www.horizon3.ai Open in urlscan Pro
104.197.16.226 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Submission: On December 05 via api (December 5th 2024, 11:31:06 am UTC) from IN — Scanned from CA

Summary HTTP 171 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 38 IPs in 3 countries across 27 domains to perform 171 HTTP transactions. The main IP is 104.197.16.226, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.horizon3.ai.
TLS certificate: Issued by R11 on November 25th 2024. Valid for: 3 months.

This is the only time www.horizon3.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 10	104.197.16.226 104.197.16.226	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
75	169.150.236.99 169.150.236.99	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
8	2606:4700:10:... 2606:4700:10::ac43:1408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
2	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	52.212.126.15 52.212.126.15	16509 (AMAZON-02) (AMAZON-02)
1	18.160.41.49 18.160.41.49	16509 (AMAZON-02) (AMAZON-02)
5	2607:f8b0:400... 2607:f8b0:4004:c19::61	15169 (GOOGLE) (GOOGLE)
1	3.167.56.16 3.167.56.16	16509 (AMAZON-02) (AMAZON-02)
11	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
2	52.54.96.194 52.54.96.194	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1408:c40... 2600:1408:c400:5::17c7:3719	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	2606:4700:20:... 2606:4700:20::681a:d98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	34.120.220.80 34.120.220.80	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2606:4700::68... 2606:4700::6812:1fb0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	142.251.163.94 142.251.163.94	15169 (GOOGLE) (GOOGLE)
1	64.233.180.97 64.233.180.97	15169 (GOOGLE) (GOOGLE)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	52.51.180.248 52.51.180.248	16509 (AMAZON-02) (AMAZON-02)
1	18.208.125.13 18.208.125.13	14618 (AMAZON-AES) (AMAZON-AES)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700:20:... 2606:4700:20::681a:c98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.145.201.140 34.145.201.140	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	142.251.167.157 142.251.167.157	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1b::8a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:28a... 2600:9000:28a9:7400:4:8491:f2c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.167.72.96 3.167.72.96	16509 (AMAZON-02) (AMAZON-02)
2 3	3.225.164.135 3.225.164.135	14618 (AMAZON-AES) (AMAZON-AES)
2 3	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	52.4.157.154 52.4.157.154	14618 (AMAZON-AES) (AMAZON-AES)
171	38

10 104.197.16.226 (Council Bluffs, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 226.16.197.104.bc.googleusercontent.com

www.horizon3.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

75 169.150.236.99 (Chicago, United States)

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: 169-150-236-99.bunnyinfra.net

p7i3u3x3.delivery.rocketcdn.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:10::ac43:1408 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-cookieyes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.212.126.15 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-126-15.eu-west-1.compute.amazonaws.com

log.cookieyes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
directory.cookieyes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.41.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-41-49.iad55.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4004:c19::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.167.56.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-167-56-16.iad61.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.54.96.194 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-96-194.compute-1.amazonaws.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:c400:5::17c7:3719 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:d98 (United States)

ASN13335 (CLOUDFLARENET, US)

io.clickguard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.120.220.80 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 80.220.120.34.bc.googleusercontent.com

cdn.dreamdata.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:1fb0 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.251.163.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.180.97 (United States)

ASN15169 (GOOGLE, US)
PTR: pe-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.180.248 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-180-248.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.208.125.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-125-13.compute-1.amazonaws.com

go.horizon3.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:c98 (United States)

ASN13335 (CLOUDFLARENET, US)

pulse.clickguard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.145.201.140 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 140.201.145.34.bc.googleusercontent.com

r4.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.167.157 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f157.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1b::8a (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:28a9:7400:4:8491:f2c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.167.72.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-167-72-96.iad61.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.225.164.135 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-164-135.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.4.157.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-157-154.compute-1.amazonaws.com

hemsync.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
75	rocketcdn.me p7i3u3x3.delivery.rocketcdn.me	2 MB
13	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 3020 r4.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 146167	209 KB
11	horizon3.ai 1 redirects www.horizon3.ai go.horizon3.ai	318 KB
8	cdn-cookieyes.com cdn-cookieyes.com — Cisco Umbrella Rank: 6717	81 KB
7	gstatic.com fonts.gstatic.com	194 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	530 KB
5	clickagy.com 2 redirects tags.clickagy.com — Cisco Umbrella Rank: 17878 aorta.clickagy.com — Cisco Umbrella Rank: 2633 hemsync.clickagy.com — Cisco Umbrella Rank: 15954	15 KB
5	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4514 ws-assets.zoominfo.com — Cisco Umbrella Rank: 11137	17 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 333 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	2 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	20 KB
3	openx.net 2 redirects us-u.openx.net — Cisco Umbrella Rank: 525	858 B
3	adsrvr.org 1 redirects js.adsrvr.org — Cisco Umbrella Rank: 1531 insight.adsrvr.org — Cisco Umbrella Rank: 960 match.adsrvr.org — Cisco Umbrella Rank: 377	7 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 5643	4 KB
3	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8407	2 KB
3	dreamdata.cloud cdn.dreamdata.cloud — Cisco Umbrella Rank: 52693	43 KB
3	clickguard.com io.clickguard.com — Cisco Umbrella Rank: 83868 pulse.clickguard.com — Cisco Umbrella Rank: 53169	4 KB
3	cookieyes.com log.cookieyes.com — Cisco Umbrella Rank: 7310 directory.cookieyes.com — Cisco Umbrella Rank: 10619	770 B
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2010 alb.reddit.com — Cisco Umbrella Rank: 1418	761 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	15 KB
2	pardot.com pi.pardot.com — Cisco Umbrella Rank: 6044	4 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1095	13 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 888 script.hotjar.com — Cisco Umbrella Rank: 1185	61 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	132 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 5577	171 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	17 KB
171	27

	Domain	Requested by
75	p7i3u3x3.delivery.rocketcdn.me	www.horizon3.ai
11	dev.visualwebsiteoptimizer.com	www.horizon3.ai dev.visualwebsiteoptimizer.com
10	www.horizon3.ai	1 redirects www.horizon3.ai p7i3u3x3.delivery.rocketcdn.me
8	cdn-cookieyes.com	www.horizon3.ai cdn-cookieyes.com dev.visualwebsiteoptimizer.com
7	fonts.gstatic.com	www.horizon3.ai
6	www.googletagmanager.com	www.horizon3.ai www.googletagmanager.com
4	ws.zoominfo.com	dev.visualwebsiteoptimizer.com
4	cdn.jsdelivr.net	www.horizon3.ai
3	us-u.openx.net	2 redirects
3	aorta.clickagy.com	2 redirects dev.visualwebsiteoptimizer.com
3	js.zi-scripts.com	www.horizon3.ai js.zi-scripts.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	tracking.g2crowd.com	www.horizon3.ai tracking.g2crowd.com
3	cdn.dreamdata.cloud	www.horizon3.ai cdn.dreamdata.cloud
2	r4.visualwebsiteoptimizer.com	dev.visualwebsiteoptimizer.com
2	pulse.clickguard.com	io.clickguard.com
2	snap.licdn.com	www.horizon3.ai snap.licdn.com
2	pi.pardot.com	www.horizon3.ai pi.pardot.com
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
2	log.cookieyes.com	cdn-cookieyes.com
2	code.jquery.com	www.horizon3.ai
1	hemsync.clickagy.com	dev.visualwebsiteoptimizer.com
1	match.adsrvr.org	js.adsrvr.org
1	insight.adsrvr.org	1 redirects
1	js.adsrvr.org	www.horizon3.ai
1	tags.clickagy.com	www.horizon3.ai
1	www.google-analytics.com	dev.visualwebsiteoptimizer.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	directory.cookieyes.com	cdn-cookieyes.com
1	px4.ads.linkedin.com	www.horizon3.ai
1	go.horizon3.ai	pi.pardot.com
1	content.hotjar.io	script.hotjar.com
1	alb.reddit.com	www.horizon3.ai
1	pixel-config.reddit.com	www.redditstatic.com
1	io.clickguard.com	www.googletagmanager.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.horizon3.ai
1	cdnjs.cloudflare.com	www.horizon3.ai
171	39

This site contains links to these domains. Also see Links.

Domain
www.cookieyes.com
docs.horizon3.ai
portal.horizon3ai.com
partners.horizon3.ai
www.businesswire.com
www.crn.com
fortune.com
forums.ivanti.com
p7i3u3x3.delivery.rocketcdn.me
github.com
horizon3.ai
www.linkedin.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
www.horizon3.ai R11	`2024-11-25` - `2025-02-23`	3 months	crt.sh
*.rocketcdn.me R11	`2024-10-29` - `2025-01-27`	3 months	crt.sh
cdn-cookieyes.com WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
log.cookieyes.com Amazon RSA 2048 M02	`2024-03-26` - `2025-04-25`	a year	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2024-06-29` - `2025-07-31`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-06` - `2025-04-03`	6 months	crt.sh
pi.pardot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-06-05` - `2025-06-04`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
clickguard.com WE1	`2024-11-06` - `2025-02-04`	3 months	crt.sh
cdn.dreamdata.cloud WR3	`2024-10-16` - `2025-01-15`	3 months	crt.sh
g2crowd.com WE1	`2024-10-19` - `2025-01-17`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-10-13` - `2025-04-11`	6 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-01-31` - `2025-03-01`	a year	crt.sh
go.horizon3.ai R11	`2024-10-31` - `2025-01-29`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
zi-scripts.com WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
directory.cookieyes.com Amazon RSA 2048 M03	`2024-02-02` - `2025-03-03`	a year	crt.sh
zoominfo.com E6	`2024-11-12` - `2025-02-10`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.clickagy.com Amazon ECDSA 256 M02	`2024-08-22` - `2025-09-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Frame ID: 8E1D5DFAF235B5913589F0F566CF338E
Requests: 163 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.horizon3.ai
Frame ID: 26C42218BB38385112B08B003AA7C034
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/upb/?adv=nnpwm2i&ref=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&upid=r539y9j&upv=1.1.0&paapi=1
Frame ID: B5CD99CBAB31AC8604D65FE0152D5E2D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability | Horizon3.ai

Page URL History Show full URLs

https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection/ HTTP 301
https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery Mobile (Mobile Frameworks) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]mobile(?:-([\d.]))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

171
Requests

97 %
HTTPS

32 %
IPv6

27
Domains

39
Subdomains

38
IPs

3
Countries

3484 kB
Transfer

9597 kB
Size

27
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookieyes.com/product/cookie-consent

Search URL Search Domain Scan URL

URL: https://docs.horizon3.ai/getting_started/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://portal.horizon3ai.com/?freeTrial&dd_uid=268b2a6b-1546-4442-83d2-f3ea67dbd650
Title: Start a Free Trial

Search URL Search Domain Scan URL

URL: https://partners.horizon3.ai/
Title: 

Search URL Search Domain Scan URL

URL: https://www.businesswire.com/news/home/20241112238396/en/Horizon3.ai-Launches-NodeZero%E2%84%A2-Kubernetes-Pentesting-Empowering-Organizations-to-Protect-Critical-Infrastructure
Title: Horizon3.ai Launches NodeZero™ Kubernetes Pentesting, Empowering Organizations to Protect Critical Infrastructure

Search URL Search Domain Scan URL

URL: https://www.businesswire.com/news/home/20241030367638/en/Horizon3.ai-Named-to-the-2025-Fortune-Cyber-60-for-the-Second-Consecutive-Year
Title: Horizon3.ai Named to the 2025 Fortune Cyber 60 for the Second Consecutive Year

Search URL Search Domain Scan URL

URL: https://www.businesswire.com/news/home/20240925659094/en/Keith-Poyser-Appointed-as-Vice-President-for-EMEA-at-Horizon3.ai
Title: Keith Poyser Appointed as Vice President for EMEA at Horizon3.ai

Search URL Search Domain Scan URL

URL: https://www.crn.com/rankings-and-lists/stellar-startups-2024

Search URL Search Domain Scan URL

URL: https://fortune.com/ranking/cyber/

Search URL Search Domain Scan URL

URL: https://portal.horizon3ai.com/?dd_uid=268b2a6b-1546-4442-83d2-f3ea67dbd650
Title: Log In

Search URL Search Domain Scan URL

URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
Title: advisory

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/csa-patch-1.png
Title: Figure 1. Patch introduces more updated php files

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/timezone-patch.png

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.13.24%E2%80%AFAM.png
Title: Figure 3. handleDateTimeSubmit parses HTTP requests

Search URL Search Domain Scan URL

URL: https://github.com/horizon3ai/CVE-2024-8190
Title: here

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.25.10%E2%80%AFAM.png
Title: Figure 4. Authenticated Command Injection

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.34.19%E2%80%AFAM.png
Title: Figure 5. 403 from the external interface

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.20.30%E2%80%AFAM.png
Title: Figure 6. Password policy

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.49.56%E2%80%AFAM.png
Title: Figure 7. Failed logon

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.52.38%E2%80%AFAM.png
Title: Figure 8. Successful login

Search URL Search Domain Scan URL

URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/10/streamlinehq-cog-approved-interface-essential-100.png

Search URL Search Domain Scan URL

URL: https://horizon3.ai/demo
Title: Schedule a Demo

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/horizon3ai/

Search URL Search Domain Scan URL

URL: https://twitter.com/Horizon3ai

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCruHUp4feksCLYU6CbNvdlw

Search URL Search Domain Scan URL

URL: https://github.com/horizon3ai

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection/ HTTP 301
https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 127

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1733398258683&li_adsId=c30d9a88-5643-4a40-a3de-c4b81d13c8f6&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1733398258683&li_adsId=c30d9a88-5643-4a40-a3de-c4b81d13c8f6&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&e_ipv6=AQJQxmqOtsikiAAAAZOWlmT0-dgF2jAkH7I0jzi2EXovqZDuoF0fSGFjY9n98mKnny1AUe6J3g

Request Chain 166

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1 HTTP 302
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D HTTP 302
https://aorta.clickagy.com/pixel.gif?ch=4&cm=d116edbc-5090-4d6a-ad94-6366b0eb658e&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537073026%26val%3D%7Bvisitor_id%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:e5f4bca74c485101517dc4709c34d5ad

Request Chain 167

https://insight.adsrvr.org/track/up?adv=nnpwm2i&ref=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&upid=r539y9j&upv=1.1.0&paapi=1 HTTP 302
https://match.adsrvr.org/track/upb/?adv=nnpwm2i&ref=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&upid=r539y9j&upv=1.1.0&paapi=1

171 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cisa-kev-cve-2024-8190-ivanti-csa-command-injection Show response
www.horizon3.ai/attack-research/
Redirect Chain

https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection/
https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

394 KB
53 KB

89ms
80ms

Document
text/html

104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

149644cda3cec354f5de37439bb9cd8dcebf5f9a4aca4098b2640fc815cd04a3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: max-age=600, must-revalidate
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 05 Dec 2024 11:30:51 GMT
last-modified: Mon, 16 Sep 2024 12:06:30 GMT
link: <https://www.horizon3.ai/wp-json/>; rel="https://api.w.org/" <https://www.horizon3.ai/wp-json/wp/v2/posts/261911>; rel="alternate"; title="JSON"; type="application/json" <https://www.horizon3.ai/?p=261911>; rel=shortlink
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-tec-api-origin: https://www.horizon3.ai
x-tec-api-root: https://www.horizon3.ai/wp-json/tribe/events/v1/
x-tec-api-version: v1
x-xss-protection: "1; mode=block"

Redirect headers

cache-control: max-age=600, must-revalidate
content-length: 0
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 05 Dec 2024 11:30:51 GMT
expires: Thu, 05 Dec 2024 12:30:35 GMT
last-modified: Mon, 16 Sep 2024 12:06:30 GMT
location: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: non200
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-redirect-by: WordPress
x-xss-protection: "1; mode=block"

GET
H2 200 gcm.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/cookie-law-info/lite/frontend/js/ 2 KB
2 KB 3450ms
150ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/cookie-law-info/lite/frontend/js/gcm.min.js

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

5464d49c61f76b9941f8a4e8c9a1cada2bda40a9a6764412647f2d55cc2f913d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"67472e6c-7a5"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
last-modified: Wed, 27 Nov 2024 14:36:28 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 12/03/2024 11:02:36
link: <https://www.horizon3.ai/wp-content/plugins/cookie-law-info/lite/frontend/js/gcm.min.js>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 5a82f0faa3e7733a8afa495edd031442
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 script.js Show response
cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/ 100 KB
34 KB 2468ms
32ms Script
application/javascript 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/script.js
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc1b170386588e851faaaffa0dc8e0136993e5404ecfba564c611c66559b203e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: "18eeb-627ae5f009e43-gzip"
age: 285030
access-control-allow-methods: GET, OPTIONS
cf-ray: 8ed3b4f46b16a2f2-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34941
date: Thu, 05 Dec 2024 11:30:54 GMT
content-type: application/javascript
last-modified: Sun, 24 Nov 2024 20:22:11 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 style.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-includes/css/dist/block-library/ 112 KB
16 KB 3358ms
60ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

3bb38d0f302677ff4104564454f60f495133579d6e6dfb722b3de850df596502

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"67472f12-1c012"
x-content-type-options: nosniff
last-modified: Wed, 27 Nov 2024 14:39:14 GMT
content-type: text/css
cdn-cachedat: 12/05/2024 04:38:53
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-includes/css/dist/block-library/style.min.css?ver=6.7.1>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 1
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 5daac9acf593b93d1dfee6b7a4068600
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 aiwp-public.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/aiwp/public/css/ 98 B
2 KB 3445ms
147ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/aiwp/public/css/aiwp-public.css?ver=2.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"651e190c-62"
x-content-type-options: nosniff
last-modified: Thu, 05 Oct 2023 02:01:48 GMT
content-type: text/css
cdn-cachedat: 11/04/2024 21:36:26
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 941
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/aiwp/public/css/aiwp-public.css?ver=2.0.0>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 12febcbd0cd8458ba60132934657a561
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 et-divi-dynamic-tb-260934-tb-4381-261911-late.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/ 190 KB
20 KB 3394ms
97ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-divi-dynamic-tb-260934-tb-4381-261911-late.css?ver=1733239268

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

2564adfb49bcfcb0cdea389be328fa8e2099570870c8162363aa169743e7cea5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"674f21e4-2f838"
x-content-type-options: nosniff
last-modified: Tue, 03 Dec 2024 15:21:08 GMT
content-type: text/css
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/et-cache/261911/et-divi-dynamic-tb-260934-tb-4381-261911-late.css?ver=1733239268>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 10caaf6a08cecdf4c729c68430847b3f
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 style.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-ajax-filter/styles/ 155 KB
14 KB 3453ms
155ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-ajax-filter/styles/style.min.css?ver=3.1.8.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

9361dc0d070228efad900f87d46025152dca3833f9b1a60f1448e07b26b66136

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"67167838-26a53"
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2024 15:50:16 GMT
content-type: text/css
cdn-cachedat: 11/04/2024 21:36:26
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 894
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/divi-ajax-filter/styles/style.min.css?ver=3.1.8.7>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 1b1b17de03d01a355b627befe7957762
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 style.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-blog-extras/styles/ 70 KB
11 KB 3373ms
77ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-blog-extras/styles/style.min.css?ver=2.6.5

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

3fa3f0c4c099718595c4e25e55810cca92181c72d6233512fb51c2f74fa55cd7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"651e190b-1196f"
x-content-type-options: nosniff
last-modified: Thu, 05 Oct 2023 02:01:47 GMT
content-type: text/css
cdn-cachedat: 11/16/2024 05:29:00
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/divi-blog-extras/styles/style.min.css?ver=2.6.5>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 3ae1061f938e4cacb2ad6d81bc5494a5
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 style.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/styles/ 80 KB
18 KB 3445ms
150ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/styles/style.min.css?ver=1.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

e18fe1d33ada37ef55fff1480facdb68824cc4264dd43221382ad8632669e43b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"651e190b-140f1"
x-content-type-options: nosniff
last-modified: Thu, 05 Oct 2023 02:01:47 GMT
content-type: text/css
cdn-cachedat: 11/04/2024 21:36:26
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1029
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/divi-event-calendar-module/styles/style.min.css?ver=1.0.0>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 79750942d3a97b638c66a1e818d40bdf
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 style.min.css
www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/ 86 KB
8 KB 86ms
68ms Stylesheet
text/css 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/style.min.css?ver=1.3.3

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

d65fa445e89a329e393e914790b08f0b7cdb441f72fbe5d0fad0f43d92f2efee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
etag: W/"6707f658-15859"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:52 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 10 Oct 2024 15:44:24 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31536000
referrer-policy: no-referrer-when-downgrade
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
server: nginx

GET
H2 200 style.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/styles/ 423 KB
31 KB 3449ms
154ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/styles/style.min.css?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

56acd5ab09a2aa63722c23df0c420829b50b1e3c6066be93b6f5e1e14bd51281

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"6716783a-69a41"
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2024 15:50:18 GMT
content-type: text/css
cdn-cachedat: 11/18/2024 00:27:56
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/styles/style.min.css?ver=4.9.97.20>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 00add4cc84a16471b304bf8453746963
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 magnific_popup.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/ 6 KB
3 KB 3448ms
154ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/magnific_popup.css?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"67472ebc-1946"
x-content-type-options: nosniff
last-modified: Wed, 27 Nov 2024 14:37:48 GMT
content-type: text/css
cdn-cachedat: 11/30/2024 03:29:23
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1029
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/magnific_popup.css?ver=4.9.97.26>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 1
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 3bbbd94aa6fdc2554bebc287317afdc0
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 swiper.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 22 KB
5 KB 3445ms
151ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/swiper.css?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

c1b94e225b989e86f8b6c589c0778c17ec25d2465f33fd10dc7e2e45f060fa6c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"6716783a-5865"
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2024 15:50:18 GMT
content-type: text/css
cdn-cachedat: 11/04/2024 21:36:26
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/swiper.css?ver=4.9.97.20>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: e03b64b8051c23e6e941110726bdac34
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 popup.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 5 KB
2 KB 3447ms
153ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/popup.css?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

2f1e0ba0f1a9560f8d67fb010c58f8995fa681625c321e18133ccec0043bce47

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"67472e6e-1389"
x-content-type-options: nosniff
last-modified: Wed, 27 Nov 2024 14:36:30 GMT
content-type: text/css
cdn-cachedat: 12/04/2024 07:05:51
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/popup.css?ver=4.9.97.26>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 15b9ca429e6bccedf8d2abced1bca14e
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 animate.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 83 KB
6 KB 3449ms
155ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/animate.css?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"6716783a-14d7b"
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2024 15:50:18 GMT
content-type: text/css
cdn-cachedat: 11/04/2024 21:36:26
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/animate.css?ver=4.9.97.20>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: bb6546d62718b94fbf7cf5fbcd17cbc3
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 readmore.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 2 KB
2 KB 3372ms
79ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/css/readmore.css?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

009e58f3632270c3fa8d127a9e132807a0920ac00512a2a0c5f3e8d5d728d373

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"6716783a-6bd"
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2024 15:50:18 GMT
content-type: text/css
cdn-cachedat: 11/07/2024 05:01:34
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1070
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/css/readmore.css?ver=4.9.97.20>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 1f3f1735b1930fd193b0d181cdd1f3a4
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 jquery.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/jquery/ 86 KB
32 KB 3445ms
151ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"64ecd5ef-15601"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/04/2024 21:36:26
link: <https://www.horizon3.ai/wp-includes/js/jquery/jquery.min.js?ver=3.7.1>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 9891febcfdb75b8ccea11dce050912d1
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 941
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 jquery-migrate.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/jquery/ 13 KB
6 KB 3445ms
152ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6482bd64-3509"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 12/03/2024 11:02:36
link: <https://www.horizon3.ai/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 1a4b46cbd3bede13bf126c6d844c2011
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 894
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 aiwp-public.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/aiwp/public/js/ 913 B
2 KB 3446ms
153ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/aiwp/public/js/aiwp-public.js?ver=2.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

2053ab9b2531576c619c6136fab9db876c237e61d6e0deaffe2969e52c5d1f67

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"651e190c-391"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
last-modified: Thu, 05 Oct 2023 02:01:48 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/04/2024 21:36:26
link: <https://www.horizon3.ai/wp-content/plugins/aiwp/public/js/aiwp-public.js?ver=2.0.0>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: aa813cdd56f87e0f02c89be3d1ba8bb2
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 845
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 frontend.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/stop-user-enumeration/frontend/js/ 486 B
1 KB 173ms
145ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.6.3

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

8bbc0a7737643dd7c2344ba961592632153cb5353c92c5127339627e14b09143

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6707f656-1e6"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 10 Oct 2024 15:44:22 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/06/2024 08:23:13
link: <https://www.horizon3.ai/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.6.3>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 566a4b132bfb283100d9f606f42d0e76
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 divi-filter-loadmore.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-ajax-filter/js/ 17 KB
5 KB 3446ms
154ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-ajax-filter/js/divi-filter-loadmore.min.js?ver=3.1.8.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

2cdd9b10395c3cd5ff93495ba26f3dc7e5434443ff22467b9b386411199d4321

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"67167838-43d5"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
last-modified: Mon, 21 Oct 2024 15:50:16 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/22/2024 23:26:01
link: <https://www.horizon3.ai/wp-content/plugins/divi-ajax-filter/js/divi-filter-loadmore.min.js?ver=3.1.8.7>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 11b9dddf9daba2cde5c978a4b4a11622
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 et-divi-customizer-global.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/global/ 13 KB
5 KB 3443ms
152ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1733239200

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

85375eab1610513e2743d5ecc157320b210104dbb86b3daa5a174e0ae90c0dae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"673d0928-3382"
x-content-type-options: nosniff
last-modified: Tue, 19 Nov 2024 21:54:48 GMT
content-type: text/css
cdn-cachedat: 11/25/2024 05:31:21
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1029
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/et-cache/global/et-divi-customizer-global.min.css?ver=1732053288>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: e1326d8752739f1665899ac6f8db5414
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 et-core-unified-tb-260934-tb-4381-deferred-261911.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/ 79 KB
10 KB 3440ms
148ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-core-unified-tb-260934-tb-4381-deferred-261911.min.css?ver=1733239268

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

79649dc7389e7c9f43ab6f4610fd33b96798f406b71e31680764c072a1dcbcfd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"674f21e4-13d95"
x-content-type-options: nosniff
last-modified: Tue, 03 Dec 2024 15:21:08 GMT
content-type: text/css
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:55 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/et-cache/261911/et-core-unified-tb-260934-tb-4381-deferred-261911.min.css?ver=1733239268>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 2b700639a3abaed9554551dc300d6edb
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/06/ 13 KB
14 KB 85ms
84ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "651e1900-3214"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
content-type: image/webp
last-modified: Thu, 05 Oct 2023 02:01:36 GMT
cdn-cachedat: 11/04/2024 21:36:26
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: a5319290d1e17af9b604a1d1845aad5f
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12820
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Horizon3ai_Logo_Bug_RGB.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/11/ 20 KB
21 KB 86ms
85ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/11/Horizon3ai_Logo_Bug_RGB.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

385825f3c978e51201237611398c837352a7cf4fc8f4dce0badef3871cad2dd4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "651e18fc-4f76"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
content-type: image/webp
last-modified: Thu, 05 Oct 2023 02:01:32 GMT
cdn-cachedat: 11/11/2024 14:10:35
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2022/11/Horizon3ai_Logo_Bug_RGB.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: b2f4b6f088f4d9d3fb319673e465b7ef
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20342
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 isometric-laptop-mockup.png
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/06/ 470 KB
472 KB 43ms
41ms Image
image/png 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/06/isometric-laptop-mockup.png

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

0abb6b841ec88ed4a6de1540fd8f6cf921147c69a849a617989fab23f53b520c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66a52cb4-759ba"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/png
last-modified: Sat, 27 Jul 2024 17:21:56 GMT
cdn-cachedat: 11/04/2024 21:36:27
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2022/06/isometric-laptop-mockup.png>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 0477d92ccab07ef75599ea26ff2cc151
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 481722
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Target-Path-Streamline-Ultimate.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/03/ 9 KB
10 KB 40ms
38ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/03/Target-Path-Streamline-Ultimate.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

255d67153c707d1926f571d5e1c7051911138caf15d1dc4bb6759049221566fa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "65f085ad-2254"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Tue, 12 Mar 2024 16:41:17 GMT
cdn-cachedat: 12/02/2024 06:23:18
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/03/Target-Path-Streamline-Ultimate.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: c76081df10416a9a233ee5f8934cdb74
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8788
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 941
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 entra_compromise_2-980x367.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/05/ 15 KB
16 KB 82ms
71ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/05/entra_compromise_2-980x367.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

798b31a18cae3f6010e75b292d5efa21b347cb479c319b0b7344e023f1ed022a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "664bebe8-3bce"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Tue, 21 May 2024 00:33:44 GMT
cdn-cachedat: 11/24/2024 18:53:55
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/05/entra_compromise_2-980x367.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: b7dbaa38811a27597fffd4a0d7403c80
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15310
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 718
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 video-game-sword.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2023/09/ 470 B
2 KB 173ms
145ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2023/09/video-game-sword.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

0b58d82b60be4aa0041234b625c3f8d60899d17b440587da514346c2d2193421

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "651e18f7-1d6"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Thu, 05 Oct 2023 02:01:27 GMT
cdn-cachedat: 11/06/2024 19:55:55
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2023/09/video-game-sword.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: af0091124c4658bc63a0ce981936a10e
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 470
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Stellar_Startups_2024.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/11/ 44 KB
45 KB 3437ms
147ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/11/Stellar_Startups_2024.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

b10a22e108ba5883c3a0bdfb235848db6d54ec10c37a2411f2f7f1b4c6e68e7a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "673515b0-afd6"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
content-type: image/webp
last-modified: Wed, 13 Nov 2024 21:10:08 GMT
cdn-cachedat: 11/13/2024 21:15:49
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/11/Stellar_Startups_2024.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 3aa51541dddb600883c45c71731dce33
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 45014
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1069
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 top-infosec-innovator-winner-2024.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/10/ 85 KB
86 KB 175ms
147ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/10/top-infosec-innovator-winner-2024.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

02e7e95efc6c386c43b24a985b2369b52b9f5649a272414ac4fd8252df0b90c5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "6720ef06-15356"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Tue, 29 Oct 2024 14:19:50 GMT
cdn-cachedat: 11/24/2024 01:21:54
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/10/top-infosec-innovator-winner-2024.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 4045e9956c6ecc3c59e34b85875c3001
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 86870
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 894
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Horizon3-AI_Square-1080x675.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/10/ 35 KB
36 KB 173ms
145ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/10/Horizon3-AI_Square-1080x675.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

4a628ac3a34a564f11ee722cefca531e3e6d61d17b02e32cfe88b1831197e9e7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "67224e78-8b98"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Wed, 30 Oct 2024 15:19:20 GMT
cdn-cachedat: 11/04/2024 21:36:27
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/10/Horizon3-AI_Square-1080x675.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: bbaa964a4ba7c4f487df0a40a30e79e5
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 35736
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Screenshot-2024-09-16-at-10.25.10%E2%80%AFAM.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/ 85 KB
86 KB 173ms
146ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.25.10%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

0fd2c24f049f72534dc90aa496ca4142258a9aa49f6db42387fe65eec34ea6a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66e840a6-153a6"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 14:28:54 GMT
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.25.10%E2%80%AFAM.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: ff43e33a0c4a745efefd2aa5b52ee529
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 86950
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1070
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 csa-patch-1.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/ 69 KB
70 KB 171ms
144ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/csa-patch-1.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

459b1edb03e93f6d02f44bcf265a03816bed2fab3a0420a699ec50f0a6c83b7a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66e83b4a-114a0"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 14:06:02 GMT
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/09/csa-patch-1.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 08b4da509bc84bc23fe8191be8a22cc7
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 70816
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 timezone-patch.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/ 75 KB
76 KB 175ms
148ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/timezone-patch.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

86631bfa017890e3b1d7b75c5071132bb5993d99dca81170c956e97777e4b671

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66e83bf6-12a0c"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 14:08:54 GMT
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/09/timezone-patch.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 38f1f4626146bddf763dcd84a901ce04
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 76300
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Screenshot-2024-09-16-at-10.13.24%E2%80%AFAM-768x672.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/ 52 KB
53 KB 181ms
155ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.13.24%E2%80%AFAM-768x672.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

8e087c11dbbcd83775f769f477cc20e1a045e37920bd72d41e890a41499cb1d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66e83d1e-cef4"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 14:13:50 GMT
cdn-cachedat: 12/03/2024 15:12:14
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.13.24%E2%80%AFAM-768x672.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: a2c69fa884b8273e16ce53d5613dabfa
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 52980
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 845
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Screenshot-2024-09-16-at-10.25.10%E2%80%AFAM-768x367.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/ 32 KB
33 KB 174ms
147ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.25.10%E2%80%AFAM-768x367.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

9e5309e364f9441bd8dfa3a755782aa02ac227de8230b86976aeb4ff7caa18f9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66e8409f-7e10"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 14:28:47 GMT
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.25.10%E2%80%AFAM-768x367.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: fef932dafb8a96861b0f55fc03d12b0c
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 32272
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1070
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Screenshot-2024-09-16-at-10.34.19%E2%80%AFAM-768x303.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/ 30 KB
31 KB 173ms
148ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.34.19%E2%80%AFAM-768x303.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

977028942c70b415e6e40cfdb1c6bd8aa7fb71ca3925ba1b69392c06a330f83b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66e84223-7880"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 14:35:15 GMT
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.34.19%E2%80%AFAM-768x303.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 186a08845048b029f7ab8d74f090451a
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30848
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1069
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Screenshot-2024-09-16-at-10.20.30%E2%80%AFAM-768x188.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/ 7 KB
9 KB 206ms
181ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.20.30%E2%80%AFAM-768x188.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

3eb8e71703e251eca590a2846290ae280d922912a2c801380826be6ccbc9f1b9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66e84342-1da8"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 14:40:02 GMT
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.20.30%E2%80%AFAM-768x188.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 88d12a856af56999551df929ed56c853
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7592
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 845
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Screenshot-2024-09-16-at-10.49.56%E2%80%AFAM.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/ 94 KB
96 KB 167ms
142ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.49.56%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

754395faa80b8a40b1ac7c05806fc8d8985b919545ba573b58b0b90e62b96ec7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66e845c9-17950"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 14:50:49 GMT
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.49.56%E2%80%AFAM.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 0f72e88a21424d86cc7c4451928293c4
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96592
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Screenshot-2024-09-16-at-10.52.38%E2%80%AFAM.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/ 117 KB
118 KB 167ms
143ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.52.38%E2%80%AFAM.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

0dc4a866eedf9658574ea9be981ece172eef9244bc7a6f8c1fdf09160492d708

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66e84666-1d43e"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Mon, 16 Sep 2024 14:53:26 GMT
cdn-cachedat: 12/05/2024 11:30:37
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2024/09/Screenshot-2024-09-16-at-10.52.38%E2%80%AFAM.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 797ee90a41c12ef4e6941115b2b6ec28
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 119870
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 streamlinehq-cog-approved-interface-essential-100.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/10/ 1 KB
3 KB 166ms
143ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/10/streamlinehq-cog-approved-interface-essential-100.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

744e2c69f12052b2251ea97566999dfd68e9529558cc6d647f9deef86152f0c4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "651e18fd-5b6"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Thu, 05 Oct 2023 02:01:33 GMT
cdn-cachedat: 12/03/2024 13:48:55
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2022/10/streamlinehq-cog-approved-interface-essential-100.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 18ed48641fdfa0c29bbb56aefcd1723a
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1462
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1069
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 mediaelementplayer-legacy.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/ 11 KB
4 KB 127ms
80ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"5f735862-2bf8"
x-content-type-options: nosniff
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-type: text/css
cdn-cachedat: 11/04/2024 21:36:27
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:56 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: d6700b10bc5712af92faa6b16569b8dd
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 wp-mediaelement.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/ 4 KB
3 KB 131ms
84ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"5cfaccce-105a"
x-content-type-options: nosniff
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-type: text/css
cdn-cachedat: 12/03/2024 15:16:24
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:56 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.7.1>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: b7d8c92b18e4bd9204851180bc8c1074
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 bootstrap.min.css
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/assets/css/ 13 KB
3 KB 130ms
83ms Stylesheet
text/css 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/assets/css/bootstrap.min.css?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

5617c251ed51f42797b789d282460813a798d8402a95cd633d3d8f0e82d44819

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: W/"651e190b-35dd"
x-content-type-options: nosniff
last-modified: Thu, 05 Oct 2023 02:01:47 GMT
content-type: text/css
cdn-cachedat: 12/04/2024 05:16:26
cdn-cache: HIT
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA
date: Thu, 05 Dec 2024 11:30:56 GMT
vary: Accept-Encoding
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/plugins/divi-event-calendar-module/assets/css/bootstrap.min.css?ver=6.7.1>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 4ddf7d0516cb2dcac90105f0eca2620a
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *

GET
H2 200 daterangepicker.css
cdn.jsdelivr.net/npm/daterangepicker/ 8 KB
2 KB 916ms
34ms Stylesheet
text/css 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"1f85-jqRIojRLzDZKkujJKC/BWFh0US4"
age: 9460
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-eddf8230085-FRA, cache-yul1970062-YUL
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1754
x-jsd-version: 3.1.0

GET
H2 200 jquery-ui.css
code.jquery.com/ui/1.13.2/themes/hot-sneaks/ 36 KB
9 KB 915ms
33ms Stylesheet
text/css 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.13.2/themes/hot-sneaks/jquery-ui.css?ver=6.7.1
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5f9f44351d8cb1c857cc8d29a64c97dd4efc0659fc90bd160a42ea0d715ead79

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: gzip
etag: W/"28feccc0-8fc4"
age: 2608403
x-cache: HIT, HIT
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: text/css
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits: 9098, 20
x-served-by: cache-lga21942-LGA, cache-yul1970052-YUL
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1733398257.065039,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8576
server: nginx

GET
H2 200 scripts.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/js/ 268 KB
61 KB 128ms
83ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/js/scripts.min.js?ver=4.27.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

6af23fd5d68900400e981906d4bf799efb94d589616b846112f9e2684274c692

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6707f6b6-42f9f"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 10 Oct 2024 15:45:58 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/04/2024 21:36:27
link: <https://www.horizon3.ai/wp-content/themes/Divi/js/scripts.min.js?ver=4.27.2>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: ff05389dce91c30a3acc9f420e06c889
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 jquery.fitvids.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 3 KB
2 KB 125ms
81ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.27.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"67472ebc-d15"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Wed, 27 Nov 2024 14:37:48 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 12/03/2024 11:02:37
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.27.4>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: dc2386ea7c08c20c4c1634710a46a033
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 comment-reply.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/ 3 KB
2 KB 166ms
144ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/comment-reply.min.js?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"625095f6-ba5"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/07/2024 01:15:40
link: <https://www.horizon3.ai/wp-includes/js/comment-reply.min.js?ver=6.6.2>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 54430ae5249f625b9f56f02fd00548c5
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 jquery.mobile.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 11 KB
4 KB 128ms
83ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js?ver=4.27.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

82ccdb280927be0204340a8255ea4f3450fbfc3057b4b8b98f9d0e01814cd143

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"67472ebc-2a18"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Wed, 27 Nov 2024 14:37:48 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 12/03/2024 17:37:03
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js?ver=4.27.4>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 3623d11878c73e5d4663de33ada32662
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1069
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 magnific-popup.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 22 KB
10 KB 128ms
84ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/magnific-popup.js?ver=4.27.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

22a7ae46aefb3325e3e2761085d7b2ea2cda8dc351cf391a62918bb09784f693

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6707f6b6-5700"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 10 Oct 2024 15:45:58 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/04/2024 21:36:27
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/magnific-popup.js?ver=4.27.2>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 6676cc577fb4368e9b5c8406ce0b73d9
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 easypiechart.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 9 KB
4 KB 142ms
100ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.27.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

5aa24e4ab926693e29ffb0d0ca1557141defd3ca61b3b4e7caebaa2fcd5bf327

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6707f6b6-2466"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 10 Oct 2024 15:45:58 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/04/2024 21:36:27
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.27.2>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: b7b8fa460398bf0a4277bc35fa601be9
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 845
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 salvattore.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 8 KB
5 KB 136ms
95ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/salvattore.js?ver=4.27.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

b6205029e1016596807b655c8f57818736a787e32ceb1407effa152ac3bb9380

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6707f6b6-217e"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 10 Oct 2024 15:45:58 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/24/2024 18:53:55
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/salvattore.js?ver=4.27.2>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: f9dd27370c6c5f26aec279a3459c2bc5
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 718
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 frontend-bundle.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-ajax-filter/scripts/ 699 B
2 KB 125ms
85ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-ajax-filter/scripts/frontend-bundle.min.js?ver=3.1.8.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

05c86a01cec19a9f9931163c42515adaab424be687667ef09f7d9b3cd0765cb5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"67167838-2bb"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Mon, 21 Oct 2024 15:50:16 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/29/2024 17:15:07
link: <https://www.horizon3.ai/wp-content/plugins/divi-ajax-filter/scripts/frontend-bundle.min.js?ver=3.1.8.7>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: d8e0389c2b2f6350f1eb2727f13c8695
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1029
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 frontend-bundle.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-blog-extras/scripts/ 35 KB
8 KB 140ms
100ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-blog-extras/scripts/frontend-bundle.min.js?ver=2.6.5

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

fc28654bf4d567cdbc91b5089345699eb8fff900d723b6dc635631eb0cb26fe5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"651e190c-8dee"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 05 Oct 2023 02:01:48 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 12/01/2024 03:46:08
link: <https://www.horizon3.ai/wp-content/plugins/divi-blog-extras/scripts/frontend-bundle.min.js?ver=2.6.5>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 48633f42df9e65b3b2e5f4e8b7f36531
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 718
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 frontend-bundle.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/scripts/ 733 B
2 KB 140ms
101ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-event-calendar-module/scripts/frontend-bundle.min.js?ver=1.0.0

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

74ca4b4a7f9ee76d71e312306ea01f5d0661796d4caa0a2170058d2a27ed328d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"651e190b-2dd"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 05 Oct 2023 02:01:47 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/07/2024 08:55:11
link: <https://www.horizon3.ai/wp-content/plugins/divi-event-calendar-module/scripts/frontend-bundle.min.js?ver=1.0.0>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: dc73e8dbb3620297e1d102bbb0c5f70c
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 894
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 new-tab.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/page-links-to/dist/ 34 KB
14 KB 135ms
96ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6629a9e1-8687"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 25 Apr 2024 00:54:57 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/17/2024 22:36:47
link: <https://www.horizon3.ai/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 57a7c810825e58e16fb16c003d6e6dcc
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1069
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 common.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/core/admin/js/ 1 KB
2 KB 155ms
117ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/core/admin/js/common.js?ver=4.27.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"67472ebc-53f"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Wed, 27 Nov 2024 14:37:48 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 12/03/2024 11:02:37
link: <https://www.horizon3.ai/wp-content/themes/Divi/core/admin/js/common.js?ver=4.27.4>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 6def961541e1cc66bf96a781634d9fc8
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1029
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 script.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-module-code-snippet/features/DBCSCopyToClipboardFeature/ 1 KB
2 KB 150ms
112ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/divi-module-code-snippet/features/DBCSCopyToClipboardFeature/script.js?ver=1.4.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

a1fc4d2a1d472a69f0736655a1de5a136b9daad166b23b065c96facb834b3724

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"66673745-4f8"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Mon, 10 Jun 2024 17:26:29 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/24/2024 18:53:55
link: <https://www.horizon3.ai/wp-content/plugins/divi-module-code-snippet/features/DBCSCopyToClipboardFeature/script.js?ver=1.4.4>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 7542ebfcacf879c9ebbcc97e76190dd7
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 718
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 mediaelement-and-player.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/ 154 KB
39 KB 151ms
113ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

b15c3ea03d50c2430490e7416733a254feea4237bb60b54181bd3473ebe4149f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6335a9d7-26935"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 29 Sep 2022 14:21:11 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 12/01/2024 16:20:40
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 7d39e9b877c8c432b59059a524cff7be
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 845
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 mediaelement-migrate.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/ 1 KB
2 KB 152ms
117ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"625095f6-4a7"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/17/2024 22:36:47
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.6.2>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: b3c1a2023667e50308d6a9a02f7f852a
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1069
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 wp-mediaelement.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/ 1 KB
2 KB 148ms
113ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

79cb399203843f65199bec32bc4abac5dfd20f141d3e4ec1424bf00c7108fa45

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"63e275aa-453"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Tue, 07 Feb 2023 16:00:42 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/15/2024 01:09:25
link: <https://www.horizon3.ai/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.6.2>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 2cdef9436bfa2f708aff25190d7c571c
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1069
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 frontend.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/AdvancedTabs/ 3 KB
2 KB 161ms
126ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/AdvancedTabs/frontend.min.js?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

10e5a9648bd0457bae09fdcd63aae1cd6448fc05f3c2aa091cd6ba7c17e162f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6716783a-cc2"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Mon, 21 Oct 2024 15:50:18 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/18/2024 17:04:37
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/AdvancedTabs/frontend.min.js?ver=4.9.97.20>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 3a26b93e42a05833663cb5c88794d7ec
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1029
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 jquery.magnific-popup.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/ 21 KB
9 KB 146ms
113ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/jquery.magnific-popup.js?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

00bd70a9e2b51ce68971a89a29d07b1e06e49a5d1e71c6a44d1a7ccb41828095

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6716783a-5251"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Mon, 21 Oct 2024 15:50:18 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/06/2024 05:02:38
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/js/jquery.magnific-popup.js?ver=4.9.97.20>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 02b2bcf19396832d7f2bfa9575e5d8f8
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 941
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 swiper-bundle.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/ 142 KB
40 KB 160ms
127ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/public/js/swiper-bundle.min.js?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

568c3ba372e075ecceb821409f5d45be311c896c3c784910eb5f2f20e5c90670

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"67472e6e-239c1"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Wed, 27 Nov 2024 14:36:30 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 12/05/2024 04:28:03
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/public/js/swiper-bundle.min.js?ver=4.9.97.26>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: e27d1ae9f497541c61dd97c3e640ec7b
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1068
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 frontend.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/BlogCarousel/ 3 KB
2 KB 176ms
144ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/BlogCarousel/frontend.min.js?ver=4.9.97.26

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

82538b897ce2c7c80571a4d0cf18d037f7b36a5873a7cd07d08df222e366e95d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"67472e6e-a42"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Wed, 27 Nov 2024 14:36:30 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 12/05/2024 02:51:58
link: <https://www.horizon3.ai/wp-content/plugins/supreme-modules-pro-for-divi/includes/modules/BlogCarousel/frontend.min.js?ver=4.9.97.26>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 5d18205b9ed79674ae90ea11d47ba88e
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 894
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H3 200 moment.min.js Show response
cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/ 57 KB
17 KB 681ms
48ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

081737985335af4be15fc676ed4ccc0703c7446c6b5cbc9317e40bcdc6428e5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "62c614dc-41c5"
age: 789381
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oMAob6WKqTN5qCmz7hH2s2%2Fkl5AvA7GPFftTKW8h1Qa1Tmbp6W6HFy8w0dQrNGof9mOYKGFP2Yi%2Fg7Dv%2F2AD3YdcTH239D0d%2FYck8xXHjUtjUSa12EX%2FD%2BUoFIsAX1MY6HY2s98h"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 25 Nov 2025 11:30:56 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 06 Jul 2022 23:03:56 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8ed3b501384136d6-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16837
server: cloudflare

GET
H2 200 daterangepicker.min.js Show response
cdn.jsdelivr.net/npm/daterangepicker/ 32 KB
7 KB 901ms
34ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.min.js?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

98578d9e429bafe2edbd9d00271e88a85fa457ead4c106485d157fd955b5f2de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"7f60-yn4DlHkED3KaP/biww3JCbN4kvM"
age: 24773
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230147-FRA, cache-yul1970062-YUL
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7106
x-jsd-version: 3.1.0

GET
H2 200 jquery-ui.js Show response
code.jquery.com/ui/1.13.2/ 517 KB
124 KB 901ms
34ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.13.2/jquery-ui.js?ver=6.7.1
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c4b0fb9e123ad9f72c1192b6feff0bb0171be251bb76050b92e5e85c1fe3f757

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: gzip
etag: W/"28feccc0-81307"
age: 2575619
x-cache: HIT, HIT
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits: 10249, 17863
x-served-by: cache-lga21990-LGA, cache-yul1970052-YUL
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1733398257.065059,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 126267
server: nginx

GET
H2 200 loadFilter.js Show response
cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/ 44 KB
6 KB 898ms
32ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/loadFilter.js?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b0a9a22da3f67f5e35770bedef0e2ec034eddd871243a6b80d09b285372d1863

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"b08f-hyuFhPhDAFE5gn7UWPXhS1S5p0w"
age: 36950
x-content-type-options: nosniff
x-jsd-version-type: branch
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220127-FRA, cache-yul1970062-YUL
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6186
x-jsd-version: 2.7.6

GET
H2 200 loadmore.js Show response
cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/EventFeed/ 31 KB
5 KB 898ms
33ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/peeayecreative/dec-cdn@2.7.6/js/EventFeed/loadmore.js?ver=6.7.1

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0907683649854f8c34c1c89b06ac8256e5414e1c2db6019fa0c0f347e9e240e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"7b9e-g8xMzqvVKM5J7uC4u0KIn/Wvuw4"
age: 39062
x-content-type-options: nosniff
x-jsd-version-type: branch
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220098-FRA, cache-yul1970062-YUL
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4509
x-jsd-version: 2.7.6

GET
H2 200 frontend-bundle.min.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-mega-menu/scripts/ 8 KB
3 KB 155ms
126ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/plugins/supreme-mega-menu/scripts/frontend-bundle.min.js?ver=1.3.3

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

6c742dbd1b71338da108a257be31d23bdde0a67b20440548db9ea70660bc7430

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6707f658-2075"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 10 Oct 2024 15:44:24 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/07/2024 03:53:49
link: <https://www.horizon3.ai/wp-content/plugins/supreme-mega-menu/scripts/frontend-bundle.min.js?ver=1.3.3>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 3eb14239651093d62e3da846792b35d6
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 motion-effects.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 154 KB
39 KB 169ms
140ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.27.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

21299aa0cfccae6adfc1fdc2d6dfd6895c47f6f8b714b2683df914f9b5b485a3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"67472ebc-26902"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Wed, 27 Nov 2024 14:37:48 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/30/2024 08:08:31
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.27.4>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 816b275bb9e0a127aed4d48d67289ca6
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1069
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 sticky-elements.js Show response
p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 204 KB
57 KB 162ms
133ms Script
application/javascript 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements.js?ver=4.27.4

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

b24aa7e74310a0cc0723f431099e76ab2dddbde19a580b3c3da79d88a80e6893

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
content-encoding: br
etag: W/"6707f6b6-330a1"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
last-modified: Thu, 10 Oct 2024 15:45:58 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-cachedat: 11/22/2024 23:26:02
link: <https://www.horizon3.ai/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements.js?ver=4.27.2>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: a35b4b1ec27bfbd11efbe6d5e279de5f
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

POST
H2 200 log
log.cookieyes.com/api/v1/ 2 B
219 B 1044ms
102ms Ping
text/plain 52.212.126.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://log.cookieyes.com/api/v1/log
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.126.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-126-15.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarycgldYfKj8yQ1cAsw
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-robots-tag: noindex, nofollow
link: <https://www.cookieyes.com>; rel="canonical"
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-origin: *
content-length: 2
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: text/plain; charset=utf-8
x-powered-by: Express

GET
H2 200 banner.js Show response
cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/ 102 KB
33 KB 77ms
53ms Script
application/javascript 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/banner.js
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7aeb10f8293c9153b0bcac739fd0291a2d2a3b09befd0b4186c68c8c55dbddf4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: "1963e-627ae5f009e43-gzip"
age: 285032
access-control-allow-methods: GET, OPTIONS
cf-ray: 8ed3b4fd78c6a2f2-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33916
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: application/javascript
last-modified: Sun, 24 Nov 2024 20:22:11 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 style.min.css
www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/ 86 KB
0 5ms
5ms Stylesheet
text/css 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/plugins/supreme-mega-menu/styles/style.min.css?ver=1.3.3

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

d65fa445e89a329e393e914790b08f0b7cdb441f72fbe5d0fad0f43d92f2efee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31536000
content-encoding: br
etag: W/"6707f658-15859"
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
date: Thu, 05 Dec 2024 11:30:52 GMT
x-xss-protection: "1; mode=block"
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: nginx
last-modified: Thu, 10 Oct 2024 15:44:24 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 hotjar-5039807.js Show response
static.hotjar.com/c/ 13 KB
6 KB 893ms
38ms Script
application/javascript 18.160.41.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-5039807.js?sv=6

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.41.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-41-49.iad55.r.cloudfront.net

Software

Resource Hash

96c868039ad68dace99970ed51897e39cc2bc06c0835a41503748ce0e63bf08f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
etag: W/0bfbdc32aff9f4786a63f934df50f7f3
age: 16
x-content-type-options: nosniff
x-cache-hit: 1
x-cache: Hit from cloudfront
x-amz-cf-id: yNIJr-yjsGSAx_mPI-ld1PmqQVorYZ9kZiyLs0J65cpktr2zQ56HOw==
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
via: 1.1 06186860a5ea94b333945ca9761eb36c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: IAD55-P1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 320 KB
109 KB 911ms
56ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1793ed9944680017119cd9bacedc81083a385cc01c79d006aa8eac261677f718

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 05 Dec 2024 11:30:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 05 Dec 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 111255
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/06/ 13 KB
0 25ms
25ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "651e1900-3214"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
content-type: image/webp
last-modified: Thu, 05 Oct 2023 02:01:36 GMT
cdn-cachedat: 11/04/2024 21:36:26
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/uploads/2022/06/Horizon3ai_Logo_Tagline_Horizontal_RGB-WhiteTxt.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: a5319290d1e17af9b604a1d1845aad5f
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12820
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 871
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Horizon3ai_Logo_Bug_RGB.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/11/ 20 KB
0 25ms
25ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/11/Horizon3ai_Logo_Bug_RGB.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

385825f3c978e51201237611398c837352a7cf4fc8f4dce0badef3871cad2dd4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "651e18fc-4f76"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
content-type: image/webp
last-modified: Thu, 05 Oct 2023 02:01:32 GMT
cdn-cachedat: 11/11/2024 14:10:35
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/uploads/2022/11/Horizon3ai_Logo_Bug_RGB.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: b2f4b6f088f4d9d3fb319673e465b7ef
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20342
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 isometric-laptop-mockup.png
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/06/ 470 KB
0 26ms
26ms Image
image/png 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2022/06/isometric-laptop-mockup.png

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

0abb6b841ec88ed4a6de1540fd8f6cf921147c69a849a617989fab23f53b520c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "66a52cb4-759ba"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/png
last-modified: Sat, 27 Jul 2024 17:21:56 GMT
cdn-cachedat: 11/04/2024 21:36:27
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/uploads/2022/06/isometric-laptop-mockup.png>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 0477d92ccab07ef75599ea26ff2cc151
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 481722
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Target-Path-Streamline-Ultimate.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/03/ 9 KB
0 26ms
26ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/03/Target-Path-Streamline-Ultimate.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

255d67153c707d1926f571d5e1c7051911138caf15d1dc4bb6759049221566fa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "65f085ad-2254"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Tue, 12 Mar 2024 16:41:17 GMT
cdn-cachedat: 12/02/2024 06:23:18
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/uploads/2024/03/Target-Path-Streamline-Ultimate.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: c76081df10416a9a233ee5f8934cdb74
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8788
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 941
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 entra_compromise_2-980x367.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/05/ 15 KB
0 21ms
21ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/05/entra_compromise_2-980x367.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

798b31a18cae3f6010e75b292d5efa21b347cb479c319b0b7344e023f1ed022a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "664bebe8-3bce"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Tue, 21 May 2024 00:33:44 GMT
cdn-cachedat: 11/24/2024 18:53:55
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/uploads/2024/05/entra_compromise_2-980x367.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: b7dbaa38811a27597fffd4a0d7403c80
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15310
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 718
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 video-game-sword.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2023/09/ 470 B
0 114ms
113ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2023/09/video-game-sword.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

0b58d82b60be4aa0041234b625c3f8d60899d17b440587da514346c2d2193421

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "651e18f7-1d6"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Thu, 05 Oct 2023 02:01:27 GMT
cdn-cachedat: 11/06/2024 19:55:55
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/uploads/2023/09/video-game-sword.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: af0091124c4658bc63a0ce981936a10e
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 470
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Stellar_Startups_2024.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/11/ 44 KB
0 27ms
27ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/11/Stellar_Startups_2024.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

b10a22e108ba5883c3a0bdfb235848db6d54ec10c37a2411f2f7f1b4c6e68e7a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "673515b0-afd6"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:55 GMT
content-type: image/webp
last-modified: Wed, 13 Nov 2024 21:10:08 GMT
cdn-cachedat: 11/13/2024 21:15:49
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/uploads/2024/11/Stellar_Startups_2024.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 3aa51541dddb600883c45c71731dce33
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 45014
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1069
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 top-infosec-innovator-winner-2024.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/10/ 85 KB
0 114ms
114ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/10/top-infosec-innovator-winner-2024.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

02e7e95efc6c386c43b24a985b2369b52b9f5649a272414ac4fd8252df0b90c5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "6720ef06-15356"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Tue, 29 Oct 2024 14:19:50 GMT
cdn-cachedat: 11/24/2024 01:21:54
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/uploads/2024/10/top-infosec-innovator-winner-2024.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 4045e9956c6ecc3c59e34b85875c3001
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 86870
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 894
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 Horizon3-AI_Square-1080x675.png.webp
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/10/ 35 KB
0 107ms
107ms Image
image/webp 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2024/10/Horizon3-AI_Square-1080x675.png.webp

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

4a628ac3a34a564f11ee722cefca531e3e6d61d17b02e32cfe88b1831197e9e7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "67224e78-8b98"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: image/webp
last-modified: Wed, 30 Oct 2024 15:19:20 GMT
cdn-cachedat: 11/04/2024 21:36:27
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
link: <https://www.horizon3.ai/wp-content/uploads/2024/10/Horizon3-AI_Square-1080x675.png.webp>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: bbaa964a4ba7c4f487df0a40a30e79e5
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 35736
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 940
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 et-divi-dynamic-tb-260934-tb-4381-261911-late.css
www.horizon3.ai/wp-content/et-cache/261911/ 190 KB
19 KB 93ms
64ms Stylesheet
text/css 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/et-cache/261911/et-divi-dynamic-tb-260934-tb-4381-261911-late.css

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

2564adfb49bcfcb0cdea389be328fa8e2099570870c8162363aa169743e7cea5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
etag: W/"674f21e4-2f838"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:56 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 03 Dec 2024 15:21:08 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31536000
referrer-policy: no-referrer-when-downgrade
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: *
x-xss-protection: "1; mode=block"
server: nginx

GET
H2 200 modules.a80e23f65c59cd611c5f.js Show response
script.hotjar.com/ 222 KB
55 KB 415ms
88ms Script
application/javascript 3.167.56.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.a80e23f65c59cd611c5f.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-5039807.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.167.56.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-167-56-16.iad61.r.cloudfront.net

Software

Resource Hash

6bb463ac36ef12be8174c2e51d47888cc8f8439f48676a2bf7698e9dd15e9384

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-robots-tag: none
content-encoding: br
etag: "3a9d3e3801de9559c802549d74fad588"
age: 73610
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 9iVc_x_eM1pZMnZqgbRWriE7TLZaUNqK47GkZdyZSaWA_9UaZamrJQ==
date: Wed, 04 Dec 2024 15:04:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 04 Dec 2024 15:03:16 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 8ae5bf017822b4dd886de38de05d26a8.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56221
x-amz-cf-pop: IAD61-P5

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 21 KB
7 KB 331ms
45ms XHR
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=989316&u=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&vn=2.1&x=true
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gnv2 /
Resource Hash: 710ad8821e94d65a7b18ce1223f6c10b7bf82f639358275b2f9286c2c0e3805e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.horizon3.ai
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: gnv2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 431 KB
134 KB 65ms
64ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V462VSRXXS&l=dataLayer&cx=c&gtm=45He4c30v852319646za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a2be874533db269fc460a971dc8154d6f41230145bd648f9502b1a90cf991d21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 05 Dec 2024 11:30:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 136668
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 290 KB
99 KB 55ms
55ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10792903506&l=dataLayer&cx=c&gtm=45He4c30v852319646za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

21e3efb6bd14db66c636d706d18a814d5d0b7a3eec8769bbb79c4f7d832004c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Thu, 05 Dec 2024 11:30:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 05 Dec 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 101479
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 43 KB
13 KB 524ms
14ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "1a001f3a066bff47a766099b87253911"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12220
date: Thu, 05 Dec 2024 11:30:57 GMT
last-modified: Mon, 18 Nov 2024 21:16:35 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 530ms
44ms Script
application/javascript 52.54.96.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-96-194.compute-1.amazonaws.com
Software: /
Resource Hash: 41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=63072000
content-encoding: gzip
etag: "15f4-gzip"
Connection: keep-alive
X-Pardot-Route: 16b0ab393667a33fe86adedc3141e88c
expires: Sat, 05 Dec 2026 11:30:57 GMT
accept-ranges: bytes
Content-Length: 1988
Date: Thu, 05 Dec 2024 11:30:57 GMT
Content-Type: application/javascript
last-modified: Wed, 20 Nov 2024 05:25:34 GMT
vary: Accept-Encoding,User-Agent

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 2 KB
1006 B 344ms
37ms Script
application/javascript 2600:1408:c400:5::17c7:3719
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:5::17c7:3719 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=11693
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 796
date: Thu, 05 Dec 2024 11:30:57 GMT
last-modified: Mon, 02 Dec 2024 19:27:08 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK PLwGhTJP Show response
io.clickguard.com/s/cHJvdGVjdG9y/ 8 KB
3 KB 541ms
81ms Script
application/javascript 2606:4700:20::681a:d98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://io.clickguard.com/s/cHJvdGVjdG9y/PLwGhTJP
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 576aa90d304a484feb03d4481894304f1dbf247b38ef4ed878d843b45a9b1431

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

Transfer-Encoding: chunked
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: DYNAMIC
etag: W/"1eaf-z2Ks5eUu1TvFzDoyRLmXUCOk7IQ"
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0mfqnyNdHiESpBGGzstz601mxYZC3NLvZlBZfT3vGuOSxh64yYykUUeT259O9q8vP8MJ%2FpHNHW9YOnUkUKapDA5sJNIEd2n7zBIqIfsVrAtmgQD5Vn6x3pV5f40HoqVajx1gOM5nzAYygI58xB%2Bp"}],"group":"cf-nel","max_age":604800}
via: 1.1 google
CF-RAY: 8ed3b506fab7a29f-YUL
access-control-allow-origin: *
server-timing: cfL4;desc="?proto=TCP&rtt=17243&min_rtt=16841&rtt_var=4166&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3494&recv_bytes=2381&delivery_rate=214486&cwnd=252&unsent_bytes=0&cid=3de605db63fb5a27&ts=452&x=0"
Date: Thu, 05 Dec 2024 11:30:57 GMT
Content-Type: application/javascript; charset=utf-8
x-powered-by: Express
Server: cloudflare

GET
H2 200 dreamdata.min.js Show response
cdn.dreamdata.cloud/scripts/analytics/v1/ 127 KB
38 KB 514ms
13ms Script
text/javascript 34.120.220.80
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.dreamdata.cloud/scripts/analytics/v1/dreamdata.min.js

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.220.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

80.220.120.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

8e78bcb85c5e969c9fbd74ade48ae59d1e8c94bc928b61947bab57c5f8576a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
content-encoding: gzip
x-goog-hash: crc32c=9JeVgg==, md5=WgwkKCkgGoD0mNSVnYPr/A==
etag: "5a0c242829201a80f498d4959d83ebfc"
age: 1463
x-goog-stored-content-encoding: gzip
expires: Thu, 05 Dec 2024 11:36:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 39064
date: Thu, 05 Dec 2024 11:06:34 GMT
last-modified: Tue, 19 Dec 2023 15:12:09 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-guploader-uploadid: AFiumC4JJ1eo0IuLwOARqyP7akarushug1S_zCcIDm49NKsvyS2NgB48WBRWUMUxfdMW9JvsbWk
strict-transport-security: max-age=63072000;includeSubdomains
cache-control: public,max-age=1800
x-goog-storage-class: STANDARD
referrer-policy: origin
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1702998729480704
content-length: 39064
server: UploadServer

GET
H2 200 identify-form.min.js Show response
cdn.dreamdata.cloud/scripts/identify-form/v1/ 20 KB
5 KB 511ms
11ms Script
text/javascript 34.120.220.80
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.dreamdata.cloud/scripts/identify-form/v1/identify-form.min.js

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.220.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

80.220.120.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

66c5889779331f1942f8bf56933acbab2f3c264c7e77f367795a8cb04506e9ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
content-encoding: gzip
x-goog-hash: crc32c=5dIwaw==, md5=impdbDppdNC8N+U3EJYhRg==
etag: "8a6a5d6c3a6974d0bc37e53710962146"
age: 851
x-goog-stored-content-encoding: gzip
expires: Thu, 05 Dec 2024 11:46:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 4325
date: Thu, 05 Dec 2024 11:16:46 GMT
last-modified: Fri, 12 Apr 2024 10:25:35 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-guploader-uploadid: AFiumC6dyxqnXr3gZ4Eij29x-53bGlllQn-Ndj6gF4FoVXKz1bPF_mDYu8eyrlTqxr4Ki-plWR5ugaCltQ
strict-transport-security: max-age=63072000;includeSubdomains
cache-control: public, max-age=1800
x-goog-storage-class: STANDARD
referrer-policy: origin
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1712917535471168
content-length: 4325
server: UploadServer

GET
H2 200 1018520.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
2 KB 363ms
99ms Script
text/javascript 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1018520.js?p=https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection&e=

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7535d9cb253798203cc402c58ac9f8644bda40a723eb8f812c7e90adc8367204

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8ed3b505ce0fa2a6-YUL
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 289 KB
99 KB 78ms
73ms Script
application/javascript 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10792903506

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

daba967828077d3ac18844b12637a55174b270721e782830211ac5827a771696

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 05 Dec 2024 11:30:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 05 Dec 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 101413
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 Red-Team-Blog-BG.jpg
www.horizon3.ai/wp-content/uploads/2022/10/ 51 KB
52 KB 71ms
71ms Image
image/jpeg 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.horizon3.ai/wp-content/uploads/2022/10/Red-Team-Blog-BG.jpg

Requested by

Host: p7i3u3x3.delivery.rocketcdn.me
URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-core-unified-tb-260934-tb-4381-deferred-261911.min.css?ver=1733239268

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

6555189a58cede3f19c2269dfa21e1e86734f122f0e190bfaaee35895dcbd9fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-core-unified-tb-260934-tb-4381-deferred-261911.min.css?ver=1733239268

Response headers

etag: "651e18fd-cdcc"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: image/jpeg
last-modified: Thu, 05 Oct 2023 02:01:33 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31536000
referrer-policy: no-referrer-when-downgrade
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 52684
x-xss-protection: "1; mode=block"
server: nginx

GET
H3 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 25 KB
25 KB 736ms
77ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUU1.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

8189eb6330e9f0b62e4fe2be8bbad8129ebf1db97e390c2386e0b5a2880aa403

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://www.horizon3.ai/

Response headers

age: 571884
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 28 Nov 2025 20:39:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 20:39:34 GMT
last-modified: Thu, 29 Jun 2023 16:13:30 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25500
x-xss-protection: 0
server: sffe

GET
H2 200 modules.woff
www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/social/ 10 KB
11 KB 112ms
78ms Font
font/woff 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/social/modules.woff

Requested by

Host: p7i3u3x3.delivery.rocketcdn.me
URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-divi-dynamic-tb-260934-tb-4381-261911-late.css?ver=1733239268

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

b4d9b5f545245d9781d491989a77089f380de3a58898ea70116cc59f61257e92

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-divi-dynamic-tb-260934-tb-4381-261911-late.css?ver=1733239268

Response headers

etag: "67472ebc-2850"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: font/woff
last-modified: Wed, 27 Nov 2024 14:37:48 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31536000
referrer-policy: no-referrer-when-downgrade
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10320
x-xss-protection: "1; mode=block"
server: nginx

GET
H2 200 fa-solid-900.woff2
www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 78 KB
79 KB 111ms
77ms Font
font/woff2 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-solid-900.woff2

Requested by

Host: p7i3u3x3.delivery.rocketcdn.me
URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-divi-dynamic-tb-260934-tb-4381-261911-late.css?ver=1733239268

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-divi-dynamic-tb-260934-tb-4381-261911-late.css?ver=1733239268

Response headers

etag: "67472ebc-139ac"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: font/woff2
last-modified: Wed, 27 Nov 2024 14:37:48 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31536000
referrer-policy: no-referrer-when-downgrade
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 80300
x-xss-protection: "1; mode=block"
server: nginx

GET
H3 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 25 KB
25 KB 734ms
76ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

46ed19e2d021296a35c1632b877c5fff1aa3c3eaec27d49d892e94545b792b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://www.horizon3.ai/

Response headers

age: 551102
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 29 Nov 2025 02:25:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 02:25:56 GMT
last-modified: Thu, 29 Jun 2023 16:17:59 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25656
x-xss-protection: 0
server: sffe

GET
H3 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 25 KB
25 KB 695ms
37ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1.woff2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

fbf0d9704506b1ad0def13dc96bf24602d807afe597a754ae59fe1d2c0efcec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://www.horizon3.ai/

Response headers

age: 536586
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 29 Nov 2025 06:27:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 06:27:52 GMT
last-modified: Thu, 29 Jun 2023 16:18:09 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25320
x-xss-protection: 0
server: sffe

GET
H3 200 worker-c3cc14a6c3dc9d613887420c3a8068efbr.js Show response
dev.visualwebsiteoptimizer.com/cdn/edrv/ 264 KB
64 KB 77ms
43ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/edrv/worker-c3cc14a6c3dc9d613887420c3a8068efbr.js
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: ae0f5f0a2b8fc13e4dbd08e586090db070b2a3375ec1cc3f92f05f3613495d70

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=j6x60Q==, md5=VtMUXT3sdX3VMgMfCn2K2g==
etag: "56d3145d3dec757dd532031f0a7d8ada"
age: 84245
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 65275
date: Wed, 04 Dec 2024 12:06:52 GMT
last-modified: Wed, 04 Dec 2024 11:18:35 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AFiumC5IMaNFF0ih9h3SZ2-D8WIKbrEd7HqD1yTOohmcymhSdW4R7voQXZAwXk2g2DxTuFkji2cc0fU1IQ
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1733311115874704
content-length: 65275
content-language: en
server: UploadServer

GET
H3 200 va_gq-fbd2e57cb78a64a3eca8367a6ae7e871br.js Show response
dev.visualwebsiteoptimizer.com/cdn/edrv/ 276 KB
72 KB 71ms
43ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/edrv/va_gq-fbd2e57cb78a64a3eca8367a6ae7e871br.js
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1232f8211b567a067ef7a68ffe979b4186d585000a0abae6eea6ccf33737a372

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=8hrwyg==, md5=NNobrm09/Z19quaF8Zw3rg==
etag: "34da1bae6d3dfd9d7daae685f19c37ae"
age: 15956
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 73256
date: Thu, 05 Dec 2024 07:05:01 GMT
last-modified: Thu, 05 Dec 2024 06:18:16 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AFiumC4zKqwPuq3L5y92CbulM4oPTffgiBB7hqmallKHZKO6ZdZkRafzuhqXUXy7udy3CqPOLsAmJfCNCg
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1733379496157745
content-length: 73256
content-language: en
server: UploadServer

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
146 B 84ms
43ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=989316&d=horizon3.ai&u=D130324A153B21CA6FA1A97516AC34139&h=9af9bda0c3b8bf616d57747ff5104208&t=false

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv01c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: public, max-age=43200
x-content-type-options: nosniff
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: image/gif
server: gnv01c

GET
H2 200 modules.woff
www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/all/ 90 KB
91 KB 60ms
53ms Font
font/woff 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff

Requested by

Host: p7i3u3x3.delivery.rocketcdn.me
URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-divi-dynamic-tb-260934-tb-4381-261911-late.css?ver=1733239268

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx /

Resource Hash

fe67b77ac7e0ef4b482dafb86adfa403db1b89a2f337d2dc8bd1278cfe975196

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://p7i3u3x3.delivery.rocketcdn.me/wp-content/et-cache/261911/et-divi-dynamic-tb-260934-tb-4381-261911-late.css?ver=1733239268

Response headers

etag: "67472ebc-167b4"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: font/woff
last-modified: Wed, 27 Nov 2024 14:37:48 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31536000
referrer-policy: no-referrer-when-downgrade
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 92084
x-xss-protection: "1; mode=block"
server: nginx

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 38ms
35ms Script
application/javascript 2600:1408:c400:5::17c7:3719
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:5::17c7:3719 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=11594
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14634
date: Thu, 05 Dec 2024 11:30:57 GMT
last-modified: Mon, 02 Dec 2024 19:22:52 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 65ms
59ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1018520.js?p=https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBMute0sGGAMARzWS
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

GET
H/1.1 200
OK analytics Show response
pi.pardot.com/ 1 KB
2 KB 233ms
232ms Script
text/javascript 52.54.96.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17120&account_id=972073&title=CVE-2024-8190%3A%20Investigating%20CISA%20KEV%20Ivanti%20Cloud%20Service%20Appliance%20Command%20Injection%20Vulnerability%20%7C%20Horizon3.ai&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&referrer=

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.54.96.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-54-96-194.compute-1.amazonaws.com

Software

Resource Hash

4fa7f9336a3ad36f645ae2c03405b2cd03d1e560c5e98fa7a95b8e62bb65256c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-pardot-rsp: 0/0/1
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
Connection: keep-alive
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Length: 536
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Date: Thu, 05 Dec 2024 11:30:58 GMT
Content-Type: text/javascript; charset=utf-8
vary: Accept-Encoding,User-Agent

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 242 KB
88 KB 51ms
50ms Script
application/javascript 64.233.180.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=G-158035514&l=dataLayer&cx=c&gtm=45He4c30v852319646za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

4b32d12dfe914e2d07fb5ebee9be986ee3a3c710d783e1808525e421e89fce48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Thu, 05 Dec 2024 11:30:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 11:30:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 05 Dec 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 89899
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_rwb6eefi/ 3 B
124 B 525ms
19ms XHR
application/json 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_rwb6eefi/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Thu, 05 Dec 2024 11:30:58 GMT
content-type: application/json

GET
H2 200 t2_rwb6eefi_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 61ms
26ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_rwb6eefi_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98
date: Thu, 05 Dec 2024 11:30:58 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 614ms
111ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1733398257973&id=t2_rwb6eefi&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=86d65993-e999-4dd6-a646-0cb02d7f279e&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Thu, 05 Dec 2024 11:30:58 GMT
content-type: image/gif
server: Varnish

POST
H2 200 / Show response
content.hotjar.io/ 56 B
171 B 693ms
223ms XHR
application/json 52.51.180.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=5039807&gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.a80e23f65c59cd611c5f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.51.180.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-180-248.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7cb6d903e32cd0822c32f2d263e7a3d9d94416ee35baa90a800fced1dd4a7faa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain; charset=UTF-8
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

access-control-max-age: 86400
access-control-allow-origin: *
content-length: 56
date: Thu, 05 Dec 2024 11:30:58 GMT
content-type: application/json

POST
H3 200 p Show response
cdn.dreamdata.cloud/api/v1/ 16 B
33 B 195ms
172ms XHR
application/json 34.120.220.80
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.dreamdata.cloud/api/v1/p

Requested by

Host: cdn.dreamdata.cloud
URL: https://cdn.dreamdata.cloud/scripts/analytics/v1/dreamdata.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.220.80 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

80.220.120.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

strict-transport-security: max-age=63072000;includeSubdomains
referrer-policy: nosniff
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
date: Thu, 05 Dec 2024 11:30:58 GMT
content-type: application/json; charset=utf-8
x-cloud-trace-context: ad0696c611dc3b1bb6e93c1d73bd72c6
server: Google Frontend

GET
H3 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUz.woff
fonts.gstatic.com/s/rubik/v28/ 32 KB
32 KB 39ms
37ms Font
font/woff 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUz.woff

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

7d1b0d7af8eb5e8dafc681f282db58efb53d808ac1701694fe3420992ed58d72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://www.horizon3.ai/

Response headers

age: 560228
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 28 Nov 2025 23:53:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 23:53:50 GMT
last-modified: Thu, 29 Jun 2023 16:13:31 GMT
content-type: font/woff
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 32848
x-xss-protection: 0
server: sffe

GET
H3 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUw.ttf
fonts.gstatic.com/s/rubik/v28/ 68 KB
36 KB 42ms
38ms Font
font/ttf 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFWUUw.ttf

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

977b03a17e6c623ab63583f72b1639b1ad6aef1ae044993c66b4c8328e571272

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://www.horizon3.ai/

Response headers

content-encoding: gzip
age: 514083
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 29 Nov 2025 12:42:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 12:42:55 GMT
last-modified: Thu, 29 Jun 2023 16:13:32 GMT
content-type: font/ttf
vary: Accept-Encoding
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 37076
x-xss-protection: 0
server: sffe

GET 0fdac886-9e60-4b61-96ac-6cb4d6fdb56c
https://www.horizon3.ai/ Frame 0
0

GET
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
53 B 34ms
34ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=989316&u=D130324A153B21CA6FA1A97516AC34139&s=1733398257&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22en-ca%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1733398258654%2C%22tO%22%3A8%2C%22tz%22%3A%22America%2FVancouver%22%7D&cu=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&r=0&p=1&cq=0&eTime=1733398257674&v=c658eacc2

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv01c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
x-content-type-options: nosniff
via: 1.1 google
expires: Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Thu, 05 Dec 2024 11:30:58 GMT
content-type: image/gif
server: gnv01c

GET
H3 200 nc-ac5151ce6b4363cbec185119c3591410br.js Show response
dev.visualwebsiteoptimizer.com/cdn/edrv/ 18 KB
6 KB 21ms
19ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/edrv/nc-ac5151ce6b4363cbec185119c3591410br.js
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 35a21597c4a0f63caf9b078c96d8efca05d083c0d91512c4a11b0ed261564983

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=pi9bzQ==, md5=ZpC2M8UUqAdTcVKrtseCLw==
etag: "6690b633c514a807537152abb6c7822f"
age: 15957
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 5625
date: Thu, 05 Dec 2024 07:05:01 GMT
last-modified: Thu, 05 Dec 2024 06:19:06 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AFiumC6zZoGENUWUp5BM27Ps1_kPBwV4n2YI0KqeR9WI16xEls4BPi5wLUvtmzem9yI-PDScNx1_VjVKVg
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1733379546318976
content-length: 5625
content-language: en
server: UploadServer

GET
H/1.1 200
OK analytics Show response
go.horizon3.ai/ 50 B
1020 B 630ms
142ms Script
text/javascript 18.208.125.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.horizon3.ai/analytics?conly=true&visitor_id=148162956&visitor_id_sign=83c777e0f8d4910853975bb4e097b67b6f22080e469ad5d0d181a9b80ffed75f3f511b8470bc940a668546ab25db73b70f601ae6&pi_opt_in=&campaign_id=17120&account_id=972073&title=CVE-2024-8190:%20Investigating%20CISA%20KEV%20Ivanti%20Cloud%20Service%20Appliance%20Command%20Injection%20Vulnerability%20|%20Horizon3.ai&url=https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=17120&account_id=972073&title=CVE-2024-8190%3A%20Investigating%20CISA%20KEV%20Ivanti%20Cloud%20Service%20Appliance%20Command%20Injection%20Vulnerability%20%7C%20Horizon3.ai&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&referrer=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.208.125.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-208-125-13.compute-1.amazonaws.com
Software: /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-pardot-rsp: 0/0/1
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
Connection: keep-alive
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Length: 50
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Date: Thu, 05 Dec 2024 11:30:59 GMT
Content-Type: text/javascript; charset=utf-8
vary: User-Agent

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
816 B 282ms
118ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3527860&time=1733398258683&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 000628843b79bb942b119718b625148b
x-msedge-ref: Ref A: D6E00BB8B40E4BC6A8D249F22AF3E3EA Ref B: YMQ01EDGE0421 Ref C: 2024-12-05T11:30:58Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYohDt5u5QrEZcYtiUUiw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 05 Dec 2024 11:30:58 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1733398258683&li_adsId=c30d9a88-5643-4a40-a3de-c4b81d13c8f6&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1733398258683&li_adsId=c30d9a88-5643-4a40-a3de-c4b81d13c8f6&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-...

0
264 B

179ms
86ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1733398258683&li_adsId=c30d9a88-5643-4a40-a3de-c4b81d13c8f6&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&e_ipv6=AQJQxmqOtsikiAAAAZOWlmT0-dgF2jAkH7I0jzi2EXovqZDuoF0fSGFjY9n98mKnny1AUe6J3g
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 78A054F953D34F338624073782621A7A Ref B: YMQ01EDGE0310 Ref C: 2024-12-05T11:30:59Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYohDt9TzT9OI/1LYNu8A==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 05 Dec 2024 11:30:58 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3527860&time=1733398258683&li_adsId=c30d9a88-5643-4a40-a3de-c4b81d13c8f6&url=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&e_ipv6=AQJQxmqOtsikiAAAAZOWlmT0-dgF2jAkH7I0jzi2EXovqZDuoF0fSGFjY9n98mKnny1AUe6J3g
x-msedge-ref: Ref A: 84B1F2FA65F74DD4B4B1C799A215C078 Ref B: YMQ01EDGE0411 Ref C: 2024-12-05T11:30:58Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYohDt6PQw5hhwytKNCYA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 05 Dec 2024 11:30:58 GMT

POST
H/1.1 200
OK PLwGhTJP Show response
pulse.clickguard.com/r/cHJvdGVjdG9y/ 0
809 B 66ms
61ms XHR
text/plain 2606:4700:20::681a:c98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pulse.clickguard.com/r/cHJvdGVjdG9y/PLwGhTJP
Requested by: Host: io.clickguard.com
URL: https://io.clickguard.com/s/cHJvdGVjdG9y/PLwGhTJP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-Cache-Status: DYNAMIC
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5htgZZAizmftZp5PNX4dNYx5t2DOH6mvdj%2BkKscW45dAAO38fvZO3DN62jHB5q7JENbRRFM6ZXCU9dlqY0%2Fb2QKyA7zZ5HQhM88iVyDtxI6yoefuD5Kt8Zvr2Xeso6hszZu8zvJP3Cxs%2BQz%2FlzrgnY6l"}],"group":"cf-nel","max_age":604800}
via: 1.1 google
CF-RAY: 8ed3b50ec8846e06-YUL
access-control-allow-origin: *
server-timing: cfL4;desc="?proto=TCP&rtt=16547&min_rtt=16137&rtt_var=2545&sent=9&recv=13&lost=0&retrans=0&sent_bytes=4921&recv_bytes=3283&delivery_rate=240170&cwnd=254&unsent_bytes=0&cid=91669b338f67d0e3&ts=196&x=0"
Content-Length: 0
Date: Thu, 05 Dec 2024 11:30:59 GMT
x-powered-by: Express
Server: cloudflare

OPTIONS
H/1.1 204
No Content PLwGhTJP
pulse.clickguard.com/r/cHJvdGVjdG9y/ Frame 0
0 209ms
62ms Preflight 2606:4700:20::681a:c98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pulse.clickguard.com/r/cHJvdGVjdG9y/PLwGhTJP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.horizon3.ai
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 8ed3b50e58466e06-YUL
Connection: keep-alive
Content-Length: 0
Date: Thu, 05 Dec 2024 11:30:58 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D1vJn45qPz4J39YsfwXZFY0GhqVu%2B3K8UxWOVwP6g4WEfNZ3o1SxZUda5hbPsr1WOcqAHK9I8mSNzOOMY9mlsLOhZfGSrP6ufS3EX33ospsEr8P%2FtkPypIG0R4NNgAl2rIk3GZlT81cYWstoGnByI6yf"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
server-timing: cfL4;desc="?proto=TCP&rtt=16193&min_rtt=16137&rtt_var=3434&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3493&recv_bytes=2439&delivery_rate=240170&cwnd=252&unsent_bytes=0&cid=91669b338f67d0e3&ts=124&x=0"
vary: Access-Control-Request-Headers
via: 1.1 google
x-powered-by: Express

GET
H3 200 track-eb77ef60884291c678179663e7024027br.js Show response
dev.visualwebsiteoptimizer.com/cdn/7.0/ 17 KB
5 KB 22ms
20ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/7.0/track-eb77ef60884291c678179663e7024027br.js
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: b93b8bc30d7116c14216723b9f3f9021a1eb15ce3c44987c138c73a1e2bb068b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=ZjPV4Q==, md5=KVTT9bP41CHixIfOkbcFtw==
etag: "2954d3f5b3f8d421e2c487ce91b705b7"
age: 430785
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 4845
date: Sat, 30 Nov 2024 11:51:13 GMT
last-modified: Sat, 30 Nov 2024 10:20:16 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AFiumC6EDiBL2orvf72gYCs0ZrJejIP-InFyc9YIndptynORWSWew7fJDlUgGgZkDFTqwIbiUaN0AEy6ug
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1732962016128347
content-length: 4845
content-language: en
server: UploadServer

GET
H3 200 opa-e1cc437f240a3443678abb4064e78b09br.js Show response
dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/ 157 KB
39 KB 22ms
20ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a066ac98e9a1e46c30b20555ef7ae9bda8aaca0a6b321cccb90c7736b205c765

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=jZzHSg==, md5=auhdfbUDKKAzoT6ipQOdJA==
etag: "6ae85d7db50328a033a13ea2a5039d24"
age: 5235
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 40396
date: Thu, 05 Dec 2024 10:03:43 GMT
last-modified: Thu, 05 Dec 2024 08:24:24 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AFiumC6ZY3UNaH3h-BM_Bnpgnwn-J7JTo4Tsb_dHOQwkBIvIhRAHHundZgKH0s50InV8-UJWo3g
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1733387063974598
content-length: 40396
content-language: en
server: UploadServer

POST
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
53 B 42ms
39ms Ping
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=989316&u=D130324A153B21CA6FA1A97516AC34139&s=1733398257&p=1&update=1&cq=1&ttl=30&eTime=1733398258019&v=c658eacc2&_cu=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&random=0.0823180882784289

Requested by

Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv01c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
x-content-type-options: nosniff
via: 1.1 google
expires: Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Thu, 05 Dec 2024 11:30:58 GMT
content-type: image/gif
server: gnv01c

GET
H3 200 worker-70faafffa0475802f5ee03ca5ff74179br.js Show response
dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/ 46 KB
13 KB 21ms
20ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/worker-70faafffa0475802f5ee03ca5ff74179br.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 09b67475f266dbf552159ca9f6b44d9dc3ea04842b2bd6e8b09d74f6b21897d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=t9nekA==, md5=OTBW++nqbotSERjfhuer5A==
etag: "393056fbe9ea6e8b521118df86e7abe4"
age: 84247
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 13401
date: Wed, 04 Dec 2024 12:06:52 GMT
last-modified: Mon, 18 Nov 2024 15:33:36 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AFiumC5gMrFDmRJcZjxrKRgXeDaaRQ5g9LeNAT7f-8TMsG3aMTUqeXLNlfSnr9b38kPnzhshlCY
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1731944016327387
content-length: 13401
content-language: en
server: UploadServer

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
197 B 83ms
81ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 3A3C78EEC92C433E92F339C46E25C672 Ref B: YMQ01EDGE0411 Ref C: 2024-12-05T11:30:59Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAYohDt+wJYFvUj2TpjzGQ==
x-li-proto: http/2
access-control-allow-origin: https://www.horizon3.ai
x-cache: CONFIG_NOCACHE
date: Thu, 05 Dec 2024 11:30:58 GMT
vary: Origin

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 156ms
46ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
etag: W/"b2877da906a3216c4f3fc4030b205e54"
age: 77645
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: uxLb1KQWrV6oPf1j9zOmXVJ1qAy7MwTSqsYs2_sTdkpzFnNnjCGCBA==
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: application/javascript
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
vary: Accept-Encoding
via: 1.1 e61bcf0a5eee0947af7e166c03213906.cloudfront.net (CloudFront)
cf-ray: 8ed3b5118a4aac3c-YYZ
x-amz-cf-pop: YTO53-P1
server: cloudflare

GET
H2 200 3MoUbW19.json Show response
cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/ 126 B
378 B 84ms
25ms Fetch
application/json 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/3MoUbW19.json
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37e8ac4f97f8910154eb843180817322534f2c47a02181d875f9b92ec476ce84

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"7e-627ae5f008ea3"
age: 285034
access-control-allow-methods: GET, OPTIONS
cf-ray: 8ed3b51128e0a2b2-YUL
access-control-allow-origin: *
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
last-modified: Sun, 24 Nov 2024 20:22:11 GMT

POST
H2 200 admin-ajax.php Show response
www.horizon3.ai/wp-admin/ 218 B
1 KB 284ms
271ms XHR
text/html 104.197.16.226
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.horizon3.ai/wp-admin/admin-ajax.php

Requested by

Host: p7i3u3x3.delivery.rocketcdn.me
URL: https://p7i3u3x3.delivery.rocketcdn.me/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.197.16.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

226.16.197.104.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

cf26950797d9cf23baa5111fbd244871dd88bd33081692697b9143d52b919cdb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-robots-tag: noindex
content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
access-control-allow-origin: https://www.horizon3.ai
content-length: 154
x-xss-protection: "1; mode=block"
x-powered-by: WP Engine
server: nginx

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/dcdn/ 10 KB
3 KB 87ms
86ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/dcdn/settings.js?a=989316&settings_type=4&ts=1733393285&dt=desktop&cc=CA
Requested by: Host: www.horizon3.ai
URL: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gnv2 /
Resource Hash: 35ff57fbbf0bc684f0348aaafaf72edd9ce117ef8335265407f0b456003b7266

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn_cache_status: miss
cache-control: public, max-age=1800, s-maxage=1800
content-encoding: gzip
etag: W/"1733393285_EA"
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: application/javascript; charset=UTF-8
server: gnv2

GET
H2 200 cropped-favicon-32x32.png
p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2021/06/ 2 KB
3 KB 42ms
41ms Other
image/png 169.150.236.99
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://p7i3u3x3.delivery.rocketcdn.me/wp-content/uploads/2021/06/cropped-favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.99 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-99.bunnyinfra.net

Software

BunnyCDN-IL1-1069 / RocketCDN - b

Resource Hash

f80d87f46f45bb648d45a1de343befaf9eefa5604cdde3f5a53d95d3d6a900f9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cdn-status: 200
etag: "651e1904-78c"
x-content-type-options: nosniff
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: image/png
last-modified: Thu, 05 Oct 2023 02:01:40 GMT
cdn-cachedat: 11/09/2024 23:06:25
cdn-cache: HIT
x-frame-options: SAMEORIGIN
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://www.horizon3.ai/wp-content/uploads/2021/06/cropped-favicon-32x32.png>; rel="canonical"
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 9c62a85e-aade-42a0-9ab7-0e0ad624743f
cdn-requestid: 5e666f36774ac7b5fccbed31f18245ae
cdn-pullzone: 1682947
referrer-policy: no-referrer-when-downgrade
cdn-proxyver: 1.06
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), vertical-scroll=(), vr=(), wake-lock=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1932
vary: Accept-Encoding
x-xss-protection: "1; mode=block"
cdn-edgestorageid: 1067
x-powered-by: RocketCDN - b
server: BunnyCDN-IL1-1069
cdn-requestcountrycode: CA

GET
H2 200 ip Show response
directory.cookieyes.com/api/v1/ 113 B
333 B 419ms
104ms Fetch
text/html 52.212.126.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://directory.cookieyes.com/api/v1/ip
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/banner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.126.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-126-15.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: 1b675b274e2f16df107393da79be3ec21c946aa0e62c9f5c98b792be0bccdb7c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-robots-tag: noindex, nofollow
link: <https://www.cookieyes.com>; rel="canonical"
etag: W/"71-ZFMr9ODmKBtd6ld0DFNKQXRAjSo"
access-control-allow-origin: *
content-length: 113
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 127ms
99ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.horizon3.ai
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://www.horizon3.ai
alt-svc: h3=":443"; ma=86400
apigw-requestid: CUNGHgGvvHcEMuA=
cf-cache-status: DYNAMIC
cf-ray: 8ed3b5123f51ac87-YYZ
date: Thu, 05 Dec 2024 11:30:59 GMT
server: cloudflare
vary: Origin
via: 1.1 6f94f45aff87b62bf23b96365b56b0a0.cloudfront.net (CloudFront)
x-amz-cf-id: ZfS_vNx8nx3rSWSFkHKNeMOQCKesVY94-lpBvR__GeE0vAcKOwV2yA==
x-amz-cf-pop: YTO53-P1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
582 B 128ms
127ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9081172689dae5ae0e7549c44e7eb7d4cd21225949b98e5b4dd4ad4c70c8fd38

Request headers

Authorization: Bearer 91ee87a5431669218673
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"cb-mc3Gl0YsQ9y+pukNr0t1nSJ9OeU"
apigw-requestid: CUNGIhvkvHcESGg=
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: YaeEBJcQ3i_-_4o1sRpK3l2Mnuymg4XUbcCHGYu80Njza1Hx5l0Vkw==
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: application/json; charset=utf-8
vary: Origin
via: 1.1 efdcc66e9e8d02eefead50d956823812.cloudfront.net (CloudFront)
cf-ray: 8ed3b512efadac87-YYZ
access-control-allow-origin: https://www.horizon3.ai
x-amz-cf-pop: YTO53-P1
x-powered-by: Express
server: cloudflare

GET 28ea99dc-1324-4505-8a14-f80bb1e7970b
https://www.horizon3.ai/ Frame 0
0

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/61eaf806342d59001e8ed916/ Frame 0
0 235ms
95ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/61eaf806342d59001e8ed916/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.horizon3.ai
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.horizon3.ai
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ed3b514bc91ab76-YYZ
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 05 Dec 2024 11:31:00 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 49 KB
15 KB 177ms
53ms Script
application/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=A2aW0Q==, md5=JRurSHzL3UB0yE1Wjm0Zqg==
cf-cache-status: DYNAMIC
etag: W/"251bab487ccbdd4074c84d568e6d19aa"
age: 2002
content-encoding: gzip
x-goog-stored-content-encoding: identity
expires: Thu, 05 Dec 2024 11:57:37 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 50634
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: application/javascript
last-modified: Wed, 06 Nov 2024 05:44:23 GMT
x-guploader-uploadid: AFiumC46-eUd0o9QuizjRkgAFqG4DeOyULYKOvl9fNrE1JiI-CLjZqXorcckJMiFIhtVnVgoUXLAXlZs3A
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
cf-ray: 8ed3b5148c0cabd6-YYZ
x-goog-generation: 1730871862939881
server: cloudflare

GET
H3 200 / Show response
ws.zoominfo.com/pixel/61eaf806342d59001e8ed916/ 5 KB
2 KB 359ms
333ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/61eaf806342d59001e8ed916/?iszitag=true

Requested by

Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

f7060e3ce4d6f25a745e122a2dedf267203ceea25662e8adc403b380cf6dda4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: 0f40157518b486bdb5df1733398259
_vtok: MTY3LjExNC4yMDkuMTAz
visited-url: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8ed3b515696736ac-YYZ
access-control-allow-origin: https://www.horizon3.ai
alt-svc: h3=":443"; ma=86400
date: Thu, 05 Dec 2024 11:31:00 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

GET
H2 200 249EI8GA.json Show response
cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/config/ 32 KB
6 KB 36ms
32ms Fetch
application/json 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/config/249EI8GA.json
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8297b16c97faff3b26362d8d51004b8e911e65ef3cd07d5763d7d30065e1032

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"8135-627ae5f009e43"
age: 285033
access-control-allow-methods: GET, OPTIONS
cf-ray: 8ed3b5140b06a2b2-YUL
access-control-allow-origin: *
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
last-modified: Sun, 24 Nov 2024 20:22:11 GMT

POST
H2 200 analyze Show response
r4.visualwebsiteoptimizer.com/ 0
143 B 291ms
73ms XHR
application/javascript 34.145.201.140
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://r4.visualwebsiteoptimizer.com/analyze?_a=989316&_u=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.145.201.140 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 140.201.145.34.bc.googleusercontent.com
Software: r4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryVV7qo9W6nXpHB7Dt
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

access-control-allow-origin: *
content-encoding: gzip
date: Thu, 05 Dec 2024 11:31:00 GMT
content-type: application/javascript; charset=UTF-8
server: r4

GET
H2 200 gpGbhK55.json Show response
cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/translations/ 2 KB
818 B 26ms
25ms Fetch
application/json 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/translations/gpGbhK55.json
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ceee47c3db5b16869c14dc3f5369893702b142af4be5f35238ca1c700018eac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6a4-627ae5f009e43"
age: 285033
access-control-allow-methods: GET, OPTIONS
cf-ray: 8ed3b5145b63a2b2-YUL
access-control-allow-origin: *
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
last-modified: Sun, 24 Nov 2024 20:22:11 GMT

GET
H2 200 zU9Gz2hk.json Show response
cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/audit-table/ 15 KB
4 KB 26ms
25ms Fetch
application/json 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/audit-table/zU9Gz2hk.json
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2d27e439efb0202ce2ef8fddc69ada8498eb11c055e478d69ac77dad641a5f7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=0, must-revalidate, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"3d37-627ae5f008ea3"
age: 285032
access-control-allow-methods: GET, OPTIONS
cf-ray: 8ed3b5148b82a2b2-YUL
access-control-allow-origin: *
date: Thu, 05 Dec 2024 11:30:59 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
last-modified: Sun, 24 Nov 2024 20:22:11 GMT

GET
H3 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-2Y-FWUU1.woff2
fonts.gstatic.com/s/rubik/v28/ 25 KB
25 KB 37ms
37ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-2Y-FWUU1.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

5b6b5794ed90f5d92c63d4bb9dc269e02e5c5140568997660213f8990bd76247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://www.horizon3.ai/

Response headers

age: 542046
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 29 Nov 2025 04:56:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 29 Nov 2024 04:56:54 GMT
last-modified: Thu, 29 Jun 2023 16:17:58 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25620
x-xss-protection: 0
server: sffe

GET
H3 200 iJWbBXyIfDnIV7nEt3KSJbVDV49rz8tvE3U5f4I.woff2
fonts.gstatic.com/s/rubik/v28/ 26 KB
26 KB 39ms
39ms Font
font/woff2 142.251.163.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWbBXyIfDnIV7nEt3KSJbVDV49rz8tvE3U5f4I.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f94.1e100.net

Software

sffe /

Resource Hash

c8d3f912823fc8f083ba6e248082267ec76b78901c3dfc0c1a3923ab3cf0b2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.horizon3.ai
Referer: https://www.horizon3.ai/

Response headers

age: 574897
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 28 Nov 2025 19:49:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 28 Nov 2024 19:49:23 GMT
last-modified: Thu, 29 Jun 2023 16:02:09 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26264
x-xss-protection: 0
server: sffe

GET
H2 200 close.svg
cdn-cookieyes.com/assets/images/ 1 KB
772 B 30ms
27ms Image
image/svg+xml 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cookieyes.com/assets/images/close.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a049e1abe441835a2bcf35258936072189a0a52d0000c4ed2094e59d2afd189b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=0, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"541-5da3a66c769d4"
age: 260115
cf-ray: 8ed3b5153a51a2f2-YUL
access-control-allow-origin: *
date: Thu, 05 Dec 2024 11:31:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: cloudflare
last-modified: Tue, 15 Mar 2022 04:40:50 GMT

GET
H2 200 poweredbtcky.svg
cdn-cookieyes.com/assets/images/ 4 KB
2 KB 26ms
24ms Image
image/svg+xml 2606:4700:10::ac43:1408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cookieyes.com/assets/images/poweredbtcky.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 911f58b8d14bd6f73a83fd774e44bec97e896317c7093dc83e96921e64f1fbd5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: max-age=0, s-maxage=604800, proxy-revalidate
content-encoding: gzip
cf-cache-status: HIT
etag: W/"eb2-5da3a68c50d09"
age: 361983
cf-ray: 8ed3b5153a52a2f2-YUL
access-control-allow-origin: *
date: Thu, 05 Dec 2024 11:31:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: cloudflare
last-modified: Tue, 15 Mar 2022 04:41:24 GMT

POST
H2 200 log
log.cookieyes.com/api/v1/ 2 B
218 B 105ms
103ms Ping
text/plain 52.212.126.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://log.cookieyes.com/api/v1/log
Requested by: Host: cdn-cookieyes.com
URL: https://cdn-cookieyes.com/client_data/daa31177c9c80d87339f719a/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.126.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-126-15.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFQr65VSs78xnzmlr
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

x-robots-tag: noindex, nofollow
link: <https://www.cookieyes.com>; rel="canonical"
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-origin: *
content-length: 2
date: Thu, 05 Dec 2024 11:31:00 GMT
content-type: text/plain; charset=utf-8
x-powered-by: Express

POST
H3 200 collect
pagead2.googlesyndication.com/ccm/ 0
0 118ms
46ms Ping
text/plain 142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&scrsrc=www.googletagmanager.com&frm=0&rnd=1535953920.1733398260&npa=1&gtm=45He4c30v852319646za200&gcs=G100&gcd=13q3q3W3q5l1&dma_cps=-&dma=0&tag_exp=101925629~102067555~102067808~102081485&tft=1733398260212&tfd=9323&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ww-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 111ms
40ms Fetch
text/plain 2607:f8b0:4004:c1b::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-V462VSRXXS&gtm=45je4c30v889089095z8852319646za200zb852319646&_p=1733398256174&gcs=G100&gcd=13q3q3W3q5l1&npa=1&dma_cps=-&dma=0&tag_exp=101925629~102067555~102067808~102081485&gdid=dY2Q2ZW&gtm_up=1&cid=249994142.1733398260&ecid=1005812062&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=1&sid=1733398257&sct=1&seg=0&dl=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&dt=CVE-2024-8190%3A%20Investigating%20CISA%20KEV%20Ivanti%20Cloud%20Service%20Appliance%20Command%20Injection%20Vulnerability%20%7C%20Horizon3.ai&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=9415
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1b::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.horizon3.ai
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 05 Dec 2024 11:31:00 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4c30/ Frame 26C4 0
0 334ms
33ms Document
text/html 2607:f8b0:4004:c19::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.horizon3.ai

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NXGBH9M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 31140
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Dec 2024 02:52:00 GMT
expires: Fri, 05 Dec 2025 02:52:00 GMT
last-modified: Tue, 03 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 67ms
64ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1018520.js?p=https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryg1bv1purLjFWPZxr
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 2 B
344 B 90ms
88ms Fetch
application/json 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Authorization: bearer dddfc8155a8b4c46fae3f17128d0bf
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-robots-tag: noindex, nofollow
cf-cache-status: DYNAMIC
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8ed3b5185b1f36ac-YYZ
access-control-allow-origin: https://www.horizon3.ai
alt-svc: h3=":443"; ma=86400
content-length: 2
date: Thu, 05 Dec 2024 11:31:00 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 81ms
81ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.horizon3.ai
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.horizon3.ai
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ed3b517ce94ab76-YYZ
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 05 Dec 2024 11:31:00 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
BLOB 200
OK 0ee1b2dc-6e78-440d-9869-4be3022f4d2d Show response
https://www.horizon3.ai/ 5 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.horizon3.ai/0ee1b2dc-6e78-440d-9869-4be3022f4d2d
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7060e3ce4d6f25a745e122a2dedf267203ceea25662e8adc403b380cf6dda4a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 4885

GET
H2 200 data.js Show response
tags.clickagy.com/ 36 KB
14 KB 354ms
35ms Script
text/javascript 2600:9000:28a9:7400:4:8491:f2c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95

Requested by

Host: www.horizon3.ai
URL: blob:https://www.horizon3.ai/0ee1b2dc-6e78-440d-9869-4be3022f4d2d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:28a9:7400:4:8491:f2c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

429e6cab64539f15ca1c33984a782a42b43c0f02dba4cc4009f322f89fac9492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

content-encoding: br
etag: W/"2ac14c18b84a1d8b7e645922aeff9e5b"
x-amz-version-id: IA_xxjAGlNIXOVlzxUwJZwRAUV0GLAv1
age: 55762
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: e6z5Sob5yqFCoKoMaZI2_NoWQInTu1Lv9SEnqX7IuCEK3rfHVtA7_g==
date: Wed, 04 Dec 2024 20:01:39 GMT
content-type: text/javascript
vary: accept-encoding, Origin
last-modified: Tue, 01 Oct 2024 15:11:36 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: strict-origin-when-cross-origin
via: 1.1 fbc42204e55f2d64b315e42c205d3254.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: IAD89-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 15 KB
6 KB 348ms
31ms Script
application/javascript 3.167.72.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.horizon3.ai
URL: blob:https://www.horizon3.ai/0ee1b2dc-6e78-440d-9869-4be3022f4d2d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.167.72.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-167-72-96.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0bdc14b4be4e94f9632852f2a3dd7de94ffe204eac05a91c1064bf028f4457c9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

Transfer-Encoding: chunked
Vary: accept-encoding
Content-Encoding: gzip
ETag: W/"7a3b6d6301e5c150449a213f0d0bcee2"
Age: 26974
Connection: keep-alive
Via: 1.1 b7cdad11a8da074c3364a379749f7320.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: ykPU1WkK0TKIaLAi2J6Our0zB2gIgNJ19n7AREPfC2q6ynYOJfwA_g==
Date: Thu, 05 Dec 2024 04:01:27 GMT
Content-Type: application/javascript
Last-Modified: Tue, 03 Dec 2024 04:00:44 GMT
Server: AmazonS3
X-Amz-Cf-Pop: IAD61-P6
x-amz-server-side-encryption: AES256

POST
H2 200 data Show response
aorta.clickagy.com/ 57 B
506 B 122ms
34ms XHR
application/json 3.225.164.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.225.164.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-225-164-135.compute-1.amazonaws.com
Software: Aorta/20241115.084e84610 /
Resource Hash: cd38316b4f7c68e45cdaaf8767996c3f537e749868a6f63ba052e604a8a9b2bd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 2bb5e556c097
access-control-allow-origin: https://www.horizon3.ai
content-length: 82
date: Thu, 05 Dec 2024 11:31:00 GMT
content-type: application/json
server: Aorta/20241115.084e84610
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H3

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%25...
https://us-u.openx.net/w/1.0/cm?cc=1&id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.n...
https://aorta.clickagy.com/pixel.gif?ch=4&cm=d116edbc-5090-4d6a-ad94-6366b0eb658e&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537073026%26val%3D%7Bvisitor_id%7D
https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:e5f4bca74c485101517dc4709c34d5ad

43 B
61 B

22ms
21ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:e5f4bca74c485101517dc4709c34d5ad
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 167.114.209.103
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 05 Dec 2024 11:31:01 GMT
content-type: image/gif
vary: Accept

Redirect headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
location: https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:e5f4bca74c485101517dc4709c34d5ad
expect: 0
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 2bb5e556c097
access-control-allow-origin: *
content-length: 0
date: Thu, 05 Dec 2024 11:31:01 GMT
content-type: text/plain
server: Aorta/20241115.084e84610
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2

200

/
match.adsrvr.org/track/upb/ Frame B5CD
Redirect Chain

https://insight.adsrvr.org/track/up?adv=nnpwm2i&ref=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&upid=r539y9j&upv=1.1.0&paapi=1
https://match.adsrvr.org/track/upb/?adv=nnpwm2i&ref=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&upid=r539y9j&upv=1.1.0&paapi=1

0
0

44ms
40ms

Document
text/html

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/upb/?adv=nnpwm2i&ref=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&upid=r539y9j&upv=1.1.0&paapi=1
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html
date: Thu, 05 Dec 2024 11:31:00 GMT
server: Kestrel
vary: Accept-Encoding

Redirect headers

content-length: 40
date: Thu, 05 Dec 2024 11:31:00 GMT
location: https://match.adsrvr.org/track/upb/?adv=nnpwm2i&ref=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection&upid=r539y9j&upv=1.1.0&paapi=1
server: Kestrel

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
326 B 343ms
38ms XHR
text/plain 52.4.157.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.4.157.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-157-154.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

access-control-expose-headers: content-length, last-modified, expires, content-type
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://www.horizon3.ai
content-length: 28
date: Thu, 05 Dec 2024 11:31:01 GMT
content-type: text/plain; charset=utf-8
vary: origin

POST
H2 200 analyze Show response
r4.visualwebsiteoptimizer.com/ 0
142 B 71ms
63ms XHR
application/javascript 34.145.201.140
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://r4.visualwebsiteoptimizer.com/analyze?_a=989316&_u=https%3A%2F%2Fwww.horizon3.ai%2Fattack-research%2Fcisa-kev-cve-2024-8190-ivanti-csa-command-injection
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-e1cc437f240a3443678abb4064e78b09br.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.145.201.140 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 140.201.145.34.bc.googleusercontent.com
Software: r4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIvGJgBp42Hh2CsD2
Referer: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection

Response headers

access-control-allow-origin: *
content-encoding: gzip
date: Thu, 05 Dec 2024 11:31:05 GMT
content-type: application/javascript; charset=UTF-8
server: r4

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.horizon3.ai
URL: blob:https://www.horizon3.ai/0fdac886-9e60-4b61-96ac-6cb4d6fdb56c

Domain: www.horizon3.ai
URL: blob:https://www.horizon3.ai/28ea99dc-1324-4505-8a14-f80bb1e7970b

Verdicts & Comments Add Verdict or Comment

232 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.g2crowd.com/	1970-01-21 01:30:00	Name: __cf_bm Value: Y88nq1E4MPtOKrKyqFZ2dKVYvor.hvOWX4LDSFSgoCs-1733398257-1.0.1.1-mfBigrX7_WCnm2yO5RmWduxIgcms7GlQkkClqqisKRXLGOOIdvW89QlbuaGsJsx7fbRXFkpvTx4VFSQMkyta4w
.horizon3.ai/	1970-01-21 10:17:00	Name: _vwo_uuid_v2 Value: D130324A153B21CA6FA1A97516AC34139\|9af9bda0c3b8bf616d57747ff5104208
.pardot.com/	1970-01-21 11:05:58	Name: visitor_id971073 Value: 148162956
.pardot.com/	1970-01-21 11:05:58	Name: visitor_id971073-hash Value: 83c777e0f8d4910853975bb4e097b67b6f22080e469ad5d0d181a9b80ffed75f3f511b8470bc940a668546ab25db73b70f601ae6
pi.pardot.com/	1970-01-21 01:30:00	Name: lpv971073 Value: aHR0cHM6Ly93d3cuaG9yaXpvbjMuYWkvYXR0YWNrLXJlc2VhcmNoL2Npc2Eta2V2LWN2ZS0yMDI0LTgxOTAtaXZhbnRpLWNzYS1jb21tYW5kLWluamVjdGlvbg%3D%3D
.horizon3.ai/	1970-01-21 10:15:55	Name: _vwo_uuid Value: D130324A153B21CA6FA1A97516AC34139
.horizon3.ai/	1970-01-21 03:53:58	Name: _vis_opt_s Value: 1%7C
.horizon3.ai/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.linkedin.com/	1970-01-21 10:15:34	Name: bcookie Value: "v=2&5a755c48-ef4f-4dd9-805b-400b0a02f402"
.linkedin.com/	1970-01-21 05:49:10	Name: li_gc Value: MTswOzE3MzMzOTgyNTg7MjswMjHsOY3Vy2r3IoSKcNmQIm/OfRRT2+IhVwxsNGAQ0N7TLg==
.linkedin.com/	1970-01-21 01:31:24	Name: lidc Value: "b=TGST06:s=T:r=T:a=T:p=T:g=3053:u=1:x=1:i=1733398258:t=1733484658:v=2:sig=AQERdBtaoc06a1qEOWD72HbfQd59msu1"
.horizon3.ai/	1970-01-21 02:13:10	Name: _vwo_ds Value: 3%3At_1%2Ca_1%3A0%241733398257%3A53.22264491%3A%3A%3A4_1%2C3_1%3A1
go.horizon3.ai/	1970-01-21 11:05:58	Name: visitor_id971073 Value: 148162956
go.horizon3.ai/	1970-01-21 11:05:58	Name: visitor_id971073-hash Value: 83c777e0f8d4910853975bb4e097b67b6f22080e469ad5d0d181a9b80ffed75f3f511b8470bc940a668546ab25db73b70f601ae6
.horizon3.ai/	1970-01-21 01:30:00	Name: _vwo_sn Value: 0%3A1%3Ar4.visualwebsiteoptimizer.com%3A1%3A1%3Areferrer%3D
www.horizon3.ai/	1970-01-21 10:15:34	Name: cookieyes-consent Value: consentid:OW5NQkR4NFVadHNxdk41MXRQSTZnd0tKb0Q1WE1LekM,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no,other:no
.zoominfo.com/	1970-01-21 01:30:00	Name: __cf_bm Value: KY2vT7_zQSeckqTHIjBd3dM5wW6Thlg9Go2yGr2l4ug-1733398259-1.0.1.1-v0S0otfXKlumWPFUVLiJD0tsrzmsmU7AHoUPNVzBWOQnqu0K.ryQgbkylZoV5wFehI7Qd6V878fKBrbLk.BlxA
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: O7ca6skeN12xHQh_OYquz3wSjwkppy4ErSOaxF.Ro8E-1733398259948-0.0.1.1-604800000
.adsrvr.org/	1970-01-21 10:15:34	Name: TDID Value: 765742f2-92df-4a6a-bf46-02c0218803fe
.openx.net/	1970-01-21 10:15:34	Name: i Value: 1d34e600-ab6d-4ed3-81d7-30cf30fe5842\|1733398261
.adnxs.com/	1970-01-21 11:05:58	Name: receive-cookie-deprecation Value: 1
.rubiconproject.com/	1970-01-21 10:15:34	Name: audit_p Value: 1\|U0Wckpxm5ONi0phuu8CbVPwaJYsTdkaLGiSiJ0UV0r43Sds8s51NzyH3GkTt42suKz2pB+PkmTqM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLvfpGj8GB5eeq3s150gOzHiKGLUtTYQSXPE6jSHgjyiUGFji5xoK13rNRiGzdJL1f9bOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.rubiconproject.com/	1970-01-21 10:15:34	Name: khaos Value: M4B8KIGI-5-IFVS
.rubiconproject.com/	1970-01-21 10:15:34	Name: khaos_p Value: M4B8KIGI-5-IFVS
.rubiconproject.com/	1970-01-21 10:15:34	Name: audit Value: 1\|U0Wckpxm5ONi0phuu8CbVPwaJYsTdkaLGiSiJ0UV0r43Sds8s51NzyH3GkTt42suKz2pB+PkmTqM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLvfpGj8GB5eeq3s150gOzHiKGLUtTYQSXPE6jSHgjyiUGFji5xoK13rNRiGzdJL1f9bOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.doubleclick.net/	1970-01-21 11:05:58	Name: IDE Value: AHWqTUnC2pq2YUZCXl4Bm6-MaoupSIOhTljkWZe6Opx_LwwK5cmvEFtvg7z7yqR16PI
.adsrvr.org/	1970-01-21 10:15:34	Name: TDCPM Value: CAESFwoIYXBwbmV4dXMSCwj865TAysrKPRAFEhYKB3J1Ymljb24SCwj6ipXAysrKPRAFEhUKBmdvb2dsZRILCN7wp8XKyso9EAUYBSACKAMyCwiMyJft4MrKPRAFQg8iDQgBEgkKBXRpZXIzEAFaB25ucHdtMmlgAQ..

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'oversized-images'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'wake-lock'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
aorta.clickagy.com
cdn-cookieyes.com
cdn.dreamdata.cloud
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
content.hotjar.io
dev.visualwebsiteoptimizer.com
directory.cookieyes.com
fonts.gstatic.com
go.horizon3.ai
hemsync.clickagy.com
insight.adsrvr.org
io.clickguard.com
js.adsrvr.org
js.zi-scripts.com
log.cookieyes.com
match.adsrvr.org
p7i3u3x3.delivery.rocketcdn.me
pagead2.googlesyndication.com
pi.pardot.com
pixel-config.reddit.com
pulse.clickguard.com
px.ads.linkedin.com
px4.ads.linkedin.com
r4.visualwebsiteoptimizer.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
tags.clickagy.com
tracking.g2crowd.com
us-u.openx.net
ws-assets.zoominfo.com
ws.zoominfo.com
www.google-analytics.com
www.googletagmanager.com
www.horizon3.ai
www.redditstatic.com
www.horizon3.ai
104.16.117.43
104.17.25.14
104.18.37.212
104.197.16.226
13.107.42.14
142.251.163.94
142.251.167.157
15.197.193.217
151.101.129.140
151.101.193.140
169.150.236.99
18.160.41.49
18.208.125.13
2600:1408:c400:5::17c7:3719
2600:9000:28a9:7400:4:8491:f2c0:93a1
2606:4700:10::ac43:1408
2606:4700:20::681a:c98
2606:4700:20::681a:d98
2606:4700::6812:1fb0
2607:f8b0:4004:c19::61
2607:f8b0:4004:c1b::8a
2620:1ec:21::14
2a04:4e42:600::396
2a04:4e42:600::485
2a04:4e42:600::649
3.167.56.16
3.167.72.96
3.225.164.135
34.120.220.80
34.145.201.140
34.96.102.137
35.244.159.8
52.212.126.15
52.4.157.154
52.51.180.248
52.54.96.194
64.233.180.97
009e58f3632270c3fa8d127a9e132807a0920ac00512a2a0c5f3e8d5d728d373
00bd70a9e2b51ce68971a89a29d07b1e06e49a5d1e71c6a44d1a7ccb41828095
02e7e95efc6c386c43b24a985b2369b52b9f5649a272414ac4fd8252df0b90c5
05c86a01cec19a9f9931163c42515adaab424be687667ef09f7d9b3cd0765cb5
081737985335af4be15fc676ed4ccc0703c7446c6b5cbc9317e40bcdc6428e5d
0907683649854f8c34c1c89b06ac8256e5414e1c2db6019fa0c0f347e9e240e6
09b67475f266dbf552159ca9f6b44d9dc3ea04842b2bd6e8b09d74f6b21897d0
0abb6b841ec88ed4a6de1540fd8f6cf921147c69a849a617989fab23f53b520c
0b58d82b60be4aa0041234b625c3f8d60899d17b440587da514346c2d2193421
0bdc14b4be4e94f9632852f2a3dd7de94ffe204eac05a91c1064bf028f4457c9
0dc4a866eedf9658574ea9be981ece172eef9244bc7a6f8c1fdf09160492d708
0fd2c24f049f72534dc90aa496ca4142258a9aa49f6db42387fe65eec34ea6a6
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
10e5a9648bd0457bae09fdcd63aae1cd6448fc05f3c2aa091cd6ba7c17e162f7
1232f8211b567a067ef7a68ffe979b4186d585000a0abae6eea6ccf33737a372
149644cda3cec354f5de37439bb9cd8dcebf5f9a4aca4098b2640fc815cd04a3
1793ed9944680017119cd9bacedc81083a385cc01c79d006aa8eac261677f718
1b675b274e2f16df107393da79be3ec21c946aa0e62c9f5c98b792be0bccdb7c
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
2053ab9b2531576c619c6136fab9db876c237e61d6e0deaffe2969e52c5d1f67
21299aa0cfccae6adfc1fdc2d6dfd6895c47f6f8b714b2683df914f9b5b485a3
21e3efb6bd14db66c636d706d18a814d5d0b7a3eec8769bbb79c4f7d832004c6
22a7ae46aefb3325e3e2761085d7b2ea2cda8dc351cf391a62918bb09784f693
2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f
255d67153c707d1926f571d5e1c7051911138caf15d1dc4bb6759049221566fa
2564adfb49bcfcb0cdea389be328fa8e2099570870c8162363aa169743e7cea5
2cdd9b10395c3cd5ff93495ba26f3dc7e5434443ff22467b9b386411199d4321
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2f1e0ba0f1a9560f8d67fb010c58f8995fa681625c321e18133ccec0043bce47
35a21597c4a0f63caf9b078c96d8efca05d083c0d91512c4a11b0ed261564983
35ff57fbbf0bc684f0348aaafaf72edd9ce117ef8335265407f0b456003b7266
37e8ac4f97f8910154eb843180817322534f2c47a02181d875f9b92ec476ce84
385825f3c978e51201237611398c837352a7cf4fc8f4dce0badef3871cad2dd4
3bb38d0f302677ff4104564454f60f495133579d6e6dfb722b3de850df596502
3eb8e71703e251eca590a2846290ae280d922912a2c801380826be6ccbc9f1b9
3fa3f0c4c099718595c4e25e55810cca92181c72d6233512fb51c2f74fa55cd7
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136
429e6cab64539f15ca1c33984a782a42b43c0f02dba4cc4009f322f89fac9492
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
459b1edb03e93f6d02f44bcf265a03816bed2fab3a0420a699ec50f0a6c83b7a
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace
46ed19e2d021296a35c1632b877c5fff1aa3c3eaec27d49d892e94545b792b43
4a628ac3a34a564f11ee722cefca531e3e6d61d17b02e32cfe88b1831197e9e7
4b32d12dfe914e2d07fb5ebee9be986ee3a3c710d783e1808525e421e89fce48
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fa7f9336a3ad36f645ae2c03405b2cd03d1e560c5e98fa7a95b8e62bb65256c
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5464d49c61f76b9941f8a4e8c9a1cada2bda40a9a6764412647f2d55cc2f913d
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
5617c251ed51f42797b789d282460813a798d8402a95cd633d3d8f0e82d44819
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
568c3ba372e075ecceb821409f5d45be311c896c3c784910eb5f2f20e5c90670
56acd5ab09a2aa63722c23df0c420829b50b1e3c6066be93b6f5e1e14bd51281
576aa90d304a484feb03d4481894304f1dbf247b38ef4ed878d843b45a9b1431
5aa24e4ab926693e29ffb0d0ca1557141defd3ca61b3b4e7caebaa2fcd5bf327
5b6b5794ed90f5d92c63d4bb9dc269e02e5c5140568997660213f8990bd76247
5f9f44351d8cb1c857cc8d29a64c97dd4efc0659fc90bd160a42ea0d715ead79
6555189a58cede3f19c2269dfa21e1e86734f122f0e190bfaaee35895dcbd9fe
66c5889779331f1942f8bf56933acbab2f3c264c7e77f367795a8cb04506e9ff
6af23fd5d68900400e981906d4bf799efb94d589616b846112f9e2684274c692
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6bb463ac36ef12be8174c2e51d47888cc8f8439f48676a2bf7698e9dd15e9384
6c742dbd1b71338da108a257be31d23bdde0a67b20440548db9ea70660bc7430
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9
70631b3ab478a15e8a26f17b8bb991464916725030d772237692c217e0d21334
710ad8821e94d65a7b18ce1223f6c10b7bf82f639358275b2f9286c2c0e3805e
744e2c69f12052b2251ea97566999dfd68e9529558cc6d647f9deef86152f0c4
74ca4b4a7f9ee76d71e312306ea01f5d0661796d4caa0a2170058d2a27ed328d
7535d9cb253798203cc402c58ac9f8644bda40a723eb8f812c7e90adc8367204
754395faa80b8a40b1ac7c05806fc8d8985b919545ba573b58b0b90e62b96ec7
79649dc7389e7c9f43ab6f4610fd33b96798f406b71e31680764c072a1dcbcfd
798b31a18cae3f6010e75b292d5efa21b347cb479c319b0b7344e023f1ed022a
79cb399203843f65199bec32bc4abac5dfd20f141d3e4ec1424bf00c7108fa45
7aeb10f8293c9153b0bcac739fd0291a2d2a3b09befd0b4186c68c8c55dbddf4
7cb6d903e32cd0822c32f2d263e7a3d9d94416ee35baa90a800fced1dd4a7faa
7d1b0d7af8eb5e8dafc681f282db58efb53d808ac1701694fe3420992ed58d72
8189eb6330e9f0b62e4fe2be8bbad8129ebf1db97e390c2386e0b5a2880aa403
82538b897ce2c7c80571a4d0cf18d037f7b36a5873a7cd07d08df222e366e95d
82ccdb280927be0204340a8255ea4f3450fbfc3057b4b8b98f9d0e01814cd143
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85375eab1610513e2743d5ecc157320b210104dbb86b3daa5a174e0ae90c0dae
86631bfa017890e3b1d7b75c5071132bb5993d99dca81170c956e97777e4b671
8bbc0a7737643dd7c2344ba961592632153cb5353c92c5127339627e14b09143
8e087c11dbbcd83775f769f477cc20e1a045e37920bd72d41e890a41499cb1d3
8e78bcb85c5e969c9fbd74ade48ae59d1e8c94bc928b61947bab57c5f8576a54
9081172689dae5ae0e7549c44e7eb7d4cd21225949b98e5b4dd4ad4c70c8fd38
911f58b8d14bd6f73a83fd774e44bec97e896317c7093dc83e96921e64f1fbd5
9361dc0d070228efad900f87d46025152dca3833f9b1a60f1448e07b26b66136
94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7
96c868039ad68dace99970ed51897e39cc2bc06c0835a41503748ce0e63bf08f
977028942c70b415e6e40cfdb1c6bd8aa7fb71ca3925ba1b69392c06a330f83b
977b03a17e6c623ab63583f72b1639b1ad6aef1ae044993c66b4c8328e571272
98578d9e429bafe2edbd9d00271e88a85fa457ead4c106485d157fd955b5f2de
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
9ceee47c3db5b16869c14dc3f5369893702b142af4be5f35238ca1c700018eac
9e5309e364f9441bd8dfa3a755782aa02ac227de8230b86976aeb4ff7caa18f9
a049e1abe441835a2bcf35258936072189a0a52d0000c4ed2094e59d2afd189b
a066ac98e9a1e46c30b20555ef7ae9bda8aaca0a6b321cccb90c7736b205c765
a1fc4d2a1d472a69f0736655a1de5a136b9daad166b23b065c96facb834b3724
a2be874533db269fc460a971dc8154d6f41230145bd648f9502b1a90cf991d21
a2d27e439efb0202ce2ef8fddc69ada8498eb11c055e478d69ac77dad641a5f7
a8297b16c97faff3b26362d8d51004b8e911e65ef3cd07d5763d7d30065e1032
ae0f5f0a2b8fc13e4dbd08e586090db070b2a3375ec1cc3f92f05f3613495d70
b0a9a22da3f67f5e35770bedef0e2ec034eddd871243a6b80d09b285372d1863
b10a22e108ba5883c3a0bdfb235848db6d54ec10c37a2411f2f7f1b4c6e68e7a
b15c3ea03d50c2430490e7416733a254feea4237bb60b54181bd3473ebe4149f
b24aa7e74310a0cc0723f431099e76ab2dddbde19a580b3c3da79d88a80e6893
b4d9b5f545245d9781d491989a77089f380de3a58898ea70116cc59f61257e92
b6205029e1016596807b655c8f57818736a787e32ceb1407effa152ac3bb9380
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b93b8bc30d7116c14216723b9f3f9021a1eb15ce3c44987c138c73a1e2bb068b
c1b94e225b989e86f8b6c589c0778c17ec25d2465f33fd10dc7e2e45f060fa6c
c4b0fb9e123ad9f72c1192b6feff0bb0171be251bb76050b92e5e85c1fe3f757
c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc
c8d3f912823fc8f083ba6e248082267ec76b78901c3dfc0c1a3923ab3cf0b2d5
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd38316b4f7c68e45cdaaf8767996c3f537e749868a6f63ba052e604a8a9b2bd
cf26950797d9cf23baa5111fbd244871dd88bd33081692697b9143d52b919cdb
d65fa445e89a329e393e914790b08f0b7cdb441f72fbe5d0fad0f43d92f2efee
daba967828077d3ac18844b12637a55174b270721e782830211ac5827a771696
dc1b170386588e851faaaffa0dc8e0136993e5404ecfba564c611c66559b203e
dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e18fe1d33ada37ef55fff1480facdb68824cc4264dd43221382ad8632669e43b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7060e3ce4d6f25a745e122a2dedf267203ceea25662e8adc403b380cf6dda4a
f80d87f46f45bb648d45a1de343befaf9eefa5604cdde3f5a53d95d3d6a900f9
fbf0d9704506b1ad0def13dc96bf24602d807afe597a754ae59fe1d2c0efcec4
fc28654bf4d567cdbc91b5089345699eb8fff900d723b6dc635631eb0cb26fe5
fe67b77ac7e0ef4b482dafb86adfa403db1b89a2f337d2dc8bd1278cfe975196

www.horizon3.ai Open in urlscan Pro 104.197.16.226 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

171 Requests

97 %HTTPS

32 %IPv6

27 Domains

39 Subdomains

38 IPs

3 Countries

3484 kBTransfer

9597 kBSize

27 Cookies

26 Outgoing links

Page URL History

Redirected requests

171 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.horizon3.ai Open in urlscan Pro
104.197.16.226 Public Scan

Screenshot
Live screenshot

Full Image

171
Requests

97 %
HTTPS

32 %
IPv6

27
Domains

39
Subdomains

38
IPs

3
Countries

3484 kB
Transfer

9597 kB
Size

27
Cookies

171 HTTP transactions
0 data transactions