS__ object| script function| updateUrlWithUid object| eventFeeddecm_event_display_0_tb_header object| et_pb_motion_elements object| et_pb_sticky_elements object| ET_Builder object| ET_FE object| ET_FB function| et_calculate_header_values function| et_change_primary_nav_position function| et_fix_page_container_position function| et_pb_window_side_nav_scroll_init function| et_pb_side_nav_page_init string| currentText string| categoryCookie object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| srcReplaceableElms function| et_pb_slider_init function| et_pb_image_lightbox_init function| et_countdown_timer function| et_countdown_timer_labels function| et_pb_tabs_init function| et_pb_circle_counter_init function| et_pb_reinit_circle_counters function| et_pb_circle_counter_update function| et_pb_reinit_number_counters function| et_apply_parallax function| et_parallax_set_height function| et_apply_builder_css_parallax function| et_pb_play_overlayed_video function| et_pb_resize_section_video_bg function| et_pb_center_video function| et_pb_adjust_video_margin function| et_fix_slider_height function| et_pb_submit_newsletter function| et_fix_testimonial_inner_width function| et_pb_video_background_init function| et_animate_element function| et_process_animation_data function| et_has_animation_data function| et_get_animation_classes function| et_remove_animation function| et_remove_animation_data function| et_reinit_waypoint_modules function| et_calc_fullscreen_section function| debounced_et_apply_builder_css_parallax function| et_pb_parallax_init function| et_pb_fullwidth_header_scroll function| et_pb_search_init function| et_pb_search_percentage_custom_margin_fix function| et_pb_comments_init function| et_pb_shop_add_hover_class function| onYouTubeIframeAPIReady object| gaGlobal function| autoIdentify function| redditNormalizeEmail boolean| _already_called_lintrk object| _0xf102 function| _0x20fb object| CG function| _cg_convert function| cg_convert object| JSON3 function| setImmediate function| clearImmediate string| Integration function| normalize function| checkNamespace function| getPardotUrl function| piTracker function| piGetParameter function| piGetCookie function| piSetCookie string| piVersion number| piScriptNum object| piScriptObj object| pi number| c_start string| property object| ORIBILI function| piResponse function| et_pb_init_woo_custom_button_icon string| waypointContextKey

25 Cookies

Domain/Path Name / Value
.horizon3.ai/ Name: _gcl_au
Value: 1.1.1949250838.1724724717
www.horizon3.ai/ Name: cookielawinfo-checkbox-necessary
Value: yes
www.horizon3.ai/ Name: cookielawinfo-checkbox-functional
Value: no
www.horizon3.ai/ Name: cookielawinfo-checkbox-performance
Value: no
www.horizon3.ai/ Name: cookielawinfo-checkbox-analytics
Value: no
www.horizon3.ai/ Name: cookielawinfo-checkbox-advertisement
Value: no
www.horizon3.ai/ Name: cookielawinfo-checkbox-others
Value: no
.horizon3.ai/ Name: _hjSessionUser_5039807
Value: eyJpZCI6IjMxYzI4YTcxLTYwNTQtNWUxOC1iMTA4LThkNmM3MzJhYWZkZiIsImNyZWF0ZWQiOjE3MjQ3MjQ3MTcwMDAsImV4aXN0aW5nIjp0cnVlfQ==
.horizon3.ai/ Name: _hjSession_5039807
Value: eyJpZCI6IjRhNmZhZmY0LTVlNmItNDY1Zi04YjE0LWNjZDdmZGRlNDQ5ZSIsImMiOjE3MjQ3MjQ3MTcwMDEsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.horizon3.ai/ Name: _ga_V462VSRXXS
Value: GS1.1.1724724717.1.0.1724724717.60.0.1720517029
.horizon3.ai/ Name: _ga
Value: GA1.1.1956040301.1724724717
.horizon3.ai/ Name: _rdt_uuid
Value: 1724724717247.31dd6204-28b8-4c36-a4ec-17d6b9efad1a
.horizon3.ai/ Name: ajs_user_id
Value: null
.horizon3.ai/ Name: ajs_group_id
Value: null
.horizon3.ai/ Name: ajs_anonymous_id
Value: %22d33f55b8-4ecd-4fd0-8f3d-668ecf45f788%22
.linkedin.com/ Name: bcookie
Value: "v=2&9ecb2418-f623-4287-886d-fdd800f3e756"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MjQ3MjQ3MTc7MjswMjE0Ta23npcQlGho1Qfh7Gl4h3FBfCfFc13dYTAY2kMk5Q==
.linkedin.com/ Name: lidc
Value: "b=VGST02:s=V:r=V:a=V:p=V:g=3316:u=1:x=1:i=1724724717:t=1724811117:v=2:sig=AQHdn0XIW-SvTU3CsJjATPlCJqZcXMmv"
.pardot.com/ Name: visitor_id971073
Value: 132793942
.pardot.com/ Name: visitor_id971073-hash
Value: ace4115f4b602cb1d0ea61d0e2bf42856f4dcaec3d5a1ed8eece67392fb2325282c98ca5a8326b379c14bd2c9ee8e112b97ebb09
pi.pardot.com/ Name: lpv971073
Value: aHR0cHM6Ly93d3cuaG9yaXpvbjMuYWkvYXR0YWNrLXJlc2VhcmNoL2Rpc2Nsb3N1cmVzL250bG0tY3JlZGVudGlhbC10aGVmdC1pbi1weXRob24td2luZG93cy1hcHBsaWNhdGlvbnMv
www.horizon3.ai/ Name: visitor_id971073
Value: 132793942
www.horizon3.ai/ Name: visitor_id971073-hash
Value: ace4115f4b602cb1d0ea61d0e2bf42856f4dcaec3d5a1ed8eece67392fb2325282c98ca5a8326b379c14bd2c9ee8e112b97ebb09
go.horizon3.ai/ Name: visitor_id971073
Value: 132793942
go.horizon3.ai/ Name: visitor_id971073-hash
Value: ace4115f4b602cb1d0ea61d0e2bf42856f4dcaec3d5a1ed8eece67392fb2325282c98ca5a8326b379c14bd2c9ee8e112b97ebb09

13 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'wake-lock'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection "1; mode=block"

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
cdn.dreamdata.cloud
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
content.hotjar.io
fonts.gstatic.com
go.horizon3.ai
io.clickguard.com
p7i3u3x3.rocketcdn.me
pi.pardot.com
pixel-config.reddit.com
pulse.clickguard.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
www.google.de
www.googletagmanager.com
www.horizon3.ai
www.redditstatic.com
104.17.25.14
104.197.16.226
13.107.42.14
13.33.187.92
142.250.186.131
142.250.186.67
151.101.1.140
18.200.100.171
18.208.125.13
18.66.102.51
2001:4860:4802:32::36
2400:52e0:1e00::1082:1
2606:4700:20::681a:d98
2620:1ec:21::14
2a00:1450:4001:82a::2003
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9a
2a02:26f0:3500:10::210:a9a
2a04:4e42:200::649
2a04:4e42:400::396
2a04:4e42:600::485
34.120.220.80
52.54.96.194
009e58f3632270c3fa8d127a9e132807a0920ac00512a2a0c5f3e8d5d728d373
00a63af1618c92ef8693bd5eae4543bab822b77de19e87381b2df01f59f0a96b
00bd70a9e2b51ce68971a89a29d07b1e06e49a5d1e71c6a44d1a7ccb41828095
019382547726f05d5843ecf260acb807b8139aa7bc23929cfca779071b9d33b3
047cdde8519c12707a1d606c3bc13b5559c2177856e989b09b4e82394167b8a7
05c86a01cec19a9f9931163c42515adaab424be687667ef09f7d9b3cd0765cb5
068ed18bb865f538b5ab17721cb8de93fdec8596adc91a5db1338b8b9257d0bb
081737985335af4be15fc676ed4ccc0703c7446c6b5cbc9317e40bcdc6428e5d
0907683649854f8c34c1c89b06ac8256e5414e1c2db6019fa0c0f347e9e240e6
0a47c6e6f24e634cb79f886e70bbfd65e1e85b0d2aa4fc133488fd1bc1910e3e
0abb6b841ec88ed4a6de1540fd8f6cf921147c69a849a617989fab23f53b520c
0b58d82b60be4aa0041234b625c3f8d60899d17b440587da514346c2d2193421
0cf160ad746b95ccc0c503d44cf143c3da9213c0fbd2fcc51b75a2110ed3caa8
0e6b25fadf48535f8dc48ec27f8d600c0f7c00dcb8e6fe9be695ab38a2a50d93
1181e1f99ee5bff570dff0f6ef45e5720b96da32d74d0e5c9f2b6a88f45d6591
13ba5d027b16a5595c2291203107da56b3ec24f49f3cfa044a8eb02564e3b8e8
144285e8182c3c3f25bf4992fbd3bf2e790369b48ad7e65cde3d9a2f9937ad2f
1ae9c3d01cb10398c1b121e311d18defdd4626aff8a46c92a7e8e850e7f78f1d
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
20050434dcb9780b5002cdd869c30e7452bb66859d1b365a2706118183296cf4
2053ab9b2531576c619c6136fab9db876c237e61d6e0deaffe2969e52c5d1f67
21299aa0cfccae6adfc1fdc2d6dfd6895c47f6f8b714b2683df914f9b5b485a3
2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f
255d67153c707d1926f571d5e1c7051911138caf15d1dc4bb6759049221566fa
261b64702c068f37759fd1ae7be99dc9cd31a0fb41af63fb3e87049d786d0a03
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e2f2336b5e6698b628afc75fa9a24c67b73d5872c1d4af99ca436064f636ee0
2f1e0ba0f1a9560f8d67fb010c58f8995fa681625c321e18133ccec0043bce47
385825f3c978e51201237611398c837352a7cf4fc8f4dce0badef3871cad2dd4
386a206aade080bb0045005cfdbb660430ed46d652039eef6bc299d54d7c43ed
3fa3f0c4c099718595c4e25e55810cca92181c72d6233512fb51c2f74fa55cd7
3fecac074476b2081f0fdff03d66d02072029542362e7b6f7265c86c0d29c50b
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace
46ed19e2d021296a35c1632b877c5fff1aa3c3eaec27d49d892e94545b792b43
49084f1226cec1e9ab3be865ea72949549120d67ec95e8576fdf7de366c9f700
4cd89267146fdf6c5d0561b50c47763ac03daaceab42d91a098020bbfbac3b4e
4d1684e8ca54d16b0d619fb2ea385db632162ce778ee3851a3b8b98107ad5bc4
4e6745b6cf7915176dc87b6f02870c8d3bbb946adf48ef5ee636b46fd5c54f07
5117438ab15aa5af0b4c05510e8b4ca3bd01e0c4bcef83d2c1719666a15e18de
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
55a084b5f4c439a2786141108b266370e0e4accc4e72629b2177dc6aa658d6c8
5617c251ed51f42797b789d282460813a798d8402a95cd633d3d8f0e82d44819
568c3ba372e075ecceb821409f5d45be311c896c3c784910eb5f2f20e5c90670
575fbdd62dab0db04e29b382ab31a3531a08e3164ee629b9bccadaaff119639e
5aa24e4ab926693e29ffb0d0ca1557141defd3ca61b3b4e7caebaa2fcd5bf327
5f9f44351d8cb1c857cc8d29a64c97dd4efc0659fc90bd160a42ea0d715ead79
62e9626ff9c1913009fd31444fad54d3bd632b38eb1a3ecc8f7c5e44cacb0b73
6555189a58cede3f19c2269dfa21e1e86734f122f0e190bfaaee35895dcbd9fe
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
6681ca2e0bf53cdbbd6de26b654f10c5b62386709bcbd14056f19165fa273502
66c5889779331f1942f8bf56933acbab2f3c264c7e77f367795a8cb04506e9ff
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
6a9c2f9a2f04b8c724e2719404849d3c62e474a06a9ce48e53e28fe7f3b3476d
6af23fd5d68900400e981906d4bf799efb94d589616b846112f9e2684274c692
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6b7d41c332102f852b87b158d88104d245d78ebab3d66c31433cbdadf85821a2
6bf44386a20716649e91ceff27bb8824fa56b8d63de6e6502f9a0960ab529c83
6c742dbd1b71338da108a257be31d23bdde0a67b20440548db9ea70660bc7430
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
6d56ff0218e7e4f5943c6a757c8c72e295943700dff6351e806a23fe6dedcb56
6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9
70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334
71602734cf3bfd868f66909028b71bad7747c2f139e1accedf3755eae689d7eb
744e2c69f12052b2251ea97566999dfd68e9529558cc6d647f9deef86152f0c4
74ca4b4a7f9ee76d71e312306ea01f5d0661796d4caa0a2170058d2a27ed328d
751a73d9a95700a13e0592a06cfa3680c9a50f8105bcc1332b4ed0b92dc78ca2
76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14
798b31a18cae3f6010e75b292d5efa21b347cb479c319b0b7344e023f1ed022a
79cb399203843f65199bec32bc4abac5dfd20f141d3e4ec1424bf00c7108fa45
7b3bbb76b4d7d09b5ce2d66277b80cca045ce36683988f07aa3bf1c9b50dd9b2
7d1b0d7af8eb5e8dafc681f282db58efb53d808ac1701694fe3420992ed58d72
8189eb6330e9f0b62e4fe2be8bbad8129ebf1db97e390c2386e0b5a2880aa403
8205d888f22bd7c24358689dc83a660090dc55d45f86ee9a4f521e135b56cc25
837f3f510b4be76f36c097ca94f9efe87c0a0581daf5e8b2bf980d9f3788bc37
85375eab1610513e2743d5ecc157320b210104dbb86b3daa5a174e0ae90c0dae
87789cac932501433e45db47c3f5b77c9f6b51462c60c760df9a410a0eed6102
885c89e82436cfa3d0a0a5a9b2f6be6e1503457c810cc88ed2c09b4570ae9fd6
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8bbc0a7737643dd7c2344ba961592632153cb5353c92c5127339627e14b09143
8e78bcb85c5e969c9fbd74ade48ae59d1e8c94bc928b61947bab57c5f8576a54
94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7
973fc6f69c1055c268ed6677534dfe0fadad018e45f6b4e149886747657b21ab
977b03a17e6c623ab63583f72b1639b1ad6aef1ae044993c66b4c8328e571272
9b305496a376155dbf4b51c26fc3d4ebca6083945fc20aa60c47817836f86366
a1fc4d2a1d472a69f0736655a1de5a136b9daad166b23b065c96facb834b3724
a314e4c39a406b80af166f001cb0400257b1301f3f96d7d670e9feadaeae07ef
b0a9a22da3f67f5e35770bedef0e2ec034eddd871243a6b80d09b285372d1863
b15c3ea03d50c2430490e7416733a254feea4237bb60b54181bd3473ebe4149f
b4d9b5f545245d9781d491989a77089f380de3a58898ea70116cc59f61257e92
b6205029e1016596807b655c8f57818736a787e32ceb1407effa152ac3bb9380
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
beb3f3e9322fafd70f7662b0b2a67af8cabe1ba8bc2669b9ea00cb50b7fc322f
c1b94e225b989e86f8b6c589c0778c17ec25d2465f33fd10dc7e2e45f060fa6c
c4b0fb9e123ad9f72c1192b6feff0bb0171be251bb76050b92e5e85c1fe3f757
c6d0d78d73c8618c4c22287fb022469bfc689b5eb6f58523b49c0ecf4c306e2f
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cc52914560b642e84948aa72028c08b52e76d8158aecffaffcc3926a9f7336bf
cecb655a326dfdeac7142da643de8728b0f9dfaa527cef7028dd1de0ed6350a3
cf6a64d01500d63aae030d32aaf499bfbde7d380d5ce84fde78a766cb5154c2f
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
de13fe4b277a77edcc2b73467600c5774eb3ac001eb2a58dad77f6b541c697d9
e133ed1ae38d54fc651a16b69201398f49452e7b207f7a49a3773706f1e17648
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e18fe1d33ada37ef55fff1480facdb68824cc4264dd43221382ad8632669e43b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f80d87f46f45bb648d45a1de343befaf9eefa5604cdde3f5a53d95d3d6a900f9
fab005de52ce54d75f373c5a020e7ddd194caea5b4bf6e87886196e5d4451adc
fb1a032a26a7cd756dd27469dd9df96abe5219d0c32fc15ca5a79e812271630e
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
fbf0d9704506b1ad0def13dc96bf24602d807afe597a754ae59fe1d2c0efcec4
fc28654bf4d567cdbc91b5089345699eb8fff900d723b6dc635631eb0cb26fe5
fe676b7de732436eef5cc928e6ce2a5a87d51b34155753d343f88746c4bfb891
fe67b77ac7e0ef4b482dafb86adfa403db1b89a2f337d2dc8bd1278cfe975196
ff51b64e16143b44883d0ef4b29f007fc9db52dc3404fa360d282feee885e096