www.varonis.com Open in urlscan Pro
45.60.150.169 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.varonis.com/blog/investigate-ntlm-brute-force
Submission: On December 11 via api (December 11th 2024, 3:40:10 am UTC) from US — Scanned from US

Summary HTTP 148 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 47 IPs in 2 countries across 38 domains to perform 148 HTTP transactions. The main IP is 45.60.150.169, located in United States and belongs to INCAPSULA, US. The main domain is www.varonis.com. The Cisco Umbrella rank of the primary domain is 334703.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2024 Q4 on December 2nd 2024. Valid for: 6 months.

This is the only time www.varonis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
38	45.60.150.169 45.60.150.169	19551 (INCAPSULA) (INCAPSULA)
2	169.150.236.104 169.150.236.104	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
3	23.209.188.7 23.209.188.7	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	104.18.141.119 104.18.141.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.251.167.113 142.251.167.113	15169 (GOOGLE) (GOOGLE)
5	172.253.63.97 172.253.63.97	15169 (GOOGLE) (GOOGLE)
5	172.64.146.132 172.64.146.132	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	64.233.180.105 64.233.180.105	15169 (GOOGLE) (GOOGLE)
4	31.13.66.19 31.13.66.19	32934 (FACEBOOK) (FACEBOOK)
3	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
3	172.64.147.16 172.64.147.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.117.116 104.16.117.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.160.168 104.16.160.168	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.128.172 104.17.128.172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.76.142 104.16.76.142	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.251.163.113 142.251.163.113	15169 (GOOGLE) (GOOGLE)
2	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
4	152.199.2.76 152.199.2.76	15133 (EDGECAST) (EDGECAST)
1	104.16.137.209 104.16.137.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.72.105 104.16.72.105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	34.196.12.18 34.196.12.18	14618 (AMAZON-AES) (AMAZON-AES)
10	23.205.106.91 23.205.106.91	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
3	150.171.28.10 150.171.28.10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.167.69.41 3.167.69.41	16509 (AMAZON-02) (AMAZON-02)
3 4	68.67.161.208 68.67.161.208	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.146.5 69.173.146.5	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	142.251.16.157 142.251.16.157	15169 (GOOGLE) (GOOGLE)
1 2	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.16.118.116 104.16.118.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.251.179.95 142.251.179.95	15169 (GOOGLE) (GOOGLE)
1	173.194.175.157 173.194.175.157	15169 (GOOGLE) (GOOGLE)
2	64.233.180.155 64.233.180.155	15169 (GOOGLE) (GOOGLE)
2	31.13.66.35 31.13.66.35	32934 (FACEBOOK) (FACEBOOK)
1	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	23.205.106.73 23.205.106.73	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
2	52.44.3.114 52.44.3.114	14618 (AMAZON-AES) (AMAZON-AES)
1 4	34.234.42.249 34.234.42.249	14618 (AMAZON-AES) (AMAZON-AES)
1	99.83.231.3 99.83.231.3	16509 (AMAZON-02) (AMAZON-02)
1	216.239.34.181 216.239.34.181	15169 (GOOGLE) (GOOGLE)
1	172.253.63.154 172.253.63.154	15169 (GOOGLE) (GOOGLE)
6 11	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
148	47

38 45.60.150.169 (United States)

ASN19551 (INCAPSULA, US)

www.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
info.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.150.236.104 (Chicago, United States)

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: 169-150-236-104.bunnyinfra.net

plausible.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.209.188.7 (Marietta, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-209-188-7.deploy.static.akamaitechnologies.com

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.141.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.167.113 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f113.1e100.net

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.253.63.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.64.146.132 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

142972.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 64.233.180.105 (United States)

ASN15169 (GOOGLE, US)
PTR: pe-in-f105.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.147.16 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.117.116 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.160.168 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.128.172 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.76.142 (None, )

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.163.113 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f113.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.199.2.76 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.137.209 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.72.105 (None, )

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.196.12.18 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-12-18.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.205.106.91 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-205-106-91.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 150.171.28.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.167.69.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-167-69-41.iad61.r.cloudfront.net

trackit.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.161.208 (Colonia, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.40.198 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.146.5 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.16.157 (Farmingdale, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.27.193 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.118.116 (None, )

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.179.95 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.175.157 (United States)

ASN15169 (GOOGLE, US)
PTR: qs-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.180.155 (United States)

ASN15169 (GOOGLE, US)
PTR: on-in-f155.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.205.106.73 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-205-106-73.deploy.static.akamaitechnologies.com

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.44.3.114 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-3-114.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.234.42.249 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-42-249.compute-1.amazonaws.com

c2.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.83.231.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com

eps.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.63.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 13.107.42.14 (United States) 6 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	varonis.com www.varonis.com — Cisco Umbrella Rank: 334703 info.varonis.com — Cisco Umbrella Rank: 530765	1 MB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 5557 c.6sc.co — Cisco Umbrella Rank: 6739 ipv6.6sc.co — Cisco Umbrella Rank: 5633 b.6sc.co — Cisco Umbrella Rank: 3603 eps.6sc.co — Cisco Umbrella Rank: 9024 Failed	21 KB
12	linkedin.com 6 redirects platform.linkedin.com — Cisco Umbrella Rank: 3945 px.ads.linkedin.com — Cisco Umbrella Rank: 333 www.linkedin.com — Cisco Umbrella Rank: 676	167 KB
7	google.com cse.google.com — Cisco Umbrella Rank: 3364 www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 142	109 KB
6	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2701	10 KB
5	doubleclick.net 1 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 284 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 td.doubleclick.net — Cisco Umbrella Rank: 182 stats.g.doubleclick.net — Cisco Umbrella Rank: 135	4 KB
5	ktxlytics.io 1 redirects trackit.ktxlytics.io — Cisco Umbrella Rank: 53099 c2.ktxlytics.io — Cisco Umbrella Rank: 44192	99 KB
5	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 3653 app.hubspot.com — Cisco Umbrella Rank: 5921 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3677 track.hubspot.com — Cisco Umbrella Rank: 2477	28 KB
5	hubspotusercontent-na1.net 142972.fs1.hubspotusercontent-na1.net — Cisco Umbrella Rank: 484674	208 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	495 KB
4	adsrvr.org 4 redirects insight.adsrvr.org — Cisco Umbrella Rank: 960 match.adsrvr.org — Cisco Umbrella Rank: 377	3 KB
4	adnxs.com 3 redirects secure.adnxs.com — Cisco Umbrella Rank: 495 ib.adnxs.com — Cisco Umbrella Rank: 281	4 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	22 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	157 KB
4	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4839 forms-na1.hsforms.com — Cisco Umbrella Rank: 7269 perf-na1.hsforms.com — Cisco Umbrella Rank: 3819	7 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 5643	4 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 359	15 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 11366 scout.salesloft.com — Cisco Umbrella Rank: 14334	4 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 9821	26 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	28 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1634 analytics.twitter.com — Cisco Umbrella Rank: 991	28 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4514	2 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2010 alb.reddit.com — Cisco Umbrella Rank: 1418	761 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	3 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 607	1 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	18 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1095	13 KB
2	plausible.io plausible.io — Cisco Umbrella Rank: 9011	2 KB
1	t.co t.co — Cisco Umbrella Rank: 904	626 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 14108	169 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	923 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 419	2 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1016	16 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2580	1 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5194	27 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3341	3 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	25 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6979	157 KB
148	38

	Domain	Requested by
36	www.varonis.com	www.varonis.com cdn.bizible.com
9	px.ads.linkedin.com	4 redirects cdn.bizible.com www.varonis.com
8	b.6sc.co	www.varonis.com
6	tags.srv.stackadapt.com	www.varonis.com tags.srv.stackadapt.com cdn.bizible.com
5	www.google.com	cse.google.com www.googletagmanager.com www.varonis.com
5	142972.fs1.hubspotusercontent-na1.net	www.varonis.com
5	www.googletagmanager.com	www.varonis.com www.googletagmanager.com www.google-analytics.com
4	c2.ktxlytics.io	1 redirects cdn.bizible.com www.varonis.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com cdn.bizible.com
4	connect.facebook.net	www.varonis.com connect.facebook.net
3	js.zi-scripts.com	www.varonis.com js.zi-scripts.com
3	match.adsrvr.org	3 redirects
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.varonis.com
3	cdn.bizible.com	www.googletagmanager.com www.varonis.com cdn.bizible.com
3	js.hs-banner.com	www.varonis.com js.hs-banner.com
2	ws.zoominfo.com	js.zi-scripts.com
2	track.hubspot.com
2	www.linkedin.com	2 redirects
2	scout.salesloft.com	cdn.bizible.com
2	www.facebook.com	www.varonis.com
2	td.doubleclick.net	www.googletagmanager.com
2	forms-na1.hsforms.com	www.varonis.com
2	dsum-sec.casalemedia.com	1 redirects www.varonis.com
2	ib.adnxs.com	2 redirects
2	secure.adnxs.com	1 redirects www.varonis.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.redditstatic.com	www.googletagmanager.com cdn.bizible.com
2	platform.twitter.com	www.varonis.com platform.twitter.com
2	info.varonis.com	www.varonis.com
2	plausible.io	www.varonis.com plausible.io
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	eps.6sc.co	cdn.bizible.com
1	alb.reddit.com	www.varonis.com
1	pixel-config.reddit.com	cdn.bizible.com
1	perf-na1.hsforms.com	www.varonis.com
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	analytics.twitter.com	www.varonis.com
1	t.co	www.varonis.com
1	cdn.bizibly.com	www.varonis.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	fonts.googleapis.com	js.hs-banner.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	app.hubspot.com	www.varonis.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	insight.adsrvr.org	1 redirects
1	trackit.ktxlytics.io	www.varonis.com
1	j.6sc.co	www.varonis.com
1	static.ads-twitter.com	www.varonis.com
1	scout-cdn.salesloft.com	www.varonis.com
1	js.hs-scripts.com	www.googletagmanager.com
1	js.usemessages.com	www.varonis.com
1	js.hsadspixel.net	www.varonis.com
1	js.hs-analytics.net	www.varonis.com
1	js.hubspot.com	www.varonis.com
1	forms.hsforms.com	js.hsforms.net
1	cse.google.com	www.varonis.com
1	js.hsforms.net	www.varonis.com
1	platform.linkedin.com	www.varonis.com
148	61

This site contains links to these domains. Also see Links.

Domain
info.varonis.com
azuremarketplace.microsoft.com
aws.amazon.com
appexchange.salesforce.com
www.gartner.com
ir.varonis.com
brand.varonis.com
my.varonis.com
www.youtube.com
varonisu.varonis.com
varonis.com
docs.microsoft.com
www.linkedin.com
twitter.com
help.varonis.com
careers.varonis.com
www.instagram.com
www.facebook.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2024 Q4	`2024-12-02` - `2025-05-31`	6 months	crt.sh
plausible.io R10	`2024-11-29` - `2025-02-27`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
hsforms.net WE1	`2024-12-07` - `2025-03-07`	3 months	crt.sh
*.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
hubspotusercontent-na1.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
hsforms.com WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
www.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-19` - `2024-12-18`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-24` - `2025-07-25`	a year	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
hs-analytics.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
hsadspixel.net WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
usemessages.com WE1	`2024-12-04` - `2025-03-04`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-06` - `2025-04-03`	6 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-07` - `2025-07-08`	a year	crt.sh
hs-scripts.com WE1	`2024-11-24` - `2025-02-22`	3 months	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-20` - `2025-04-19`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M03	`2024-08-09` - `2025-09-06`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
*.ktxlytics.io Amazon RSA 2048 M02	`2024-07-02` - `2025-07-30`	a year	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
t.co E6	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-07` - `2025-10-06`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-10-13` - `2025-04-11`	6 months	crt.sh
eps.6sc.co Amazon RSA 2048 M03	`2024-08-27` - `2025-09-25`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
zi-scripts.com WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
zoominfo.com E5	`2024-12-10` - `2025-03-10`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.varonis.com/blog/investigate-ntlm-brute-force
Frame ID: 3408BEB7CEDE93992F529CB0A177F570
Requests: 141 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com
Frame ID: D8F4D7DC50FBDB0D55576B86A5FC6480
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.varonis.com
Frame ID: 1324BDBBD4308A539DE4EFADC8B09B33
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/1015553108?random=1733888403445&cv=11&fst=1733888403445&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ca0v881037725z8846391121za201zb846391121&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&hn=www.googleadservices.com&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&npa=0&pscdl=noapi&auid=1814763189.1733888403&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: F75655D1DFD34F64DE107C88E49F72D1
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-36XYNTY1LS&gacid=1147256297.1733888404&gtm=45je4ca0v9139046520za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=899304020
Frame ID: 1B36D7DE93322F9ED9A6B3B4F3F32587
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

How to Investigate NTLM Brute Force Attacks

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Plausible (Analytics) Expand

Overall confidence: 100%
Detected patterns

plausible\.io/js/plausible\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

148
Requests

95 %
HTTPS

0 %
IPv6

38
Domains

61
Subdomains

47
IPs

2
Countries

2780 kB
Transfer

6162 kB
Size

76
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://info.varonis.com/en/demo-request?hsLang=en
Title: Get a demo

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.flat_rate_model?tab=Overview
Title: Azure Marketplace

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/pp/prodview-j6ereaak4ibwc?sr=0-1&ref_=beagle&applicationId=AWSMPContessa
Title: AWS Marketplace

Search URL Search Domain Scan URL

URL: https://appexchange.salesforce.com/appxListingDetail?listingId=a0N4V00000IrHxUUAV
Title: Salesforce AppExchange

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Files/Varonis-SaaS-Benefits.pdf?hsLang=en
Title: Cloud-native Architecture The benefits of our cloud-native platform.

Search URL Search Domain Scan URL

URL: https://info.varonis.com/resource/t1/research-report/forrester-tei-study-2020?hsLang=en
Title: Calculate your ROI Forrester Total Economic Impact study.

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/data-security-posture-management
Title: Read Reviews

Search URL Search Domain Scan URL

URL: https://ir.varonis.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://ir.varonis.com/news-and-events/press-releases/default.aspx
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://brand.varonis.com/?hsLang=en
Title: Brand

Search URL Search Domain Scan URL

URL: https://my.varonis.com/Login
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PLYEr6kVanyrO2m0AHkntmvKh1JjIXwlSr
Title: State of Cybercrime Video podcast covering the latest cyber news.

Search URL Search Domain Scan URL

URL: https://my.varonis.com/login
Title: Login

Search URL Search Domain Scan URL

URL: https://varonisu.varonis.com/learn/sign_in
Title: Login

Search URL Search Domain Scan URL

URL: https://varonis.com/blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/secauthn/microsoft-ntlm
Title: NTLM

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/2019-07-15-16_45_00-idu24554-10_60_72_92_3389-Remote-Desktop-Connection.jpg?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-1.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-2.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-3.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-4.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-5.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-6.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-7.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-8-.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-10_png.jpg?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-12.jpg?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-11_png_jpg.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-13.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/Imported_Blog_Media/NTLM-brute-force-blog-14.png?hsLang=en
Title: ×

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/docs/DRA-sample.pdf?hsLang=en
Title: See a sample of our Data Risk Assessment

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/data-risk-assessment?hsLang=en
Title: Varonis' DRA

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/varonis
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCE9xUuH4lhIUDOFR1OHlNNg
Title: YouTube

Search URL Search Domain Scan URL

URL: https://twitter.com/varonis
Title: X (Twitter)

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/data-risk-assessment?_gl=1*elnbgg*_gcl_au*MTQwOTIwMDgzNC4xNzA1OTYzNTU5&hsLang=en
Title: Get started

Search URL Search Domain Scan URL

URL: https://info.varonis.com/hubfs/docs/DRA-sample.pdf?hsLang=en&_gl=1*elnbgg*_gcl_au*MTQwOTIwMDgzNC4xNzA1OTYzNTU5
Title: View sample

Search URL Search Domain Scan URL

URL: https://help.varonis.com/s/
Title: Community

Search URL Search Domain Scan URL

URL: https://careers.varonis.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@VaronisSystems

Search URL Search Domain Scan URL

URL: https://www.instagram.com/varonislife/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/VaronisSystems/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=885482374 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D885482374

Request Chain 76

https://insight.adsrvr.org/track/pxl/?adv=71679u3&ct=0:ms2x9ot&fmt=3&gtmcb=77183319 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=9bbf2bd1-1700-4e42-b5e2-d5587486524f&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=9bbf2bd1-1700-4e42-b5e2-d5587486524f HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=7411344159084542844&ttd_tdid=9bbf2bd1-1700-4e42-b5e2-d5587486524f HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OWJiZjJiZDEtMTcwMC00ZTQyLWI1ZTItZDU1ODc0ODY1MjRm&gdpr=0&gdpr_consent=&ttd_tdid=9bbf2bd1-1700-4e42-b5e2-d5587486524f HTTP 302
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=9bbf2bd1-1700-4e42-b5e2-d5587486524f&google_gid=CAESEKrwDYi4WLWRNAcPno9XWx4&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=9bbf2bd1-1700-4e42-b5e2-d5587486524f&expiration=1736480404&gdpr=0&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=9bbf2bd1-1700-4e42-b5e2-d5587486524f&expiration=1736480404&gdpr=0&gdpr_consent=&C=1

Request Chain 117

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=7411344159084542844 HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu%3Aio.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=7411344159084542844&n3pc=true

Request Chain 131

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404184&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404184&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1733888404184%26li_adsId%3Dbf34d4c8-6096-4bfc-9850-78f928fb025a%26url%3Dhttps%253A%252F%252Fwww.varonis.com%252Fblog%252Finvestigate-ntlm-brute-force%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404184&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true

Request Chain 133

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404186&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404186&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1733888404186%26li_adsId%3Dbf34d4c8-6096-4bfc-9850-78f928fb025a%26url%3Dhttps%253A%252F%252Fwww.varonis.com%252Fblog%252Finvestigate-ntlm-brute-force%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404186&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true

148 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request investigate-ntlm-brute-force Show response
www.varonis.com/blog/ 226 KB
57 KB 277ms
126ms Document
text/html 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4d5dcf0ae9f1646da7332c6eee1643ebf5c1d5c87ce54517b7c4ac298dda17a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
age: 5413
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-53394997541,CT-53395158555,CT-53575261302,CT-61509086319,CT-61509086320,CT-62444709908,CT-65895503493,CG-740355147,P-142972,CW-115948073012,CW-134642960554,CW-139934353744,CW-145524835889,CW-160606463126,CW-160785435141,CW-160909307043,CW-165344959151,CW-87930956413,CW-87944291354,E-106410557973,E-131542820917,E-134644520338,E-145524835763,E-160750877544,E-160786742200,E-170437707429,E-171294849092,E-60279793823,E-60280511142,E-60281971978,E-60281971998,E-60281972084,E-73655310759,PGS-ALL,SW-2,GC-134642960760,GC-140036397318,GC-153660031349,GC-153660031352,GC-160613921035,GC-160919702140,GC-166354474009,GC-168082797719,GC-87944143779
cf-cache-status: HIT
cf-ray: 8f02736e2cb36ffe-IAD
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Wed, 11 Dec 2024 03:40:01 GMT
edge-cache-tag: CT-53394997541,CT-53395158555,CT-53575261302,CT-61509086319,CT-61509086320,CT-62444709908,CT-65895503493,CG-740355147,P-142972,CW-115948073012,CW-134642960554,CW-139934353744,CW-145524835889,CW-160606463126,CW-160785435141,CW-160909307043,CW-165344959151,CW-87930956413,CW-87944291354,E-106410557973,E-131542820917,E-134644520338,E-145524835763,E-160750877544,E-160786742200,E-170437707429,E-171294849092,E-60279793823,E-60280511142,E-60281971978,E-60281971998,E-60281972084,E-73655310759,PGS-ALL,SW-2,GC-134642960760,GC-140036397318,GC-153660031349,GC-153660031352,GC-160613921035,GC-160919702140,GC-166354474009,GC-168082797719,GC-87944143779
last-modified: Wed, 11 Dec 2024 02:09:48 GMT
link: </hs/hsstatic/content-cwv-embed/static-1.1293/embed.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UiHQQBTRhhSNQ9nYnkujKh3l%2FfhUA3aSfACq%2B5ZUSkR2mYGqDWQtBohqt856%2F3sr%2FcoPxaoStGSw8Thij%2F9PhETjU7BQ0l7QHIpF1NGgG%2FayqN4xCs4z7rAcnXuKOM5nrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-cdn: Imperva
x-content-type-options: nosniff
x-envoy-upstream-service-time: 382
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-20-29-td/envoy-proxy-b95464cc7-6m8xg
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 53575261302
x-hs-hub-id: 142972
x-hubspot-correlation-id: e8c5b972-89fa-4077-a2eb-11df250b8da0
x-iinfo: 12-201196778-201196788 NNNN CT(4 5 0) RT(1733888400786 62) q(0 0 0 2) r(1 1) U24
x-request-id: e8c5b972-89fa-4077-a2eb-11df250b8da0

GET
H2 200 embed.js Show response
www.varonis.com/hs/hsstatic/content-cwv-embed/static-1.1293/ 13 KB
5 KB 98ms
90ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f667e53d5752ee2e5759f3dfaf20d330"
age: 1011236
x-amz-version-id: AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GvY4Jx7M%2FDymfk%2F6D9lwcKiTZ2q0%2F5J6RFCvH7BiFobfI6y2yy83KG6L3r2d%2BtnpHZrjZVI7so3TQt4WYyY9IWZfqb1yhf65%2Bb02bbA45hxuFkDICE1QhkbSJNrSaug7SA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 11 Dec 2025 03:40:01 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: ZHlH5yZlyTDawOi83azOxsxp7eKcTDUyuZvOEl-0NOwZYzcjK5J_mA==
date: Wed, 11 Dec 2024 03:40:01 GMT
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 19:59:06 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196801 NNNY CT(2 13 0) RT(1733888400786 197) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
cf-ray: 8f02736eed520846-IAD
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 project.js Show response
www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 93ms
86ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"61ca66de658cab9587e4636894680d5d"
age: 1024172
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7wybx0RiHYu8BOO2WmhmfSPoVfjptchY%2Bh59Dv1oarp37eQpZRjqq%2Fm4bFNuN8Yn2IeRz54xjnrnj8Ump8omiIjzNwvDbJ%2B3mLaVBkYKvXQDPUddoLGHDn8iCAo6KxEVUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 11 Dec 2025 03:40:01 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 4sqPNWkfAFwnaI4jzt0G4D2hL6So5X9_69v7V7cL_K4LRcncdUlS0A==
date: Wed, 11 Dec 2024 03:40:01 GMT
content-type: application/javascript
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196803 NNNY CT(1 12 0) RT(1733888400786 199) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
via: 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
cf-ray: 8f02736eed342021-IAD
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 jquery-1.11.2.js Show response
www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
33 KB 102ms
96ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
age: 1809607
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3ExrBuasbk1m8qosK%2BvO5TYh6hk9ElgAlxj78U%2Ff8IBB96q1i5eGHnElBbrGhMdFl3HBAe05PdioXFvjJtuiYhhO%2BGhiZt2Zt%2BPJA5ybYFYmnK0WaHI8PZn6bEIJWiUDw%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 11 Dec 2025 03:40:01 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: gsXdMx-8stFm_JquhFRC4R0lGgDxxVqoTdofQgxH9tHEQWzfaUdXCg==
date: Wed, 11 Dec 2024 03:40:01 GMT
content-type: application/javascript
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196805 NNNY CT(1 10 0) RT(1733888400786 200) q(0 0 0 -1) r(1 1) U24
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
cf-ray: 8f02736eec72e644-IAD
x-amz-cf-pop: IAD12-P3
server: cloudflare

GET
H2 200 blog-post.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/160750877544/1727902063381/hook-www-varonis/css/templates/ 44 KB
9 KB 73ms
67ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/160750877544/1727902063381/hook-www-varonis/css/templates/blog-post.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf65c53411aebd90b2935e116011cb91f6743632a7af00e83aebfb83ecaad2ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 4f4aa551-bef8-4f32-9cb9-25344428e64c
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6326f9d53f8de76b071b3d8533dc04c6"
age: 2358
x-amz-version-id: hAV8DrjHWbMv7B0b.1JszZdvBpvWn25M
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZR2spCsem6pCpZjoo%2Fhg69%2FFwdppYcgcSDVSE4GzgJtNNPBfezdIfMp5IzW70bdnjqdzEhqrkpXkgLH4rwXJXZxQCb5sfVTvP0xK0r7uOkkaKC6HK8QPLh%2FvbxoeUE7lIA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: W-2StlnaRuRD53hNPIGU6CbM02iLVHMbqEVqtJzWdrycNzB4uLntCg==
x-hubspot-correlation-id: 4f4aa551-bef8-4f32-9cb9-25344428e64c
content-type: text/css
last-modified: Wed, 02 Oct 2024 20:47:45 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-5xqvw
x-envoy-upstream-service-time: 214
x-cdn: Imperva
x-amz-request-id: 387ZMS4H779XGPCC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 2oLGEGiMJNGB770gTdviuUJ31qsas9SCXfBJP65+ThsT6fV60Mc9D9urEIzhp3CWFxBdeUGrPfre4CyobzX3AQ==
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196788 PNNN RT(1733888400786 194) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 0fbab52df0695e2a561cd26eb7f9484c.cloudfront.net (CloudFront)
cf-ray: 8f02736eed396ffe-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1727902064236

GET
H2 200 main.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971998/1733761390007/hook-www-varonis/css/ 139 KB
29 KB 79ms
72ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971998/1733761390007/hook-www-varonis/css/main.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a4578eb2a71545ae470f3dc8b9d2f08def7c87eab042fa40fc41f6f50bb14e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 63e41f19-76ac-45bf-9d5e-322c0dc481a4
content-encoding: gzip
cf-cache-status: HIT
etag: W/"39733b4edcc0840bfc575572794e8208"
age: 2864
x-amz-version-id: EKMEEVT5seb9qcAX6fzpPLspw1s5sKrS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XoNJ%2Fv%2FygYUSw%2Bz4wMZOVIcEHI%2FW7s9Nwmw%2BjWcv5Uxal2EtdctM0dN884r7U7m2Fh67ifTjYpjB8yqdbppku5%2BrA13U0%2FBu0%2BGUzwen%2FIzP7gCI8nrgxFxNzXcjEf%2FTvA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: yI37aKCaYZyNrfozqdZ1bAfQAvE2Iro7OLCoSPO0Yh1nS6baYIsumw==
x-hubspot-correlation-id: 63e41f19-76ac-45bf-9d5e-322c0dc481a4
content-type: text/css
last-modified: Mon, 09 Dec 2024 16:23:12 GMT
x-amz-replication-status: PENDING
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-s2fkf
x-envoy-upstream-service-time: 142
x-cdn: Imperva
x-amz-request-id: AMA5Z3B3SMG6CY97
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: pY6QPpN445Gb2Fr5lp3gAcMnlfPGGCm1IswpFFigNS65ftrI93wgtqpwSyLj5gVpEVYigUtqQW/JrEZ9gKGrjRZ/2YX1NWwihtRJ0Z9GNw8=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196808 NNNY CT(1 8 0) RT(1733888400786 202) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-ray: 8f02736eeffae646-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1733761391480

GET
H2 200 fonts.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/ 2 KB
1 KB 97ms
90ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/fonts.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 7f59334f-550c-4254-93b0-358122e9276b
content-encoding: gzip
cf-cache-status: HIT
etag: W/"97e878d1ce8d38d99c26c5232d3e6c7a"
age: 3037
x-amz-version-id: Lvzc6vozA.l7M0nquPduLbVZf5D_COys
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0YahNEzru5a8qthju3XuWc2%2BivBTq3Z6HjrYTY3%2FIaxM%2FZ9vvTKFvuNlJnJxfPXtE0xDyDbTJLe%2BZvIImyf%2FC9AkKpNvqzrBG4iAMeJAjmh8rE5lmjh6cGj3q4MpdZIspQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Pl9IkRPKEde5Zl_ErpliB5nAMsfinV7pMliTTNAJDFKylAZHikx0aA==
x-hubspot-correlation-id: 7f59334f-550c-4254-93b0-358122e9276b
content-type: text/css
last-modified: Thu, 13 Apr 2023 19:31:15 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-pkj4h
x-envoy-upstream-service-time: 199
x-cdn: Imperva
x-amz-request-id: 387KE1Y91BXRQGV7
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: /pDzKebih6jdMyVLf3OvL2fZ3ypjewfluFQckaT64zMDCVWg5juF18zo2WSLM7XILj7vtUUPb2c=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196810 NNNN CT(2 15 0) RT(1733888400786 203) q(0 0 1 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-ray: 8f02736f088505a0-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1681414274070

GET
H2 200 module_134642960554_Main_Navigation.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/134642960554/1731622066376/ 16 KB
5 KB 108ms
102ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/134642960554/1731622066376/module_134642960554_Main_Navigation.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79259d0f3238b029ef1c2aa320c5b01fba8eac13b15f20f365e07d0e51a38e22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 2b8a32f5-7008-4d99-8928-365d493a4a42
content-encoding: gzip
cf-cache-status: HIT
etag: W/"0ffb254b72ac7910096da684c917f545"
age: 971
x-amz-version-id: tl9QR8P0wd1ceNlqzXgaoROlKsER5YG2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=taoXVB2teB7J5JcaQ55xscIqQnyDo3Hf%2BzhECa6eqCsVAG4dEN2RTGhSDJAvc1oRzWyQZiBa5%2B%2BVjLPWZAp2qdjyEX7pJogXE4MtG%2BRRUrnRHvkMhS4E91STrohMMaXAUA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 0Sgn_XKOJrGDd-2DT28alOhYXcMjsNvqlMUmaev6na9_KXtl9OsebQ==
x-hubspot-correlation-id: 2b8a32f5-7008-4d99-8928-365d493a4a42
content-type: text/css
last-modified: Thu, 14 Nov 2024 22:07:47 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-tvmvp
x-envoy-upstream-service-time: 202
x-cdn: Imperva
x-amz-request-id: 5E5GCV3HKN64C61D
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: McIf6sKdleXzK4eopnzfL3+CGYAQ6fPOVQqv5TX4luPLEZU6AalHexvFD6xmz4qiAVHt/4kSG8CzZ6HMPEB3EaId/JtFbrc5JDBWYVQRKvI=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196788 PNNN RT(1733888400786 204) q(0 1 1 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-ray: 8f02736f2d6a6ffe-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1731622066376

GET
H2 200 LanguageSwitcher.css
www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.336/sass/ 1 KB
1 KB 109ms
103ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.336/sass/LanguageSwitcher.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90c07a0f7df6ce7d9492c57d01a66644cb8c3bf9e67188e95ffcf0a6c1e9c0bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"55e8f0767f39b8801d408c005c64a149"
age: 673097
x-amz-version-id: UYtvye337x0YS5R.Qmg4ViDDdbPUNH8j
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yuXhL5KePR%2B7502vcqy%2BTBO3LhnY%2BqV2WBNB171Mk0e6MGrgzoytwzOho7cD78MWcvvx67ud4b%2FqhZ7%2ByWmYVw77T52OrWK9QkAUHuT3VBCtxf9UnDwKihzrTORRUEqTIg%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 11 Dec 2025 03:40:01 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: tnq2xz2wH9scm1UY9XK-qHiqz85LGaHVKlzNPc8K8ORpz7Ts5Wvxvw==
date: Wed, 11 Dec 2024 03:40:01 GMT
content-type: text/css
last-modified: Fri, 22 Nov 2024 18:31:38 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196808 PNNy RT(1733888400786 205) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
via: 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront)
cf-ray: 8f02736f288ce646-IAD
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 module_139934353744_Main_Navigation_Submenu.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/139934353744/1728043032529/ 4 KB
2 KB 140ms
134ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/139934353744/1728043032529/module_139934353744_Main_Navigation_Submenu.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2c89d9a4dacba6507e94c004a92f04bd42757b3141e8a00e0ab4789edf8a2f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 5598f18a-868f-43d8-8912-1338b95f5672
content-encoding: gzip
cf-cache-status: HIT
etag: W/"3c26f8c49c173e8a87eb0288eccf2599"
age: 971
x-amz-version-id: 0aFSMotvm3myhGcsIKUbpF12vZu6yCLT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GocO%2BUky%2FcG0i9oNvt7LbGqg9vJtMN3IvU%2FyJMrz%2BvfTTQi4wEGe1y10%2BbgDndN4amxKG%2BF27PaG%2BmWFbrzmt%2B8iz%2FrXA58zpREk%2F8VVVYRoWFcxOxaWBIwSOL1wfuB66A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: OIPwH12koXIeIVNC8SZLhqz2Cvv9w0sofcIZUrGEz7zO_erDSG_k7A==
x-hubspot-correlation-id: 5598f18a-868f-43d8-8912-1338b95f5672
content-type: text/css
last-modified: Fri, 04 Oct 2024 11:57:13 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-s5c5z
x-envoy-upstream-service-time: 209
x-cdn: Imperva
x-amz-request-id: PQ5MT94TWSMV859R
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 4/U3EmETDai0jmfKVJjH/6NgUBVD0lMCuOG5uw+hljOTM73HsxV7Cjv0T7G1m0eA/Y/B/4SJcQs=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196803 PNNy RT(1733888400786 206) q(0 1 1 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-ray: 8f02736f3d9a2021-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1728043032529

GET
H2 200 module_115948073012_Blog_Post_Header.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/115948073012/1713473762453/ 2 KB
1 KB 143ms
137ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/115948073012/1713473762453/module_115948073012_Blog_Post_Header.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca8b14217051bca97ce1ce4294d53a08fabab2e5684a9542a503ded1ee41f7a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: a4726e80-fc13-49bf-aec9-345da39726e9
content-encoding: gzip
cf-cache-status: HIT
etag: W/"2e135dfff88462743ef0f9c7f62607ae"
age: 2359
x-amz-version-id: zGe6myE6PigNVOzq.LuCwK4nv5t2Tvdf
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ILRjWKCGGGeF%2FSjB1DGKojppl8a35mzd2aO5MhtR168ASe7xmL69vCRnSxsyJRU%2Bz7A%2FZPK3htNIZqEyXeMeDhY%2BFpmfBcGG0exkyos9A6E8iG%2Byw86qO7BkvBB66UDow%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: K5uQXonAsdCt1Ny1MglLTBdz25rVvnAmh1gK20I8spwUYT8OHK6Vhw==
x-hubspot-correlation-id: a4726e80-fc13-49bf-aec9-345da39726e9
content-type: text/css
last-modified: Thu, 18 Apr 2024 20:56:03 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-dq4fz
x-envoy-upstream-service-time: 158
x-cdn: Imperva
x-amz-request-id: 93VTQAX3FQCJ0W4X
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: ameji5fZTnrqY3BdXUdq59hWmjz65mmq//znESuh6a7ovOMtP+y71o0t7og+qq3IYBz4Am962gY=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196810 PNNN RT(1733888400786 218) q(0 0 0 -1) r(0 0) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-ray: 8f02736f48ae05a0-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1713473762453

GET
H2 200 module_160785435141_Blog_Table_of_Contents.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/160785435141/1730276059197/ 892 B
1 KB 152ms
146ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/160785435141/1730276059197/module_160785435141_Blog_Table_of_Contents.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a8bca89be900fc40ef69429d5f2c17598c54290166831cb0b0806ca5293308c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 54b97b40-a0b9-4b0f-bc28-a975902de33a
content-encoding: br
cf-cache-status: HIT
etag: W/"056cf976d183227b22d4328e27641f32"
age: 1935
x-amz-version-id: .Sa52zzADHoRg2aGYwqHKoxR_DRF4AB4
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOpKFlTiPs2HWfalIu6NpSKCS%2BfIH6J0AgEZow5WVhzlU6qS8aih0G%2BagXcYL%2BxIrmjrOJa26A1U5YabNazezQhXeRcpF0kE5oW8yhe78MhUT46waJAfdz1Tb%2FbWf0ftwg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: i40TOlt8zGrBvtL9r2s-0zw2zGhEWwXJhFYU7heRfLidugvRyoyjMw==
x-hubspot-correlation-id: 54b97b40-a0b9-4b0f-bc28-a975902de33a
content-type: text/css
last-modified: Wed, 30 Oct 2024 08:14:20 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-plw7m
x-envoy-upstream-service-time: 179
x-cdn: Imperva
x-amz-request-id: F84TGQ3DF0YKZD8S
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: iw4bgueA+ouNDBma4OnSzycrqJvWeYNBkqnF2Y0UO9zXuhP/E9WEjB6VlA/oMzIto6P/1VbOCFg=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196801 PNNy RT(1733888400786 223) q(0 0 0 -1) r(0 0) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-ray: 8f02736f4db30846-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1730276059197

GET
H2 200 module_165344959151_Inline_Blog_End_Card.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/165344959151/1730892462239/ 1 KB
2 KB 148ms
143ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/165344959151/1730892462239/module_165344959151_Inline_Blog_End_Card.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e70eb48f742364cad1a3e6c056de19cc804aff3334641ababfea747ea419859

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: bcb8afd1-4828-450a-9265-be0089a87c2b
content-encoding: gzip
cf-cache-status: HIT
etag: W/"a16c9d1037a2b78394ca57c56cb04520"
age: 2358
x-amz-version-id: 56dXuoNuXb87IfH33GKjn_rz9h0EYRe0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yeNN2xjLMo0umKAD%2BpqGJUucAMnBevIC1oxNxthFgf%2BZ8KvLy2SThSjuLhOjkZqSRC2hdQEs%2FsG%2BPQo9BpXYHtoZtSqqlfBU5rKC%2FAhKzrFUa9s8B3XcKD1h8tZJEqWXAw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: QTLm9VQ_LXz2QrgmLHDdo5cv3PwQD740GgpbC-TmhFfKnLbFNGmcyA==
x-hubspot-correlation-id: bcb8afd1-4828-450a-9265-be0089a87c2b
content-type: text/css
last-modified: Wed, 06 Nov 2024 11:27:43 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-n26lx
x-envoy-upstream-service-time: 258
x-cdn: Imperva
x-amz-request-id: 52BFXKEJA9X56RWV
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: L/ppZb0KDWkWV3HaV3SbA+WMxS45+U0O+y4i56tqRnBTVTZmskPKYmv89BdmKcJWUwiZJLRziMq126fKbdxyyhQae0cpvhkCrknkG0U+4gE=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196805 PNNy RT(1733888400786 230) q(0 0 0 -1) r(0 0) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-ray: 8f02736f5d95e644-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1730892462239

GET
H2 200 module_160606463126_Global_Simple_Conversion_Panel.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/160606463126/1722352920925/ 730 B
1 KB 132ms
127ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/160606463126/1722352920925/module_160606463126_Global_Simple_Conversion_Panel.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e971a8a7d867891c1d9e7a2e04c04b4dc2d958e5600f6909bc2e92bca7959b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: cf8ed1b1-2cea-4173-8a2a-4b5c31f49714
content-encoding: br
cf-cache-status: HIT
etag: W/"5cc730cacf3d62be36fd35668de1a6be"
age: 1935
x-amz-version-id: 5vdrBhDvezDQgkXe5Bd25K.iv49tuTKW
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uXc1taG7so%2F%2FNR7xiPJOkJrpFC1bKwQNLuFCQOVze%2B%2Bec96E7GHsdAq2phihaECgSAfogTgxtBj8xgPDMDLkUlw8wxy5BzXkapmMWD3cavnpauWvDzMYzrAJ45CH5ECXIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: yGtbybcpQQrJtsvtL7WtVp_LRmNbgiJeXCzhDF5M4YAYM8ZdLc--VA==
x-hubspot-correlation-id: cf8ed1b1-2cea-4173-8a2a-4b5c31f49714
content-type: text/css
last-modified: Tue, 30 Jul 2024 15:22:01 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-twx7j
x-envoy-upstream-service-time: 149
x-cdn: Imperva
x-amz-request-id: 3RNAN93H19XQRBZD
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Wh20uTboRdILeOcfeVyj4Qlv/AUyYmeiigclS55+2gA2KyRmFUIpI4HNvy3qc23uIvEP7ADb0fE=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196788 PNNN RT(1733888400786 231) q(0 0 0 -1) r(0 0) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-ray: 8f02736f5d8e6ffe-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1722352920925

GET
H2 200 module_160909307043_Global_Blog_Card_Deck.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/160909307043/1716413190922/ 3 KB
2 KB 127ms
122ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/160909307043/1716413190922/module_160909307043_Global_Blog_Card_Deck.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

063fb11a882ba89c4b00ff05f75c206f34b89448bcffeadfc2c08f7691d55dbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: c446ba58-89cc-44e9-b130-e5b103366fc7
content-encoding: gzip
cf-cache-status: HIT
etag: W/"f24f0325db6677320eefc0b44ac97abf"
age: 2358
x-amz-version-id: 0ApcWBxjV30I6_eQ5rm5JCBICbgB8lqK
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0LI%2FF9DrSlif%2BCI4Jp05kmIjA38M9uaLXkY4k500lGC2YSaJDfLv4%2B34UYD%2BzAK7ZjZWaCdVJjl%2BGD7efR%2BqxXLFMW8wSVTf8VuE2hQaNmfHLsaMUKrBXMWh2%2BgQzClBaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Kxgh3FfMtWMTxaFJa2GltUNNwwafNKysuJlv8lxFlB7p9NCvDgVTxg==
x-hubspot-correlation-id: c446ba58-89cc-44e9-b130-e5b103366fc7
content-type: text/css
last-modified: Wed, 22 May 2024 21:26:31 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-s2fkf
x-envoy-upstream-service-time: 155
x-cdn: Imperva
x-amz-request-id: T0PR9PC9S4D0Z099
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: K9D3eUZdkWi15Hk13LXthPP5oerS0/TDu/pIT0OxJaTgVNLRI0jNfHakbBzrOUVUJhGQ+C4rSrdY7c2mFXo3Gc6sMYIs8VI1
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196808 PNNy RT(1733888400786 231) q(0 0 0 -1) r(0 0) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
cf-ray: 8f02736f5903e646-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1716413190922

GET
H2 200 module_145524835889_Footer.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/145524835889/1729725603333/ 5 KB
3 KB 154ms
149ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/145524835889/1729725603333/module_145524835889_Footer.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1fa32430bf10df61563faa447e1dc9cde222c75f4d2607e553233da375cc65b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 90d03ae0-9ce6-4d00-811a-43f26fa6cf16
content-encoding: gzip
cf-cache-status: HIT
etag: W/"7c855f4a4580b1525c34edf6a815e85e"
age: 344
x-amz-version-id: uHIR1sb8yODpZuD1MCeUUtqsQ8xuLAnP
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T1sBATzRGTU5W8RJAwkKYJXBdnOrXK68fkSowW7W4HxutImvUf5qG4IYDma%2B4mnExWS6uPKWR4sx2XfKmwSgKTQcpwSni6fIJ3y%2F2KMIGJfXhmKl2A0R%2F0%2BOhIWb8%2Bv1%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: yV2EzYwwBOgcyBEyVUbHFKqNeOduhB48ckc3q-bykrds2UKS2HrE7w==
x-hubspot-correlation-id: 90d03ae0-9ce6-4d00-811a-43f26fa6cf16
content-type: text/css
last-modified: Wed, 23 Oct 2024 23:20:04 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-s5c5z
x-envoy-upstream-service-time: 179
x-cdn: Imperva
x-amz-request-id: N7Y566RQXKC2425S
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 0ypXmsAXt+6pj4UtNU9ewzUF0SJCbWNMd++CqITByjFgXpBXt1cUZgcLvbmsbnwXzcMR/m+6yvs=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196808 PNNy RT(1733888400786 232) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-ray: 8f02736f7956e646-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1729725603333

GET
H2 200 module_87930956413_Footer_Legal_Links.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/87930956413/1713466621491/ 750 B
1 KB 156ms
151ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/87930956413/1713466621491/module_87930956413_Footer_Legal_Links.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

444ed9825e6e8b8a93f774efcd67c1b43b78d75c42e52b0825d3b25f68857a8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: ab66c5b5-0a3a-476a-a1ed-d6324f596eb8
content-encoding: br
cf-cache-status: HIT
etag: W/"56a7db1017c882056d44d1beb7d30e9b"
age: 2863
x-amz-version-id: yxf96VzLvAYgWPRyADDKcOEZ8xiJAZ4H
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JuC%2F0kmLpVURAqLRCG4JbszuAVr%2BkSiPUslu285cFZDwilIX%2FMgkvyi6g%2BsoN6eHx%2Bxv2S3fknivGM7OAy325YDKkj2Dwr702fMXD5lccHbSSZS1M%2BP8xvgXrXHDsa5atg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: _DLxZe6a5GvAnG-q42SZ4vH2MK_IClVUnXs3niFJXZiF9AfbBuHOFg==
x-hubspot-correlation-id: ab66c5b5-0a3a-476a-a1ed-d6324f596eb8
content-type: text/css
last-modified: Thu, 18 Apr 2024 18:57:02 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-twx7j
x-envoy-upstream-service-time: 161
x-cdn: Imperva
x-amz-request-id: WJ649HENXP5WXE45
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: S7+GTJbeZKZyf+hOwLit5ptqwZylz8AGBGR88Amr/n03jA8eVYhaaGnhwImFooIGL8ZlCI4G4YzhWk5QmvpjXw==
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196788 PNNN RT(1733888400786 234) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-ray: 8f02736f7da66ffe-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1713466621491

GET
H2 200 module_87944291354_Footer_Copyright.min.css
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/87944291354/1713466625306/ 186 B
1 KB 165ms
161ms Stylesheet
text/css 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/87944291354/1713466625306/module_87944291354_Footer_Copyright.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dd4c16dc18be08040ba32d53ab0853eb4ce51bd1e3d40aea41364d3af9fffe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 8306c9f9-2c22-4705-a94a-490408110400
content-encoding: br
cf-cache-status: HIT
etag: W/"ef4efbca9158ce170632d38509c6c649"
age: 178
x-amz-version-id: _Y79Amu9otthmS7Zl6KwnYUWKyp7XMpK
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C0IdkbG%2F5%2BFAJMExdjNjfYYGW9SmCTegvqs3IqqBnJ4ZO55c34zLnlr%2BOSUjiq8y9egYyHwLxjza4DY2kBbLg4NVpHxnlsENDij4jWLSik2vfdu%2FfvbQJkKF5CPmJjg9NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: QMboVYHmS7VoooPrGWoZEMpsj6sezX8PYNLLMx39qVYvJ8o7tf4MIg==
x-hubspot-correlation-id: 8306c9f9-2c22-4705-a94a-490408110400
content-type: text/css
last-modified: Thu, 18 Apr 2024 18:57:06 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-j9zj2
x-envoy-upstream-service-time: 152
x-cdn: Imperva
x-amz-request-id: XZ8G4YSMJP7WYMKC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: origin, Accept-Encoding
x-amz-id-2: fwG4KNnipn2pqbVCEwXRz4ynFZid5m1YcKmd3JQ0bNWjJMeRot8Z3b4h4iVqEGK9iXxfm+LCYSA=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196803 PNNy RT(1733888400786 235) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 030b88b6d8d9c6faf056723bb5f16078.cloudfront.net (CloudFront)
cf-ray: 8f02736f7df02021-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1713466625306

GET
H2 200 plausible.js Show response
plausible.io/js/ 1 KB
1 KB 568ms
92ms Script
application/javascript 169.150.236.104
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.io/js/plausible.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.150.236.104 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),

Reverse DNS

169-150-236-104.bunnyinfra.net

Software

BunnyCDN-IL1-1206 /

Resource Hash

e3409ac09af396e35fd67c5e024386d36c52138b7541e6a4644c31a94a2d33a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cdn-status: 200
content-encoding: br
x-content-type-options: nosniff
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cachedat: 12/11/2024 03:22:13
cdn-cache: HIT
cdn-requestpullcode: 200
cache-control: public, max-age=3600
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cdn-requestid: 854518670718f77fc79d6adcb0fc82e1
cross-origin-resource-policy: cross-origin
cdn-pullzone: 682664
cdn-proxyver: 1.06
application: 127.0.0.1
permissions-policy: interest-cohort=()
access-control-allow-origin: *
cdn-edgestorageid: 871
server: BunnyCDN-IL1-1206
cdn-requestcountrycode: US

GET
H2 200 in.js Show response
platform.linkedin.com/ 511 KB
161 KB 779ms
63ms Script
text/javascript 23.209.188.7
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.209.188.7 Marietta, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-209-188-7.deploy.static.akamaitechnologies.com

Software

Play /

Resource Hash

cd38ae1d2a1ae32daa9ed2895a5a9d72e41bd2ac0b363aab255d216a58076d91

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
x-li-fabric: prod-lva1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 04:23:00 GMT
x-li-proto: http/1.1
date: Wed, 11 Dec 2024 03:40:02 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
x-cdn-client-ip-version: IPV4
x-li-pop: prod-lva1-x
cache-control: public, max-age=3600
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn: AKAM
x-li-uuid: AAYo9h1puIxjpzWIBstfJA==
content-length: 163883
server: Play

GET
H2 200 ed-lin.jpg
www.varonis.com/hubfs/ 6 KB
7 KB 179ms
179ms Image
image/webp 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.varonis.com/hubfs/ed-lin.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd6a2c2e6967a14b880413da005bf9e57a394669242cd4dcf91855df7d4337ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "7050e00d88f77a2dc46031f138a5bbd6"
age: 946692
cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
x-amz-version-id: P3H0.gP1tnVz9BcPSLW0qz0Ase06hoXp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8nFpi0yTESWlm946geHlYnU2pzk0CuV695e1uGzYO5jm1LryZStZHr%2BMcPedXbrSE6YwyXFWkX%2B09tJdz5mhwuu%2FTgDujuvZGNF7NWOdZBasC5lxTgq%2FEgkRoEFHgQgYUA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: b1wW4n7InzjpvgvVzf8XChsCd9VXa0-Fefz8MddRL_mnLX2PzUZ_WQ==
content-type: image/webp
content-disposition: inline; filename="ed-lin.webp"
last-modified: Thu, 23 Mar 2023 21:22:16 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-cdn: Imperva
x-amz-request-id: JWG3ASW91Q5C16BW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
content-length: 5674
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: qual=85, origFmt=jpeg, origSize=11595
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: HxWg/868BGwPaj1S2FY7zmIE9EnImByqHiWKkTtnEukmuZvnb4WxCP32+HN2bZktQ6cfI47Kutw=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196805 PNNy RT(1733888400786 242) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-ray: 8f02736f9e57e644-IAD
access-control-allow-origin: *
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1646951273866

GET
H2 200 Varonis-IR-Team-Hero.png
www.varonis.com/hubfs/Imported_Blog_Media/ 603 KB
605 KB 185ms
185ms Image
image/webp 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.varonis.com/hubfs/Imported_Blog_Media/Varonis-IR-Team-Hero.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbc0f30e58b2a906e2bdbdf999ce1d8352660f5e59204c6c47efc3ed98b57cb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "1d5e5b5f6ac7b95785a2ec24b8b34f02"
age: 826428
cache-tag: F-53579990612,FD-44912348718,P-142972,FLS-ALL
x-amz-version-id: 1zRIXrh8Eao6OPKyBQYuLbybW_l5hNxj
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B34UIrXyENYTqVIiUAI6uC88ZC4QvKI4CWqt28tY8nIbSdVyEyCXnGBedEr5hizo50FgS12GSSykHuP%2F%2BFsndZaTVsGBqaBS8Wxf%2BZ3F3Fxqz7d55Vc%2F9O0KKT8xf6Z01A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: kjHfzrcRHcFqEe_oEQo3tK3Oa9jw7vuHEZTMBB4qaE5xNtuCY3a2lA==
content-type: image/webp
content-disposition: inline; filename="Varonis-IR-Team-Hero.webp"
last-modified: Fri, 10 Feb 2023 22:29:48 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-53579990612,FD-44912348718,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-cdn: Imperva
x-amz-request-id: DMQ0WG7SK4H2YP96
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-53579990612,FD-44912348718,P-142972,FLS-ALL
content-length: 617178
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=1188495
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: Yj2d6xPvM9L5Tf3wtPzSHN5oNUPXCFTBolHkLx3kSatAxTU6XsfFL7V0DKhesu0DAfsEF7T41Lk=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196810 PNNN RT(1733888400786 243) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-ray: 8f02736f98ed05a0-IAD
access-control-allow-origin: *
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1629751499546

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 484 KB
157 KB 579ms
72ms Script
application/javascript 104.18.141.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 87a0f3c8-9fb1-4135-b161-05878c15b563
content-encoding: gzip
cf-cache-status: HIT
etag: W/"53fa063fb1734ce6bb187c96e7665972"
x-amz-version-id: kLVNDW8Ykh6K0rP5.B3EI30fJIwAAkz3
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
age: 187
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VrZCZz4ASv%2BgPr6wFklrMY6sejHAnmeneVsfu5VsOU32JPuEp06v2cQg2Uw9tZLsGcRAuD89UP19na08yPdr5CQ%2FCJh0OVJi0kywNcn%2BUxC4fPg4Q5d47VQAo%2BD6MSrn"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Rhci8k7dGpNIKW5k-nYQu1rwqzsdYPGDJMPjS_eUbHZOggBVVqWhjA==
x-hubspot-correlation-id: 87a0f3c8-9fb1-4135-b161-05878c15b563
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 17:07:16 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-mglm2
x-envoy-upstream-service-time: 2
x-hs-target-asset: forms-embed/static-1.6227/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6227/bundles/project-v2.js&cfRay=8ec187e36da887a1-IAD
via: 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront)
cf-ray: 8f0273736bd40fa7-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 cse.js Show response
cse.google.com/ 9 KB
4 KB 512ms
72ms Script
text/javascript 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.113 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

gws /

Resource Hash

329ea613b39a3bed33ef56f3e4c9ed3f64e189ac08fd68a488ce12985ef8ee31

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-YVxI4fSn9mJhRXuKbIJ00Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-YVxI4fSn9mJhRXuKbIJ00Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
content-encoding: br
accept-ch: Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-resource-policy: cross-origin
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
permissions-policy: unload=()
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3199
date: Wed, 11 Dec 2024 03:40:02 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: gws
x-frame-options: SAMEORIGIN

GET
H2 200 module_134642960554_Main_Navigation.min.js Show response
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/134642960554/1731622065561/ 2 KB
2 KB 101ms
98ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/134642960554/1731622065561/module_134642960554_Main_Navigation.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0926308bbf7d8918e7893af49e058bd6e4be2caf53ccaaf318ea2879fc99b50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: cc443319-475d-4293-a571-ba3f19652ac3
content-encoding: br
cf-cache-status: HIT
etag: W/"973b6f070cd01e084708b9ef2800f9d4"
age: 1894
x-amz-version-id: 4zgWle.OMrjj8MS.Ntn1Iep2.ANgELto
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BOMd%2B61Bmcrp9HqnFKZOoGi%2FxDLMRmYKRfIpYoRzUFerghqrG7oK1yk1pJWTrF3VIhAANakN4xaU1D0XpKEdS60hKfzs%2B95cM%2FzSqdrf7k6dI6qmRtYQJ3boYd4Tn%2BZ0eg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Z-IXkNuja6AE5daYhSMp0aMCVqojSavuBt9ez7KrGCDfFDycrJZIlg==
x-hubspot-correlation-id: cc443319-475d-4293-a571-ba3f19652ac3
content-type: application/javascript; charset=utf-8
last-modified: Thu, 14 Nov 2024 22:07:46 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-s2fkf
x-envoy-upstream-service-time: 173
x-cdn: Imperva
x-amz-request-id: EXZ67QJ7ENXJQRCD
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 1qvM7mZLe6hrDwvtOl8m0DrYztVuctLkVnGxg2nvpqZt+g5vVUiFH0hHewIsshlLQLljAMt2Yk28o72NkRSssQo48wZmWPRUlRcMtu10t3w=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196810 PNNN RT(1733888400786 999) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-ray: 8f027373ec3f05a0-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1731622065561

GET
H2 200 hubspot-search.min.js Show response
www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/170437707429/1718396732280/hook-www-varonis/js/ 4 KB
2 KB 108ms
107ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/170437707429/1718396732280/hook-www-varonis/js/hubspot-search.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

621316cc008d906942239d59d35864ce45f8cfb1114ac6a9668c8f04d9046c83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 918ba38d-6bc3-4d67-8271-7147068d821a
content-encoding: br
cf-cache-status: HIT
etag: W/"31dd703dc420921c8fbf452ca612b1f8"
age: 345
x-amz-version-id: Jf2L0g0TBf.TvTNbbNZZQlEoPZXDQQ8_
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G8dloMuvmn3ui0yZSDR8ddxlOVuL2DtUwHfKpq1wvLr722bk5ZhVoMLx3EeLpsWOoY4ekb9cGYTAtLfvAnIWDkbhUVztGTnoSkJwpaiECE9Px3WyHw5LBK8tUGfG6RVZgg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: C_B4dwfkJgYhH6fGxnCTGWzaqFqUdo8s9Z_CrAewYvAMZLTrmm3_yQ==
x-hubspot-correlation-id: 918ba38d-6bc3-4d67-8271-7147068d821a
content-type: application/javascript; charset=utf-8
last-modified: Fri, 14 Jun 2024 20:25:33 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-mzbzs
x-envoy-upstream-service-time: 192
x-cdn: Imperva
x-amz-request-id: PCRP5WH4S13BP2VQ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: origin, Accept-Encoding
x-amz-id-2: WH09DWpX1fJHxTLuyT9C4RQA5gR5ePUPAK2P7mw6i2g0pBn4/rF0fzw7owoXk30YQexqlLrxhPc=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196805 PNNy RT(1733888400786 1075) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-ray: 8f0273746c65e644-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1718396732480

GET
H2 200 module_139934353744_Main_Navigation_Submenu.min.js Show response
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/139934353744/1728043031870/ 964 B
1 KB 109ms
104ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/139934353744/1728043031870/module_139934353744_Main_Navigation_Submenu.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d36922df079667f4d9690532324be4d69b71151ce8e8c5f764bb63e8a29fd968

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 001e34c3-12a2-4873-ade2-9bff08246b35
content-encoding: br
cf-cache-status: HIT
etag: W/"043cbe1a2e26c40e75a64085f76e1854"
age: 1787
x-amz-version-id: OsmwCuj6mhA6ywDckj31dMoQY.Vp_ABB
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ObQW7HXUFcXWOoT5qn0TlmyyWX30Lo6aV%2FBiI2UQBLRTedcefadbwqtB%2FT%2BBFJIMMA5Op83wb6YXQk5KaborWSx43FEXeNhO4emWLosCkJ9%2FK4QW0wnjDLLXQvWzQb8WLg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: oXHHCypTbDy-gsjAdamUJE5sAh70nHmUgbvVqyP4RThSlCGjc1JRRA==
x-hubspot-correlation-id: 001e34c3-12a2-4873-ade2-9bff08246b35
content-type: application/javascript; charset=utf-8
last-modified: Fri, 04 Oct 2024 11:57:12 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-24cm9
x-envoy-upstream-service-time: 166
x-cdn: Imperva
x-amz-request-id: YP5Q0QHKWEMZW6KQ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: origin, Accept-Encoding
x-amz-id-2: sh6aC8GJgLh2VmYPxviCIz5xhEycuCMoPLaUAT8vqk0vYbIC513TH3ROCQihu1+PYDv+ttnqO5MdRDV3kLX0nPpKu8xjD6EDCZUCf4DSYME=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196803 PNNy RT(1733888400786 1081) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
cf-ray: 8f0273746bdf2021-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1728043031870

GET
H2 200 main.min.js Show response
www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/ 10 KB
4 KB 109ms
105ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/main.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: b1445b11-4f5d-4340-ac67-84ade2586521
content-encoding: br
cf-cache-status: HIT
etag: W/"c4d1fac2b0b677aeaa2c2ade72813888"
age: 1472
x-amz-version-id: cFtQC0aK9.9b8yKYIzlsSZNKhLtgH8si
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pINKnZdz51TQiRxeIY5xrIB%2Fk7gBBJ1PEFW5nbbn2R94POGkccu76QrmHzXF%2BEdQIgEgyXWdKKirtLrMxG94aqHGKXtNrUNfUjcYouc8kdVmvWzZKXKhXE5t0ogoTyvl1g%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: inxsb0p4VH6jpDSmB0d4CSK8uZEvIZY9VWCgK-rVQUHAdhBjfAcjdQ==
x-hubspot-correlation-id: b1445b11-4f5d-4340-ac67-84ade2586521
content-type: application/javascript; charset=utf-8
last-modified: Fri, 01 Apr 2022 11:44:17 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-vpmmc
x-envoy-upstream-service-time: 151
x-cdn: Imperva
x-amz-request-id: YMYWTR0XD0XTZMD0
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: origin, Accept-Encoding
x-amz-id-2: ZuR1C24/Z8BPZC1Y0YOtdzolA5EqawKKkOO2E4FzXVhpPGruuFO/P8tZoF/JnN+37cVKqDxi3TY=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196810 PNNN RT(1733888400786 1084) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
cf-ray: 8f0273747c9905a0-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1648813456943

GET
H2 200 module_160785435141_Blog_Table_of_Contents.min.js Show response
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/160785435141/1730276058440/ 994 B
2 KB 104ms
100ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/160785435141/1730276058440/module_160785435141_Blog_Table_of_Contents.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff64557f6a778fbd52f7af7c11e29014fa71d522b7fb8f6f27671ceea92818aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 85ef3bf4-40b9-4e11-b246-a492040ca084
content-encoding: br
cf-cache-status: HIT
etag: W/"db7746bf553239b9c521e598e5481494"
age: 2359
x-amz-version-id: fQXiXQCDTJaC_sZrysGIAUTQK7eIJoY7
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jm24W18MKZqz8EilTnl7vaG7y%2B86o%2BRl7hy7iWEWzptAHBF%2B7l6M6fw1enebtTxvsK5RwO3GVEj51haHRdoL0g3SlqDCki2zT6Levu3Wy5IRKAtessKbOaIh%2BFAqzJQptw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: z93Ndr0NADCuVcxmLGdy5txyaznXQpMYUKtJcbx5f5NoVYIiJcaPpA==
x-hubspot-correlation-id: 85ef3bf4-40b9-4e11-b246-a492040ca084
content-type: application/javascript; charset=utf-8
last-modified: Wed, 30 Oct 2024 08:14:19 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-kfcdw
x-envoy-upstream-service-time: 183
x-cdn: Imperva
x-amz-request-id: 3YHZZYV68HB97KCJ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: origin, Accept-Encoding
x-amz-id-2: WZNiSwqnj86NisbyAnoSzU8gvedSycIpxjbFqrynnCq94fgS+BkfCftl4vLAVLHiTrcWpFku64W65amQ9GIZCQT27CP2IzjFdBnltwbTVGE=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196788 PNNN RT(1733888400786 1090) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 05f27386f4cfcb918eb11b3fea4d975e.cloudfront.net (CloudFront)
cf-ray: 8f02737479716ffe-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1730276058440

GET
H2 200 blog.min.js Show response
www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/73655310759/1713991707169/hook-www-varonis/js/templates/ 1 KB
2 KB 108ms
104ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/73655310759/1713991707169/hook-www-varonis/js/templates/blog.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a08a8d858d266109baa4d2dde40802f8bcb49a12695d87e7834121c01ee03e0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 12a211b8-0f8b-4687-969e-11f8ae3962df
content-encoding: br
cf-cache-status: HIT
etag: W/"98126a9a3d9adcb375729c8188291e21"
age: 1935
x-amz-version-id: jxdv2FemmDfXmQvBfw0K2wfkNI20LjoW
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iA%2B1lMXnfO52G7siPu9VrxlXydX7kvL7LiWGPxBSd08kUQbbL5gxy0MEfYWv4XBYElUCIe%2B7Qmo%2BkLCX39hVtGG56UHuSpRaad%2F8UsuKyd%2Fm54zQD1drzciAlEZ6SGRpag%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 3gUBM1Hait-Uyw0G9eyZeQYbAyVd95WKtGevzyomAUl2JHWXzUCodg==
x-hubspot-correlation-id: 12a211b8-0f8b-4687-969e-11f8ae3962df
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 20:48:28 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-qctxm
x-envoy-upstream-service-time: 151
x-cdn: Imperva
x-amz-request-id: 2D3MJQ11CS1R1TCD
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: origin, Accept-Encoding
x-amz-id-2: xz13SG6HCnDsXe6/iBk5hp8DRVxko0x70WoCifFXPCO6fIDRFXH1NHVSJYGhZv8T6mgiuyTshGVtqtzJs5nHI3trZ1NOiFnnOm9qUP9mF3s=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196808 PNNy RT(1733888400786 1096) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-ray: 8f0273748f62e646-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1713991707360

GET
H2 200 jquery.toc.min.js Show response
www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/ 1 KB
2 KB 118ms
114ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/jquery.toc.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: b9374f24-c63a-4d57-95a0-c1d8fc57b402
content-encoding: br
cf-cache-status: HIT
etag: W/"39e23085840845568c2de46aea67930a"
age: 2017
x-amz-version-id: lc7TVYH83Kc340jcQdjsZkUvsmS2PDDe
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hxm3sou8IR%2BEXW%2BEiRXA4brX6sBzvvgKGWB%2BD%2BWPXfn4TVf%2Fht%2BtH0upran5nC38reAByVfdrQvG7tgfPqk26oC26NgeuCLye1o2HyBqfuSLaw%2BuxuQ9QpZV%2FFGbGrrBAA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: e2sxpDfmzZSNl2QcOAtwUdBbOfeea8P0KDj3xQhJGeBavvh3ORU7wA==
x-hubspot-correlation-id: b9374f24-c63a-4d57-95a0-c1d8fc57b402
content-type: application/javascript; charset=utf-8
last-modified: Tue, 14 Mar 2023 07:47:54 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-plw7m
x-envoy-upstream-service-time: 152
x-cdn: Imperva
x-amz-request-id: RC0F6HV0D1WY6G0K
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 6MLmqLnrwjNs9HrYPtVCgyEAobyvJtv3batgoNfI10rswO3PozZNob1JqXcgYSmoqXFXHk36tfU=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196801 PNNy RT(1733888400786 1098) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 7b32163caf7e91fe96df7bbeaa58c0f8.cloudfront.net (CloudFront)
cf-ray: 8f0273748be50846-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1678780073283

GET
H2 200 module_145524835889_Footer.min.js Show response
www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/145524835889/1729725602611/ 401 B
1 KB 132ms
128ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/145524835889/1729725602611/module_145524835889_Footer.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c675a3c350975be47ae587ebf49de2a9924d62ce1141004266639cdff7df93e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: 96a2a433-0879-476d-8a47-aa9e104031d0
content-encoding: br
cf-cache-status: HIT
etag: W/"ced9f2a037d9feb68c428fe38d744ddf"
age: 1212
x-amz-version-id: siyU2J.BPynT6A.DoU7_RBDm36BEef7h
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3rHiZklUG91hwnPNZvJLvHYuA2K4lu5xl%2FnOfBfILsG2GCOdxVS7JbVkpepHqrD%2FzkoM5cCTHA9yhuURUBV5wgHY1vP72yg0J2JNMscrfq5Fjbp7AoqJbeBiYPUpHHMh%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: TNP-zENsPrBTwiBWeL5fv3oWsdKzRbzdLHEAye0_JBEuBjdgbMtH-w==
x-hubspot-correlation-id: 96a2a433-0879-476d-8a47-aa9e104031d0
content-type: application/javascript; charset=utf-8
last-modified: Wed, 23 Oct 2024 23:20:03 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-qphjm
x-envoy-upstream-service-time: 170
x-cdn: Imperva
x-amz-request-id: SGXCQJ6YJ3EM8HAD
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: origin, Accept-Encoding
x-amz-id-2: +0mfOGNXKSjnWcHpuwS6B6LOwK9IYYfT/c6gaPUTeLr7PUpUjtvPWU9zENYzni6XWsUfq1SRGOG7c5msWVQC5vLELZM7OqeUSFeDPKcd7pk=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196805 PNNy RT(1733888400786 1099) q(0 1 1 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.varonis.com
access-control-allow-credentials: false
via: 1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
cf-ray: 8f027374ad1ae644-IAD
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1729725602611

GET
H2 200 142972.js Show response
www.varonis.com/hs/scriptloader/ 2 KB
1 KB 122ms
120ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/scriptloader/142972.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1db4773f07530c87892bbe63dcbf9d72f669414fc6481588c9707e12aca3707

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
age: 83
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FWrp8KsebtjmsqCwBzep7kbeatf8aaqG8iEvz3tcFBrxaBYfwAC%2Fekjvvk2qJjgUmijwf7oamuK0eJlLIhq%2BctWMXVvZcgYasfKAlCKEMBiD%2B16CmjX57Xi%2FbID20BMdaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:41:32 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 03:40:02 GMT
x-hubspot-correlation-id: 56199190-bd95-4f8b-b610-8584e6a5a3c5
content-type: application/javascript;charset=utf-8
last-modified: Wed, 11 Dec 2024 03:37:57 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196788 PNNN RT(1733888400786 1101) q(0 1 1 -1) r(1 1) U24
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=90
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
access-control-allow-credentials: true
cf-ray: 8f027374a9996ffe-IAD
accept-ranges: bytes
access-control-allow-origin: https://www.varonis.com
content-length: 663
server: cloudflare

GET
H2 200 index.js Show response
www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 136ms
134ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3ef0deda0631561665e95645daf500a2"
age: 944228
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ER3G0g03DPAIva%2F4GNznyHrJvMLG%2FaKSte%2FKHNicHXWaVmeNUgG%2FHh0ZyaH5MKFaKMqA2tcBYCTj4BLidiOZ0UWy1BIZ2sqJJQk11socrWFKrkXF9NhYipmNAWadX%2FIZEg%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 11 Dec 2025 03:40:02 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: comH8QIHvCb0j8_dD-C4ZOsH2FsdHtAyDYXSPET6Ry_R_rY0PlJqKg==
date: Wed, 11 Dec 2024 03:40:02 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196803 PNNy RT(1733888400786 1104) q(0 1 1 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
via: 1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
cf-ray: 8f027374bc322021-IAD
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 _Incapsula_Resource Show response
www.varonis.com/ 86 KB
20 KB 93ms
91ms Script
application/javascript 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1793735479

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

7304be8468bd2101fd7cdda0d540b4a37080c39a9f0a7a1eb2a7fd922e8a4f94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-robots-tag: noindex
cache-control: no-cache, no-store
content-encoding: gzip
content-length: 20451
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 407 KB
135 KB 465ms
69ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

5999d7cc581ef277bdb5f89c30243e18be8a707b93f19266116f4e8ca201b0a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Wed, 11 Dec 2024 03:40:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 11 Dec 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 137972
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 Graphik-Medium-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 46 KB
47 KB 552ms
93ms Font
application/font-woff2 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Medium-Cy-Web.woff2
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971998/1733761390007/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.varonis.com
Referer: https://www.varonis.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "b1508d27f0878f1a2c67e3104acc6f04"
age: 1557361
cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
x-amz-version-id: qsBQrK0UutXz6JHO9XDG7lT0R2bZ_P1t
x-cache: RefreshHit from cloudfront
x-amz-cf-id: SBTs1xoRliXjWS8pvh9InRnWgm3yt47On4VqwUokywCi0B0majFE9Q==
content-type: application/font-woff2
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: QXA3TEVEC0D1QMAT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
content-length: 47393
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:03 GMT
vary: Accept-Encoding
x-amz-id-2: 4IA61jLvnnWjcZ+GDQ+uSmRNHbBqs6fy2DnfCQ3JHrK+2KfGLlOyzDKGEAy8betYXDos1heFi7Y=
timing-allow-origin: 142972.fs1.hubspotusercontent-na1.net
via: 1.1 9072caf3ec2d91f3dd159b88ae86e822.cloudfront.net (CloudFront)
cf-ray: 8f0273778a4e4cb2-PHL
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1681244839921

GET
H2 200 GraphikCondensed-Semibold-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 35 KB
36 KB 554ms
96ms Font
application/font-woff2 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/GraphikCondensed-Semibold-Web.woff2
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971998/1733761390007/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1b24ca6deb4f4105343780e198f2330f4cb03c3e2b9e1441d412776623718cf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.varonis.com
Referer: https://www.varonis.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "547517722e842b5ba50be048c31643f9"
age: 1504486
cache-tag: F-147863706408,FD-110532947091,P-142972,FLS-ALL
x-amz-version-id: A7ypzsfJwnvaiRXw7INslTO2c9RSThcQ
x-cache: RefreshHit from cloudfront
x-amz-cf-id: IenKB5sNndl7VJaz7bg0DbfSRdIy4F5JrlEE7sv9oUZYqU78YAsl2w==
content-type: application/font-woff2
last-modified: Wed, 29 Nov 2023 22:40:52 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-147863706408,FD-110532947091,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: X6RJC6FAHVRH0J2J
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-147863706408,FD-110532947091,P-142972,FLS-ALL
content-length: 36005
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:03 GMT
vary: Accept-Encoding
x-amz-id-2: EKoJZQ2XCdu+F5Q5FgU2Gal0CLcSGSo+OGX5xW7tmZxZ+YHzarsznDQJSP62sOa1xphyhEjUBMQ=
timing-allow-origin: 142972.fs1.hubspotusercontent-na1.net
via: 1.1 64d968aa0a0b58a1d00cb142d02b0ac0.cloudfront.net (CloudFront)
cf-ray: 8f0273778a4d4cb2-PHL
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1701297651706

GET
H2 200 Graphik-Regular-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 42 KB
43 KB 565ms
107ms Font
application/font-woff2 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Regular-Cy-Web.woff2
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971998/1733761390007/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.varonis.com
Referer: https://www.varonis.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "3c6b915f90783765fd47bc0e05b46078"
age: 1022058
cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
x-amz-version-id: dC1ZTBx86DO9UlmT3zytQkvsH.OIjcRF
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 5EqAWQeGNozHLKrhXcPxQ4ian3svBJiyYHGT8USpWFuqLedfcwsPhg==
content-type: application/font-woff2
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 4J1ADF3B6KP8CKY2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
content-length: 43329
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:03 GMT
vary: Accept-Encoding
x-amz-id-2: l6htSZoUf3KsMAF0hocYrrdbFN+FN85MQIjKDets2JOrxTz9ORmpSN2n//WJqTRbHJjCjQ11zp4=
timing-allow-origin: 142972.fs1.hubspotusercontent-na1.net
via: 1.1 da8cb5b9fb94d7de03d8eaa20297debc.cloudfront.net (CloudFront)
cf-ray: 8f0273778a4b4cb2-PHL
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1681244839928

GET
H2 200 Graphik-Semibold-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 47 KB
48 KB 557ms
99ms Font
application/font-woff2 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Semibold-Cy-Web.woff2
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971998/1733761390007/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.varonis.com
Referer: https://www.varonis.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "912a296360c873da4d505fecc03d44a5"
age: 611831
cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
x-amz-version-id: mxuwX8fqRvNjrtNo8SAnedwxdNDRhr6l
x-cache: RefreshHit from cloudfront
x-amz-cf-id: UL392vrysMixVwA7aGW7dnB-N9f64NdMhaUnzCnVa1EenG6dPXl37g==
content-type: application/font-woff2
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 3TZ54AZCS9KQZWT9
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
content-length: 48237
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:03 GMT
vary: Accept-Encoding
x-amz-id-2: Ifgvcq76RRtwpJnxTBFshRRpw+NBvKY2804FjcYBvRag6OXci5j0uVyPw1T1nMXL894op2SV/hk=
timing-allow-origin: 142972.fs1.hubspotusercontent-na1.net
via: 1.1 619f2eec0ea05d2ce0279df117eb9a0c.cloudfront.net (CloudFront)
cf-ray: 8f0273778a504cb2-PHL
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1681244839881

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/142972/40a8f297-80c2-4c34-9572-8648458abed5/ 5 KB
3 KB 546ms
148ms XHR
application/json 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/142972/40a8f297-80c2-4c34-9572-8648458abed5/json?hs_static_app=forms-embed&hs_static_app_version=1.6227&X-HubSpot-Static-App-Info=forms-embed-1.6227

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d3e3a466ea6f95a378f12c0b88bb117ac89c4e7b30758173f64bc80b87c3a1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 08a6c79f-b8b9-45ec-a5cb-0ef2050f264b
access-control-expose-headers: X-Origin-Hublet
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
x-origin-hublet: na1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
Date: Wed, 11 Dec 2024 03:40:03 GMT
x-hubspot-correlation-id: 08a6c79f-b8b9-45ec-a5cb-0ef2050f264b
Content-Type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-4nb5b
x-envoy-upstream-service-time: 11
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8f0273777e310f9c-EWR
access-control-allow-origin: https://www.varonis.com
x-evy-trace-route-configuration: listener_https/all
Content-Length: 1772
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 ed-lin.jpg
www.varonis.com/hubfs/ 6 KB
0 0ms
0ms Image
image/webp 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.varonis.com/hubfs/ed-lin.jpg
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.150.169 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd6a2c2e6967a14b880413da005bf9e57a394669242cd4dcf91855df7d4337ee

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "7050e00d88f77a2dc46031f138a5bbd6"
age: 946692
cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
x-amz-version-id: P3H0.gP1tnVz9BcPSLW0qz0Ase06hoXp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8nFpi0yTESWlm946geHlYnU2pzk0CuV695e1uGzYO5jm1LryZStZHr%2BMcPedXbrSE6YwyXFWkX%2B09tJdz5mhwuu%2FTgDujuvZGNF7NWOdZBasC5lxTgq%2FEgkRoEFHgQgYUA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: b1wW4n7InzjpvgvVzf8XChsCd9VXa0-Fefz8MddRL_mnLX2PzUZ_WQ==
content-type: image/webp
content-disposition: inline; filename="ed-lin.webp"
last-modified: Thu, 23 Mar 2023 21:22:16 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-cdn: Imperva
x-amz-request-id: JWG3ASW91Q5C16BW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-68246422705,FD-38801886889,P-142972,FLS-ALL
content-length: 5674
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: qual=85, origFmt=jpeg, origSize=11595
date: Wed, 11 Dec 2024 03:40:01 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: HxWg/868BGwPaj1S2FY7zmIE9EnImByqHiWKkTtnEukmuZvnb4WxCP32+HN2bZktQ6cfI47Kutw=
x-iinfo: 12-201196778-201196805 PNNy RT(1733888400786 242) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-ray: 8f02736f9e57e644-IAD
access-control-allow-origin: *
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1646951273866

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/8fa85d58e016b414/ 286 KB
94 KB 448ms
51ms Script
text/javascript 64.233.180.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8fa85d58e016b414/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f105.1e100.net

Software

sffe /

Resource Hash

d480de66b420ea6afb356fe87de6fe62f5cbbd08662f077ff2edae95a2b900df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Wed, 12 Jun 2024 21:33:21 GMT
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
content-length: 95840
x-xss-protection: 0
server: sffe

GET
H2 200 default+en.css
www.google.com/cse/static/element/8fa85d58e016b414/ 41 KB
9 KB 446ms
50ms Stylesheet
text/css 64.233.180.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8fa85d58e016b414/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f105.1e100.net

Software

sffe /

Resource Hash

a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 12 Jun 2024 21:33:21 GMT
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
content-length: 9068
x-xss-protection: 0
server: sffe

GET
H2 200 minimalist.css
www.google.com/cse/static/style/look/v4/ 5 KB
2 KB 445ms
49ms Stylesheet
text/css 64.233.180.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/minimalist.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f105.1e100.net

Software

sffe /

Resource Hash

e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
age: 539
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 04:21:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:31:04 GMT
last-modified: Mon, 25 May 2020 08:30:00 GMT
content-type: text/css
vary: Accept-Encoding
cache-control: public, max-age=3000
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
content-length: 1452
x-xss-protection: 0
server: sffe

GET
H2 200 li-lvl-1.svg
info.varonis.com/hubfs/2024%20Website%20Redesign/Icon%20Library/List%20Item%20Icons/ 222 B
2 KB 375ms
301ms Image
image/svg+xml 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/2024%20Website%20Redesign/Icon%20Library/List%20Item%20Icons/li-lvl-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971998/1733761390007/hook-www-varonis/css/main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

788db8a878105bdf53b3bac8f46ef4676f23973293ada91243586a17814d2791

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"1eaf5023cd3f8136fcbd12f35cff9ef2"
age: 1676571
cache-tag: F-165871843640,FD-165870157910,P-142972,FLS-ALL
x-amz-version-id: zveIrDfrB_bVN43hsuxJlz1xQsWgPLS0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TTAehOHtaFpttgzHDMcxSHMK6HNPLZrQmlm%2FXvuTczZb0aQ2dzXGuGk%2FU8sRVkZ%2FNCHS94He4M7CgBNR49LBtizssKYGd6Z7cEtKZbRXatNj0zl%2FGdNlhlrr29gOU3sT998%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 0SPjgA5iUFSLekraXUCX95fXkKcR4XY1bU71KjwBrcvHy3infSF8_Q==
content-type: image/svg+xml
last-modified: Wed, 29 May 2024 16:58:43 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-165871843640,FD-165870157910,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-cdn: Imperva
x-amz-request-id: 2M0RPZV9WT1G8E5B
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-165871843640,FD-165870157910,P-142972,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:03 GMT
vary: Accept-Encoding
x-amz-id-2: ahKoDvNRyl+pZo4kLc3RucZC1beomuo+xTg8PI7MkVdgsXAa8vLMOOk0+VwiNyQpOtipdhOTKaoIa5rjE3tfsA==
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196921 NNNN CT(5 13 0) RT(1733888400786 1233) q(0 0 0 -1) r(2 2) U24
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-ray: 8f0273757e0f8236-IAD
access-control-allow-origin: *
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1714432201776

GET
H2 200 blog-post-end-card-background.png
info.varonis.com/hubfs/2024%20Website%20Redesign/Backgrounds/Conversion%20Panels/ 128 KB
130 KB 287ms
215ms Image
image/webp 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/2024%20Website%20Redesign/Backgrounds/Conversion%20Panels/blog-post-end-card-background.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs-fs/hub/142972/hub_generated/module_assets/165344959151/1730892462239/module_165344959151_Inline_Blog_End_Card.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1223df9794a2ad28042fea6f8fed36d41c86f7d3cc1e37915feb32384a82505a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "c06acbbf249d567b42ae857e6d02ca72"
age: 14543
cache-tag: F-165435781781,FD-160624608147,P-142972,FLS-ALL
x-amz-version-id: IumwImoQQloqzu4ybiuzYvCewbFWR7fE
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZnQZAToKKF1yq%2BbC9WJZxt0VFC6BmXH4iNRAfECTDTeZ3rmoE%2FMur0WxrPTsZQEsHvZhbHV66YXfvXM9jIqWM1IWPQYdYxgGkaC%2FJYVNwdte%2F4Mt02mM9pRKiorablsWxao%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: AwRXTN2aMnNJW-_mUxaeGEe_KexdKUOwdYK70j6x7kphXi0bKvOVkQ==
content-type: image/webp
content-disposition: inline; filename="blog-post-end-card-background.webp"
last-modified: Wed, 29 May 2024 16:55:51 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-165435781781,FD-160624608147,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-cdn: Imperva
x-amz-request-id: 16ZMYPT2KSDFVFK8
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-165435781781,FD-160624608147,P-142972,FLS-ALL
content-length: 131412
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=237156
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: DXXwSCqbOK9curv3aWJ1Pj366Ay2YZrQYTHA2RdmZxnOZVlGYbyr/nHi7ppvrRGfRhT7sXKgtBg=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196919 NNNN CT(6 11 0) RT(1733888400786 1231) q(0 0 0 -1) r(1 1) U24
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
cf-ray: 8f0273757f668251-IAD
access-control-allow-origin: *
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1713980691501

GET
H2 200 Varonis%20Background%20Conversion%20Panel.png
www.varonis.com/hubfs/ 133 KB
135 KB 122ms
122ms Image
image/png 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.varonis.com/hubfs/Varonis%20Background%20Conversion%20Panel.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7aab557343f0e0899f6ab6b35b4e9fa9459c82664d6448e42e222cad9e6edc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "60f90a0dfcb21c2e65b254018da25d06"
age: 621294
cache-tag: F-149504692399,P-142972,FLS-ALL
x-amz-version-id: kFzfnvT_ltt7upLORgbtRUEHjndwsQ3G
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nLU6NKV1uY%2Bslqf9IjhhK2FNnPK7%2Fzrnf3phYXPglnJEIjKLhmzZtgKOg9wPQmP9CSsIF4Rylb2mKAhpFXB6AO2aJosNFJHkPk%2B8HS%2FC4bM3PVdEX0hI%2BbvHio2AK92TwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: wc51P7z7Ez3UumI--vd0RgSgJ3bY4LmppA7Jcv7HL36ZSSE-MBspQg==
content-type: image/png
last-modified: Mon, 11 Dec 2023 21:52:19 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-149504692399,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-cdn: Imperva
x-amz-request-id: SF52H2D3D6GZHS4R
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-149504692399,P-142972,FLS-ALL
content-length: 136258
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origSize=261931, status=webp_bigger
date: Wed, 11 Dec 2024 03:40:02 GMT
vary: Accept-Encoding
x-amz-id-2: 68Go/d3hM28UtJ0DzVPyryrac7IiYzo6yK/xYhao4z252UI8dLdiKJxoIdA/Bw79e27MaDfIMcE=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196808 PNNy RT(1733888400786 1140) q(0 0 0 -1) r(1 1) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
cf-ray: 8f027374c848e646-IAD
access-control-allow-origin: *
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1702331538091

GET
H2 200 GraphikXCondensed-Semibold-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 34 KB
34 KB 519ms
94ms Font
application/font-woff2 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/GraphikXCondensed-Semibold-Web.woff2
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs-fs/hub/142972/hub_generated/template_assets/60281971998/1733761390007/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: caa729283b7b5a247aa014b6f1c70b9d844039daa03f4948f9e94cd3027745f5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.varonis.com
Referer: https://www.varonis.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "84f48de6f432ee609b6b76c7003eb4ba"
age: 611831
cache-tag: F-147863452009,FD-110532947091,P-142972,FLS-ALL
x-amz-version-id: c12mx_tCvO1p4zvzm4kIUamZG9I5lFM7
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 8MJCJyrueKJin9A2K_4P80QAeKMbbvWAmtR_08N-5mGvskcOoO7HmQ==
content-type: application/font-woff2
last-modified: Wed, 29 Nov 2023 22:39:50 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-147863452009,FD-110532947091,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 40ZSA7JA619GTPWB
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-147863452009,FD-110532947091,P-142972,FLS-ALL
content-length: 34745
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:03 GMT
vary: Accept-Encoding
x-amz-id-2: 5rc02aiLNEU98eTUwglsKp8aLrfJRWpkrzsiSnSrlWIcqrinEKdd16KV92i0vovUwv7Zw6/X26M=
timing-allow-origin: 142972.fs1.hubspotusercontent-na1.net
via: 1.1 caa0a58c07c02a81da0eec28401c0510.cloudfront.net (CloudFront)
cf-ray: 8f0273778a484cb2-PHL
access-control-allow-origin: *
x-amz-cf-pop: ORD58-P2
x-amz-meta-created-unix-time-millis: 1701297589896

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
4 KB 425ms
38ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

1f27085f18da2ceff2a3f448b7da558803acad48374342287e6eacd3589034c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-md5: seWGO1bU5RFYICE0C/1JCg==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "bf464dd25ef246adb7a1a10598ad3956"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:51:54 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: 10cc8b3afc20fa5f168191e15676efb4
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=13, mss=1392, tbw=2969, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: IW3rMzKv8doHcvF1g8qcSOqzT1WQAlzZmIuo5ehicN4J0T13DWyratcrlQ2Adv4KKgUjDllyXyZS41iFdhmnvg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-fb-optimizer: 0
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 1688
origin-agent-cluster: ?1

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 169ms
36ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
access-control-allow-methods: GET
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Wed, 11 Dec 2024 03:40:02 GMT
last-modified: Mon, 11 Dec 2023 17:20:28 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kiad7000128-IAD
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=1800
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27597
x-amz-server-side-encryption: AES256

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/142972/ 77 KB
28 KB 456ms
70ms Script
text/javascript 172.64.147.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/142972/banner.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d9aff7583b254af4719db23a790365cb75f412de7892dc8b2b8c523be635578

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 9d4cdfcb-3a02-4df6-a6f9-e41e105e89c7
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"19e592806a37d4b8f8037aa5c990afb6"
x-amz-version-id: _.JGqpmKDn1RJ3bGbtYNURUJTICOueQW
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Wed, 11 Dec 2024 03:40:03 GMT
x-evy-trace-listener: listener_https
date: Wed, 11 Dec 2024 03:40:03 GMT
x-hubspot-correlation-id: 9d4cdfcb-3a02-4df6-a6f9-e41e105e89c7
content-type: text/javascript; charset=UTF-8
last-modified: Thu, 24 Oct 2024 22:01:04 GMT
vary: origin, Accept-Encoding
x-amz-id-2: XjABkkRc4LiSkj2CmAMHUeFp5rnAgHc/fEpwpNIKnb/8lL9I486rKEEbOkgXbJmIbgWWON+T9BU=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-ds2fh
x-envoy-upstream-service-time: 85
access-control-allow-credentials: true
x-amz-request-id: DD08PVFW080F57ZK
cf-ray: 8f027377bea941e9-EWR
access-control-allow-origin: https://www.varonis.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 456ms
72ms Script
application/javascript 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.varonis.com
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: cf00e739-64e5-4094-8cab-609f910e4be9
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: mNXUuIIWhVdVPzPqyp_sjRXwZmR0sDd4
etag: W/"224467cc4ce3a08f302186b8a1ce03c9"
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
age: 219
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4wsY4SqPHWp8N%2FStQukHW2p8WAgTtJdB36NrWM0gBW4QS4WPc8ast7oIZhSXy%2B2D60m25vxg4BqFHm1vT6qzxCw1dbTPgrSncCcr9AtFUzIRMxyauJXxudj09fxPVA7S"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: F9XAndx2bwnda9TONqJgLdt4tcQDWtO6Z60_p3m2t0S03F145mS6Hw==
x-hubspot-correlation-id: cf00e739-64e5-4094-8cab-609f910e4be9
content-type: application/javascript; charset=utf-8
last-modified: Mon, 02 Dec 2024 10:47:31 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-fndvb
x-envoy-upstream-service-time: 39
x-hs-target-asset: web-interactives-embed/static-2.1869/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Wed, 11 Dec 2024 03:40:03 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1869/bundles/project.js&cfRay=8ebac1528d951409-ATL
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
cf-ray: 8f027377ba810cc6-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 142972.js Show response
js.hs-analytics.net/analytics/1733888100000/ 69 KB
25 KB 458ms
65ms Script
text/javascript 104.16.160.168
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1733888100000/142972.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.160.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95ca71588e51f8364b11c77efb3b2bbcdff055c2634cfcce6b41a4d3a5cbe16a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 5519ad6a-0bc7-4208-bc27-c9898f0212ba
content-encoding: gzip
cf-cache-status: HIT
etag: W/"804f873beb95d32126e732403212c4c9"
x-amz-version-id: null
age: 220
expires: Wed, 11 Dec 2024 03:40:37 GMT
x-evy-trace-listener: listener_https
date: Wed, 11 Dec 2024 03:40:03 GMT
x-hubspot-correlation-id: 5519ad6a-0bc7-4208-bc27-c9898f0212ba
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:38:04 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Wh7A623+4t4dnfGpvShW7wig4kVbfACZ19CBKaDnA4OD3EkWWfdODUsA0A3Pg1HQhmfXxszfgPaCPbWTB61+xqafCkWLcP3FqL7X2xzicN4=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-ttmxb
x-envoy-upstream-service-time: 23
access-control-allow-credentials: false
x-amz-request-id: 77YVMV6750WKNT6J
cf-ray: 8f027377ccb40f37-EWR
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 479ms
43ms Script
application/javascript 104.17.128.172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.128.172 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b68f851f2bfeb6dac7995a48adb301413ab71cbdc0c957a93188dd11f2db47a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-evy-trace-virtual-host: all
x-request-id: 92547a00-da8d-4ee2-824c-93daf319f8e9
content-encoding: gzip
cf-cache-status: HIT
etag: W/"4ba477bec89e48177cbcdeb69afc4adc"
x-amz-version-id: 01x72ptxNpcmmjm2QIiCeVTFvrbx0c6q
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 141
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: h4oCzVDlIoATx5qts-Zr6Ya-McF8KnTb_YCoqqIVB0p_RPz-YpaluQ==
date: Wed, 11 Dec 2024 03:40:03 GMT
x-hubspot-correlation-id: 92547a00-da8d-4ee2-824c-93daf319f8e9
content-type: application/javascript; charset=utf-8
last-modified: Tue, 10 Dec 2024 19:46:50 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-mglm2
x-envoy-upstream-service-time: 5
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.938/bundles/pixels-release.js&cfRay=8effcd11e821c33c-IAD
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
cf-ray: 8f02737919d10f43-EWR
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.938/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 94 KB
27 KB 474ms
50ms Script
application/javascript 104.16.76.142
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.76.142 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd38983aac253be575fad833970a74c40ad03895967a1e28c29df202d6dff968

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-evy-trace-virtual-host: all
x-request-id: 02a1d6f2-d387-48ad-af32-08cc6fdda8c6
content-encoding: gzip
cf-cache-status: HIT
etag: W/"e35f882ec605aed255452cccee7d653b"
x-amz-version-id: uErx5QfjRUhW7SFi4KTBzTR0vdG4L1NA
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
age: 492
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: peZ8L65LC1RErtk6_c5MwiafYR06fU_7i3Gu5YWK5osFHUg0nBPfjA==
date: Wed, 11 Dec 2024 03:40:03 GMT
x-hubspot-correlation-id: 02a1d6f2-d387-48ad-af32-08cc6fdda8c6
content-type: application/javascript; charset=utf-8
last-modified: Tue, 10 Dec 2024 22:51:15 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-56k8s
x-envoy-upstream-service-time: 2
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.19211/bundles/project.js&cfRay=8f00db42de8fe615-IAD
via: 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront)
cf-ray: 8f0273796b9cc330-EWR
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: conversations-embed/static-1.19211/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 _Incapsula_Resource
www.varonis.com/ 1 B
84 B 35ms
35ms Image
text/plain 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.varonis.com/_Incapsula_Resource?SWKMTFSR=1&e=0.3698772237227914

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-robots-tag: noindex
cache-control: no-cache, no-store
content-length: 1
content-type: text/plain

GET
H2 200 widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame D8F4 0
0 124ms
37ms Document
text/html 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.varonis.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105429
content-type: text/html; charset=utf-8
date: Wed, 11 Dec 2024 03:40:03 GMT
etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified: Mon, 11 Dec 2023 17:19:49 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT
x-served-by: cache-iad-kiad7000138-IAD

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 465ms
39ms Script
text/javascript 142.251.163.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.113 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
age: 2482
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 04:58:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 02:58:41 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 287 KB
99 KB 61ms
60ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1015553108&l=dataLayer&cx=c&gtm=45He4ca0v846391121za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a3bcb13b2f3908544ec050c5f19e01f0c93071eb639c820c42a792fe015dadfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Wed, 11 Dec 2024 03:40:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 11 Dec 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 100693
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 43 KB
13 KB 454ms
31ms Script
application/javascript 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "1a001f3a066bff47a766099b87253911"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12220
date: Wed, 11 Dec 2024 03:40:03 GMT
last-modified: Mon, 18 Nov 2024 21:16:35 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 241ms
33ms Script
application/x-javascript 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/scripts/bizible.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nyd/D12D) /

Resource Hash

240d410aca3cee565e1ed42102cbb6a42922fdc9ad93f35a542d66168bf12d63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: max-age=86400
content-encoding: gzip
etag: "4797a1a44a3cdb1:0"
age: 23078
accept-ranges: bytes
x-cache: HIT
content-length: 25393
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/x-javascript
last-modified: Thu, 21 Nov 2024 19:22:02 GMT
server: ECS (nyd/D12D)
vary: Accept-Encoding

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 42ms
39ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

c4eb49795f7a703429e7012cec0a556e6faf6f551f07cd337f66c5a1ec3a5847

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-1knutMR3' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-1knutMR3' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=10, rtx=0, c=20, mss=1392, tbw=6785, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: a5dUlIJeOs5Nk5Pqb4HMTYkfak8DzYzuNCDehEwyTiGTW9PQwHRj/WV+60nkD6kq9t+/nxwLfOxe3gdXLHFn9Q==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62212
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 142972.js Show response
js.hs-scripts.com/ 2 KB
1 KB 485ms
56ms Script
application/javascript 104.16.137.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/142972.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.137.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22bc6ebe2d8ed1bd9de1df7de6f77cd1bad96029eebb6d830799f504d7d471cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
age: 5
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:41:33 GMT
date: Wed, 11 Dec 2024 03:40:03 GMT
x-hubspot-correlation-id: ffd84323-a406-4236-8253-fb4144cbd9d6
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Wed, 11 Dec 2024 03:39:58 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8f02737ac996c333-EWR
accept-ranges: bytes
access-control-allow-origin: https://www.varonis.com
content-length: 671
server: cloudflare

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 552ms
74ms Script
application/javascript 104.16.72.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.72.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
age: 2684
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 07:40:03 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/javascript
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-amz-id-2: m5eJk9jh8arLb54x38vlFw5K9s54lhNfMAzW8bR2kyXgbfay0RZwKUnAHpNqR0u1c98+PqaPDWQ=
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=14400
x-amz-request-id: CVF9F7SRWNH38D6W
cf-ray: 8f02737b5de6c32a-EWR
access-control-allow-origin: *
server: cloudflare

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 22 KB
7 KB 151ms
38ms Script
text/javascript 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: 969cf2523f0a3fd10c555584d43d89565a434b725a441bd7ec0592e3b4936cb1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-allow-origin: *
cache-control: max-age=5
content-encoding: gzip
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/javascript

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 57 KB
16 KB 198ms
36ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "4328e910de583ad53b3a7a76455af005+gzip"
accept-ranges: bytes
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15926
date: Wed, 11 Dec 2024 03:40:03 GMT
x-tw-cdn: FT
last-modified: Tue, 29 Oct 2024 01:22:31 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000167-IAD
x-amz-server-side-encryption: AES256

POST
H2 200 collect
www.google.com/ccm/ 0
0 72ms
49ms Ping
text/plain 64.233.180.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&scrsrc=www.googletagmanager.com&frm=0&rnd=266179553.1733888403&auid=1814763189.1733888403&npa=0&gtm=45He4ca0v846391121za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&tft=1733888403177&tfd=1747&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.180.105 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: pe-in-f105.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 426 KB
134 KB 85ms
64ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c&gtm=45He4ca0v846391121za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

c978a74e02a2585a63d883b4c0e13c527c395be59fe32a99ce06f9f073b54926

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 11 Dec 2024 03:40:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 137346
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 246ms
54ms Script
application/javascript 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-205-106-91.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

56df5bf2317bc2156b954c3fd2913afcce23eb4947c47f3ac401017dc4a0151d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66fb91ae-111d7"
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 06:40:03 GMT
accept-ranges: bytes
content-length: 18830
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Tue, 01 Oct 2024 06:07:42 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
4 KB 538ms
66ms Script
application/javascript 23.209.188.7
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.209.188.7 Marietta, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-209-188-7.deploy.static.akamaitechnologies.com

Software

Resource Hash

da6cc3e07157e3847c0cc83a0ed1261245a44880786922222e9e56a8aa9bb92a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=54200
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 3384
date: Wed, 11 Dec 2024 03:40:03 GMT
last-modified: Sun, 08 Dec 2024 10:26:01 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 bat.js Show response
bat.bing.com/ 50 KB
15 KB 468ms
40ms Script
application/javascript 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "028e0691d20db1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 805B128807164ADE84218A1E47D17496 Ref B: PHL30EDGE0207 Ref C: 2024-12-11T03:40:03Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14570
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 22:47:44 GMT
vary: Accept-Encoding

GET cse.js
cse.google.com/ 0
0

GET
H/1.1 200
OK ktxevents.v1.js Show response
trackit.ktxlytics.io/ 98 KB
98 KB 284ms
74ms Script
application/javascript 3.167.69.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://trackit.ktxlytics.io/ktxevents.v1.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.167.69.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-167-69-41.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

ETag: "5350ce54b7969cfe1e9a0314b25964b6"
x-amz-version-id: 8nobErucU.TGbL_HVc3JJOzAiDrdj9pU
Age: 19312
Connection: keep-alive
Via: 1.1 cdc92f37130d0a9615a188e5b74a6fb0.cloudfront.net (CloudFront)
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Content-Length: 99889
X-Amz-Cf-Id: qxBqqiTP5lXU72Zqnbny6lqr5DDwBNGwgqcyS6wh0322eSCT9hufQQ==
Date: Tue, 10 Dec 2024 22:18:12 GMT
Content-Type: application/javascript
Last-Modified: Wed, 23 Oct 2019 19:11:31 GMT
Server: AmazonS3
X-Amz-Cf-Pop: IAD61-P6

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=885482374
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D885482374

43 B
1 KB

92ms
91ms

Image
image/gif

68.67.161.208
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D885482374

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Server

68.67.161.208 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 208.252.80.223; 208.252.80.223; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 7c866c1a-70f0-4482-93c5-7480309d5b84
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Wed, 11 Dec 2024 03:40:03 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, private
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D885482374
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 208.252.80.223; 208.252.80.223; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 16baec48-ff26-4725-b52e-9e2588479739
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Wed, 11 Dec 2024 03:40:03 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H2

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://insight.adsrvr.org/track/pxl/?adv=71679u3&ct=0:ms2x9ot&fmt=3&gtmcb=77183319
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=9bbf2bd1-1700-4e42-b5e2-d5587486524f&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=9bbf2bd1-1700-4e42-b5e2-d5587486524f
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=7411344159084542844&ttd_tdid=9bbf2bd1-1700-4e42-b5e2-d5587486524f
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OWJiZjJiZDEtMTcwMC00ZTQyLWI1ZTItZDU1ODc0ODY1MjRm&gdpr=0&gdpr_consent=&ttd_tdid=9bbf2bd1-1700-4e42-b5e2-d5587...
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=9bbf2bd1-1700-4e42-b5e2-d5587486524f&google_gid=CAESEKrwDYi4WLWRNAcPno9XWx4&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=9bbf2bd1-1700-4e42-b5e2-d5587486524f&expiration=1736480404&gdpr=0&gdpr_consent=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=9bbf2bd1-1700-4e42-b5e2-d5587486524f&expiration=1736480404&gdpr=0&gdpr_consent=&C=1

43 B
335 B

47ms
47ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=9bbf2bd1-1700-4e42-b5e2-d5587486524f&expiration=1736480404&gdpr=0&gdpr_consent=&C=1
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UQPvbNcIIQ5GLdH67OWlXaDh40gR8HCQB2GwAUDA31hdLHAVX%2FPBHz9pwBuW7ovG7nHTg4DBwbCl5Do0dGoTVNOkyX9H2N819QyYo3D2tGmQC4KkRAVdArFTMduLkgJHm0DPn5iUD5yogQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f02737fba5bc34e-EWR
expires: 0
alt-svc: h3=":443"; ma=86400
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: image/gif
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: no-cache
location: /rum?cm_dsp_id=39&external_user_id=9bbf2bd1-1700-4e42-b5e2-d5587486524f&expiration=1736480404&gdpr=0&gdpr_consent=&C=1
cf-cache-status: DYNAMIC
pragma: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2FGMhoVAtGBJejyHaAfi8hfWXneM%2B9Pe2egpRJ867vhyJ9pr6TbQ0JgNQerPKx9SJaVDVswYa52oSLnngmY%2FKltafUiNYQFSI3GDO%2BgJbf9o1UtNXRwbMjJef%2Fn3jX7%2BsJsM50nZ4cXMFg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f02737f29dcc34e-EWR
expires: 0
alt-svc: h3=":443"; ma=86400
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Wed, 11 Dec 2024 03:40:04 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4c30/ Frame 1324 0
0 446ms
48ms Document
text/html 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fwww.varonis.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Wed, 11 Dec 2024 03:40:03 GMT
expires: Thu, 11 Dec 2025 03:40:03 GMT
last-modified: Tue, 03 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1 KB 539ms
136ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: none
x-request-id: 27314e88-c75c-4b0c-b9a3-4f36722173f1
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
Date: Wed, 11 Dec 2024 03:40:04 GMT
x-hubspot-correlation-id: 27314e88-c75c-4b0c-b9a3-4f36722173f1
Content-Type: image/gif
vary: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6w44x
x-envoy-upstream-service-time: 3
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8f02737d1b2a0ca8-EWR
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

POST
H2 202 event Show response
plausible.io/api/ 2 B
493 B 597ms
187ms XHR
text/plain 169.150.236.104
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/api/event
Requested by: Host: plausible.io
URL: https://plausible.io/js/plausible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.236.104 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-236-104.bunnyinfra.net
Software: BunnyCDN-IL1-1206 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: GBACURMS0REVx4wl0LKI
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/plain; charset=utf-8
cdn-cachedat: 12/11/2024 03:40:03
cdn-requestpullcode: 202
cache-control: must-revalidate, max-age=0, private
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cdn-requestid: c9f83254bc70dec7ee20955e1bed8ccb
access-control-allow-credentials: true
cdn-pullzone: 682664
cdn-proxyver: 1.06
application: 127.0.0.1
permissions-policy: interest-cohort=()
access-control-allow-origin: *
content-length: 2
cdn-edgestorageid: 1206
server: BunnyCDN-IL1-1206
cdn-requestcountrycode: US

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 645ms
201ms XHR
text/plain 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=142972

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-request-id: defc4729-2d9a-49c7-9eb6-ac4df8ae2ca6
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods: GET
x-content-type-options: no-sniff
x-evy-trace-listener: listener_https
date: Wed, 11 Dec 2024 03:40:03 GMT
x-hubspot-correlation-id: defc4729-2d9a-49c7-9eb6-ac4df8ae2ca6
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8f02737b5cefc336&resource=unknown"
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-hfrjc
x-envoy-upstream-service-time: 4
access-control-allow-credentials: true
cf-ray: 8f02737b5cefc336-EWR
access-control-allow-origin: https://www.varonis.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 248 KB
75 KB 462ms
55ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=f08c74db763d29cc55b1f7ddfc5a56d3

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

0b58b2a2f7814661294fab81e52d354caa6039798c07c8f8032a6290fa613a16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.varonis.com
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-md5: OImN4kGccOgiJrPlerjtTQ==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "041a0055e5c130c2092f59ae7b5dc1ad"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 03:25:16 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: 5bb9ebaa856be56a0d3de5b1c9ddd1ad
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=12, mss=1392, tbw=2969, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: WTfOBHXMjFsx9LQQbR+AuLdKXKspaXvrboQOTm2g+f6RbKFgbs/sPgvFasxhDPyiYZsiIaGjqtpnjlZhVj8mrQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 75161
origin-agent-cluster: ?1

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1 KB 526ms
137ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: none
x-request-id: ebdade40-68c3-49c5-9ce8-64d291234a9c
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
Date: Wed, 11 Dec 2024 03:40:04 GMT
x-hubspot-correlation-id: ebdade40-68c3-49c5-9ce8-64d291234a9c
Content-Type: image/gif
vary: origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6xdg5
x-envoy-upstream-service-time: 3
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8f02737d68550cc8-EWR
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1004 B 94ms
93ms Fetch
application/json 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=142972&currentUrl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&contentId=53575261302

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: dcc51751-4e60-455f-87a8-54bedbdaa227
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOX4eCzfUvafRdEjDLwOKPj8bp9sPQmisHtRvyCuoqoNdbdx3JKkQTHoRVtQ%2FYsGy8VcHMVUv%2FpITan6LlEXQ4eC1OGdnEwQMNo8WSQZjToe0fGG8xlXQ6BgmvsXXgjwgrpG7tcVOJFU1HJNEcs%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Wed, 11 Dec 2024 03:40:03 GMT
x-hubspot-correlation-id: dcc51751-4e60-455f-87a8-54bedbdaa227
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-zpgzg
x-envoy-upstream-service-time: 43
access-control-allow-credentials: true
cf-ray: 8f0273792c830cc6-EWR
access-control-allow-origin: https://www.varonis.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 517ms
85ms Preflight
application/octet-stream 172.64.147.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8f02737bfd49424f-EWR
content-length: 0
content-type: application/octet-stream
date: Wed, 11 Dec 2024 03:40:03 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-ng79d
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: da267517-52e8-4b62-adba-3f72b57797fd
x-request-id: da267517-52e8-4b62-adba-3f72b57797fd

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
923 B 533ms
97ms Stylesheet
text/css 142.251.179.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/142972/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.95 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f95.1e100.net

Software

ESF /

Resource Hash

ce1eade43de61291fb7e1708bdbe373f955aa88e54e9c894fa6ab1ed455ab1b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Wed, 11 Dec 2024 03:07:10 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 113ms
111ms Fetch 172.64.147.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/142972/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-max-age: 604800
x-request-id: c226cf58-a9d6-4484-b93b-41e932395cfe
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_http, listener_https
date: Wed, 11 Dec 2024 03:40:04 GMT
x-hubspot-correlation-id: c226cf58-a9d6-4484-b93b-41e932395cfe
vary: origin
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-5f9df65f7b-66bxb, iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-nm6jr
timing-allow-origin: *
x-envoy-upstream-service-time: 26
access-control-allow-credentials: true
cf-ray: 8f02737c7db9424f-EWR
access-control-allow-origin: https://www.varonis.com
x-evy-trace-route-configuration: listener_http/all, listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all, all

GET
H2 200 179650485736885 Show response
connect.facebook.net/signals/config/ 78 KB
16 KB 29ms
27ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/179650485736885?v=2.9.178&r=stable&domain=www.varonis.com&hme=28abfdc7e582ae2a8fdd6ac5ebb406923cf601dc2ee488049b0628e75e0f6b36&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

c1e927ffdac60bd1236a8a0863746f0a18d451a43e1b53f2eb4c6a66669819af

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-IFVBfJdU' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-IFVBfJdU' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=11, rtx=0, c=59, mss=1392, tbw=70053, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: 0jCFJvWaTW0i2oEZEIn0XK9yO3BApVbKOizkjZCV1ODk+QjVUouoN9MXL36L0R8bQ5mZk69e05lrlh4Fn+Ydmw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 15944
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/ 4 KB
3 KB 507ms
83ms Script
text/javascript 173.194.175.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/?random=1733888403445&cv=11&fst=1733888403445&bg=ffffff&guid=ON&async=1&gtm=45be4ca0v881037725z8846391121za201zb846391121&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&hn=www.googleadservices.com&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&npa=0&pscdl=noapi&auid=1814763189.1733888403&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1015553108&l=dataLayer&cx=c&gtm=45He4ca0v846391121za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.175.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f157.1e100.net

Software

cafe /

Resource Hash

1e66d06f85362fb880602f4eda3d9b726aec4d7308f04bbe37c375475036cc00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2273
date: Wed, 11 Dec 2024 03:40:04 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 1015553108
td.doubleclick.net/td/rul/ Frame F756 0
0 491ms
93ms Document
text/html 64.233.180.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/1015553108?random=1733888403445&cv=11&fst=1733888403445&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ca0v881037725z8846391121za201zb846391121&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&hn=www.googleadservices.com&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&npa=0&pscdl=noapi&auid=1814763189.1733888403&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1015553108&l=dataLayer&cx=c&gtm=45He4ca0v846391121za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 551
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 11 Dec 2024 03:40:03 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 86ms
51ms Fetch
text/plain 142.251.163.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-PCF2HBX32M&gtm=45je4ca0v9102029281z8846391121za200zb846391121&_p=1733888401888&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&cid=1147256297.1733888404&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1733888403&sct=1&seg=0&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2119
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c&gtm=45He4ca0v846391121za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.163.113 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: wv-in-f113.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.varonis.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 ipv
cdn.bizible.com/ 43 B
305 B 29ms
26ms Image
image/gif 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=13102d2ce326438a937586425907fd38&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&_biz_t=1733888403587&_biz_i=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&_biz_n=0&rnd=278849&cdn_o=a&_biz_z=1733888403591

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nyd/D164) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 368679
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: Image/GIF
last-modified: Fri, 06 Dec 2024 21:15:24 GMT
server: ECS (nyd/D164)

GET
H2 200 u
cdn.bizibly.com/ 43 B
169 B 90ms
44ms Image
image/gif 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.bizibly.com/u?_biz_u=13102d2ce326438a937586425907fd38&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&_biz_t=1733888403596&_biz_i=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&rnd=893151&cdn_o=a&_biz_z=1733888403596

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nyd/D12D) /

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: no-cache, no-store
pragma: no-cache
age: 368679
expires: -1
accept-ranges: bytes
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 43
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: Image/GIF
last-modified: Fri, 06 Dec 2024 21:15:24 GMT
server: ECS (nyd/D12D)

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 28ms
26ms Stylesheet
text/css 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: 30c5ae11539641f6209aab75acbb66058934efcbc76f820a2eca6b49ba839b77

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 167ms
41ms Fetch
image/jpeg 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: image/jpeg

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
0 171ms
171ms Fetch
image/jpeg 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: image/jpeg

GET
H2 200 widget Show response
www.varonis.com/_hcms/livechat/ 290 B
1 KB 160ms
158ms XHR
application/json 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_hcms/livechat/widget?portalId=142972&conversations-embed=static-1.19211&mobile=false&messagesUtk=e482cc2d8d804edaa468291a54a4eec8&traceId=e482cc2d8d804edaa468291a54a4eec8

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cca2bf9b0e9f7de5afcf4282c87d26301ed0ebca7cbd30feedb0a4da3108b153

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
X-HubSpot-Messages-Uri: https://www.varonis.com/blog/investigate-ntlm-brute-force
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3oPrpOK3yA351gB2nPzZN%2BrvNuLUIiGwErvNbyA%2FTovzwEr6viQfdafDXIfa3CDc9f2o%2FOZfPYYeghs%2FflVqA8eQ9GF%2BSe%2B8TBXU%2Bku%2FSOzgNMJVJuh1jonhcvxqFWrOvA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 03:40:03 GMT
x-hubspot-correlation-id: 3f48aca9-8f3f-4e96-916e-82ebbae24df2
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196808 PNNy RT(1733888400786 2147) q(0 0 0 -1) r(1 1) U24
content-security-policy: upgrade-insecure-requests
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
access-control-allow-credentials: false
cf-ray: 8f02737b2a3be646-IAD
server: cloudflare

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 514ms
74ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=179650485736885&ev=PageView&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&rl=&if=false&ts=1733888403637&sw=1600&sh=1200&v=2.9.178&r=stable&ec=0&o=4126&fbp=fb.1.1733888403631.2763391793687234&cs_est=true&ler=empty&cdl=API_unavailable&it=1733888403426&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=2996, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 530ms
122ms Image
image/png 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=179650485736885&ev=PageView&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&rl=&if=false&ts=1733888403637&sw=1600&sh=1200&v=2.9.178&r=stable&ec=0&o=4126&fbp=fb.1.1733888403631.2763391793687234&cs_est=true&ler=empty&cdl=API_unavailable&it=1733888403426&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=FGET

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7446993990508292283"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: QuJhOJKH8yzp/CbspetLnQM/gRPeYNwfaNKMhPZ5tX+0nj7eO7KvTnj8KhveYAuzgl5AoViskT3Pzu8/Svv0UQ==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7446993990508292283", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=3313, tp=-1, tpl=-1, uplat=78, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 adsct
t.co/1/i/ 43 B
626 B 246ms
129ms Image
image/gif 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2648%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=d94c721c-4917-4679-a4ff-8bb2edb32c2a&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8c9c62b9-9ac2-42de-8b93-778cad3c3d40&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.31

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=0
x-transaction-id: 0b0f5f16ab61ebea
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 48c24bdb8806c01a954f11f2c8e903f2289ea6a6860dad731888028e3342a1a4
cf-cache-status: DYNAMIC
cf-ray: 8f02737c7a325e7d-EWR
x-response-time: 6
content-length: 43
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_b

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
721 B 276ms
113ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2648%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=d94c721c-4917-4679-a4ff-8bb2edb32c2a&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=8c9c62b9-9ac2-42de-8b93-778cad3c3d40&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.31

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: ea2eea397759eae8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 029e0680960f5aaf6cc3cb6701beb2d8b9791ff6187561235c5fa6c1ba09ce9c
x-response-time: 5
content-length: 43
date: Wed, 11 Dec 2024 03:40:03 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_b

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 86ms
38ms XHR
text/html 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-205-106-91.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.varonis.com
content-length: 7
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
282 B 540ms
73ms XHR
text/html 23.205.106.73
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-205-106-73.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: null
expires: Wed, 11 Dec 2024 03:40:04 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1733888404129_400219739_1211777543_20_845_13_49_219";dur=1
access-control-allow-origin: https://www.varonis.com
content-length: 4
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: text/html
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 119ms
54ms Image
image/gif 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=b273a8e1-b0f1-4b13-8c37-f59827c6d830&session=c9722196-3af4-4c42-84a0-1e5a09c848c2&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A03%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=37825ad7-53a6-4709-8cf9-1a741aa7512e&v=1.1.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-205-106-91.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:03 GMT
accept-ranges: bytes
content-length: 43
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 49ms
44ms Image
image/gif 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=b273a8e1-b0f1-4b13-8c37-f59827c6d830&session=c9722196-3af4-4c42-84a0-1e5a09c848c2&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2011%20Dec%202024%2003%3A40%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2208f833d2e9af1f124e201163df927e7c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2011%20Dec%202024%2003%3A40%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2011%20Dec%202024%2003%3A40%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c1b0175dc2b2ae319cf32b1dec3db9836bdaea3e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2011%20Dec%202024%2003%3A40%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2011%20Dec%202024%2003%3A40%3A03%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=37825ad7-53a6-4709-8cf9-1a741aa7512e&v=1.1.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-205-106-91.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:03 GMT
accept-ranges: bytes
content-length: 43
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 526ms
122ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: none
x-request-id: c929e772-c33e-4a86-a4a7-383b95d1e526
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
Date: Wed, 11 Dec 2024 03:40:04 GMT
x-hubspot-correlation-id: c929e772-c33e-4a86-a4a7-383b95d1e526
Content-Type: image/gif
vary: origin, Accept-Encoding
Last-Modified: Wed, 11 Dec 2024 03:40:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6xdg5
x-envoy-upstream-service-time: 2
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8f02737fea61c351-EWR
Accept-Ranges: bytes
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 111 B
323 B 76ms
76ms Script
text/javascript 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.bizible.com/xdc.js?_biz_u=13102d2ce326438a937586425907fd38&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.11.21

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.2.76 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nyd/D132) /

Resource Hash

99c8bfc5bda59b48e8d654069b8b8bd6ddf015a2a6dcb2c1f2df327c5536185d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSub

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSub
cache-control: private, must-revalidate, max-age=21600
content-encoding: gzip
etag: 19A44C4C
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-length: 216
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: ECS (nyd/D132)

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_4ofecxl5/ 3 B
124 B 171ms
46ms XHR
application/json 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_4ofecxl5/config
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/json

GET
H2 200 t2_4ofecxl5_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 459ms
66ms XHR
application/json 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_4ofecxl5_telemetry
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 195ms
47ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1733888403703&id=t2_4ofecxl5&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=56be240a-1a52-4ec8-882f-4448a9b4565a&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: image/gif
server: Varnish

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
995 B 48ms
47ms Script
text/javascript 142.251.163.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.113 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f113.1e100.net

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: br
age: 3063
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:49:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 02:49:00 GMT
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 697
x-xss-protection: 0
server: sffe

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
319 B 40ms
39ms XHR
text/plain 142.251.163.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1499115216&t=pageview&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&ul=en-us&de=UTF-8&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAEAjAAAAACAAI~&jid=1025145191&gjid=713267328&cid=1147256297.1733888404&tid=UA-2019109-1&_gid=1710491284.1733888404&_r=1&_slc=1&gtm=45He4ca0n81KMGCX7Vv846391121za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&z=51464316

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.113 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

97feffad5791718e6f06b1089a57470654912f51d4858deafb06f808425f70fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:03 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.varonis.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 15
server: Golfe2

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
310 B 36ms
26ms XHR
text/plain 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=_9vH_OIoGoaDi4-zdBz9Vg&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&tip=bpTTvLo08ZiHLLlpSoHP9sPU1WgmKgPkLxUW8k42goA&host=https%3A%2F%2Fwww.varonis.com&sa_conv_data_css_value=%270-22489312-4f5d-5a8b-704b-39214eaa5c1c%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9224893124f5d5a8b704b39214eaa5c1cd0fc50df&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIKvR_lQcImTBfbNgx4bYiKkop7dAinKURvXMj3c2sGQmEAEYAyCTk-S6BjABOgTFt2_2QgS884V4.i71JBtNuYdSxfiwg7P2fpZU1d0wCE24gjQBk%252Fa2ZQPw&sa-user-id-v2=s%253AIkiTEk9dWotwSzkhTqpcHND8UN8.OXzlTGw8y0li8jzlJ3a5eU39OvXNUOM8UGqAayab8JI&sa-user-id=s%253A0-22489312-4f5d-5a8b-704b-39214eaa5c1c.GiMT9ASZjn5OygZX1AIShBy1JhKZgg%252FoBmxsdxCBZk8
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: 8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-allow-methods: GET
access-control-allow-origin: https://www.varonis.com
content-length: 116
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/plain; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: *

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
356 B 199ms
43ms XHR
application/json 52.44.3.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMTQ3NX0.iI-HhwOQ2R9nR36t6D2kwo7l09ByrLMU2A7_XHc4Ar0

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.44.3.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-44-3-114.compute-1.amazonaws.com

Software

Resource Hash

e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: eed6ff51a11de52dd10ad3d21fe8ccda
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://www.varonis.com
content-length: 41
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/json; charset=utf-8

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
332 B 38ms
34ms XHR
text/plain 34.196.12.18
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=7DZRzfkZdpma72wkdfbzjA&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&tip=bpTTvLo08ZiHLLlpSoHP9sPU1WgmKgPkLxUW8k42goA&host=https%3A%2F%2Fwww.varonis.com&sa_conv_data_css_value=&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9224893124f5d5a8b704b39214eaa5c1cd0fc50df&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIKvR_lQcImTBfbNgx4bYiKkop7dAinKURvXMj3c2sGQmEAEYAyCTk-S6BjABOgTFt2_2QgS884V4.i71JBtNuYdSxfiwg7P2fpZU1d0wCE24gjQBk%252Fa2ZQPw&sa-user-id-v2=s%253AIkiTEk9dWotwSzkhTqpcHND8UN8.OXzlTGw8y0li8jzlJ3a5eU39OvXNUOM8UGqAayab8JI&sa-user-id=s%253A0-22489312-4f5d-5a8b-704b-39214eaa5c1c.GiMT9ASZjn5OygZX1AIShBy1JhKZgg%252FoBmxsdxCBZk8
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.12.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-12-18.compute-1.amazonaws.com
Software: /
Resource Hash: 4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

access-control-allow-methods: GET
access-control-allow-origin: https://www.varonis.com
content-length: 138
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: text/plain; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: *

OPTIONS
H2 200 tp2
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ Frame 0
0 169ms
38ms Preflight 34.234.42.249
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.234.42.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-234-42-249.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.varonis.com
access-control-max-age: 600
content-length: 0
date: Wed, 11 Dec 2024 03:40:03 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 tp2 Show response
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ 2 B
306 B 170ms
57ms XHR
text/plain 34.234.42.249
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.234.42.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-234-42-249.compute-1.amazonaws.com

Software

nginx /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json; charset=UTF-8
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: https://www.varonis.com
content-length: 2
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: text/plain
server: nginx
access-control-allow-credentials: true

GET
H2

200

v1
c2.ktxlytics.io/com.snowplowanalytics.iglu/
Redirect Chain

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=7411344159084542844
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu%3Aio.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=7411344159084542844&n3pc=true

43 B
368 B

60ms
59ms

Image
image/gif

34.234.42.249
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu%3Aio.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=7411344159084542844&n3pc=true

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Server

34.234.42.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-234-42-249.compute-1.amazonaws.com

Software

nginx /

Resource Hash

46d11334d5de0f7347f38cc87fe4f65d9bfbae29d2fd722ce5952c238a46f077

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 43
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: image/gif
server: nginx

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate
location: /com.snowplowanalytics.iglu/v1?schema=iglu%3Aio.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=7411344159084542844&n3pc=true
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Wed, 11 Dec 2024 03:40:04 GMT
server: nginx

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 397 KB
126 KB 60ms
59ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a6fe517c40295b7e3fae7207e1db47f15715f4f800d86d968f615f35ffc52bcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 11 Dec 2024 03:40:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 129167
x-xss-protection: 0
server: Google Tag Manager

GET details
eps.6sc.co/v3/company/ 0
0

OPTIONS
H2 202 details
eps.6sc.co/v3/company/ Frame 0
0 158ms
45ms Preflight
text/html 99.83.231.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eps.6sc.co/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.231.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: awselb/2.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-methods: OPTIONS,GET,POST
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-store, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 11 Dec 2024 03:40:03 GMT
server: awselb/2.0
x-amzn-waf-action: challenge

GET
H2 200 148008183.js Show response
bat.bing.com/p/action/ 364 B
411 B 35ms
34ms Script
application/javascript 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/148008183.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

cce2184ec089babc70ded47b8474c543f6a5ff013e4bfd9dbae8689489bb13ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 83EAB3BD25F042B4A813DC950329370B Ref B: PHL30EDGE0207 Ref C: 2024-12-11T03:40:03Z
x-cache: CONFIG_NOCACHE
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

POST
H2 204 collect
analytics.google.com/g/ 0
0 498ms
91ms Fetch
text/plain 216.239.34.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-36XYNTY1LS&gtm=45je4ca0v9139046520za200&_p=1733888401888&_gaz=1&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&ul=en-us&sr=1600x1200&cid=1147256297.1733888404&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&dt=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&sid=1733888403&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2566
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.varonis.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
554 B 471ms
80ms Ping
text/plain 172.253.63.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-36XYNTY1LS&cid=1147256297.1733888404&gtm=45je4ca0v9139046520za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.63.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bi-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.varonis.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 1B36 0
0 50ms
44ms Document
text/html 64.233.180.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-36XYNTY1LS&gacid=1147256297.1733888404&gtm=45je4ca0v9139046520za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=899304020

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 11 Dec 2024 03:40:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
465 B 38ms
36ms XHR
application/json 52.44.3.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.44.3.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-44-3-114.compute-1.amazonaws.com

Software

Resource Hash

05068ab2af88eb452b3ab5c7d7389df91a55fed0792466d1e645b952dc251ab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: adb64a1fcf51f8724fe8cc98184a366a
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://www.varonis.com
content-length: 48
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: application/json; charset=utf-8

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 41ms
40ms Script
application/javascript 23.209.188.7
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.209.188.7 Marietta, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-209-188-7.deploy.static.akamaitechnologies.com

Software

Resource Hash

e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=74282
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14634
date: Wed, 11 Dec 2024 03:40:04 GMT
last-modified: Mon, 02 Dec 2024 19:22:52 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 204 0
bat.bing.com/action/ 0
360 B 37ms
34ms Image
text/plain 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=148008183&tm=gtm002&Ver=2&mid=d19e8c4c-c2bb-4235-a7c8-631f57989e34&bo=1&sid=9b8eb940b77111efab9a0fd6bce9151f&vid=9b8ee130b77111ef8e7903f1d417aefc&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&p=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&r=&lt=1825&evt=pageLoad&sv=1&cdb=AQAQ&rn=318461

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5C77162C8BFA4C929919ED6461E7A098 Ref B: PHL30EDGE0207 Ref C: 2024-12-11T03:40:04Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Wed, 11 Dec 2024 03:40:04 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1015553108/ 42 B
278 B 43ms
43ms Image
image/gif 64.233.180.105
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1015553108/?random=1733888403445&cv=11&fst=1733886000000&bg=ffffff&guid=ON&async=1&gtm=45be4ca0v881037725z8846391121za201zb846391121&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&hn=www.googleadservices.com&frm=0&tiba=How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks&npa=0&pscdl=noapi&auid=1814763189.1733888403&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dvQ9zPLqGgjxy-RHz_EyaFcOHBHBr8A&random=352809240&rmt_tld=0&ipr=y

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f105.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 11 Dec 2024 03:40:04 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
567 B 654ms
73ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: DB0EB5A24AAE488D9CC74927BED581EA Ref B: PHL30EDGE0116 Ref C: 2024-12-11T03:40:04Z
x-li-fabric: prod-lva1
access-control-allow-credentials: true
x-li-uuid: AAYo9lpyFDTon4W+RWvmsw==
x-li-proto: http/2
access-control-allow-origin: https://www.varonis.com
x-cache: CONFIG_NOCACHE
date: Wed, 11 Dec 2024 03:40:04 GMT
vary: Origin

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
761 B 668ms
115ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4766249%2C23300&time=1733888404184&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 000628f65a72a56338622f7af194f42e
x-msedge-ref: Ref A: B27D9AE0CFFA42D48C99BF9AD7259F69 Ref B: PHL30EDGE0217 Ref C: 2024-12-11T03:40:04Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYo9lpypWM4Yi968ZT0Lg==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Wed, 11 Dec 2024 03:40:03 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404184&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404184&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1733888404184%26li_adsId%3Dbf34d4c8-6096-4bfc-9850-78f...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404184&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute...

0
383 B

106ms
106ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404184&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 66717A84569E4B8BB9CA307F6CC7E1F0 Ref B: PHL30EDGE0116 Ref C: 2024-12-11T03:40:05Z
x-li-fabric: prod-lor1
x-li-uuid: AAYo9lp41wbof3uay4yzog==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-fabric: prod-lor1
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
date: Wed, 11 Dec 2024 03:40:04 GMT
x-frame-options: sameorigin
strict-transport-security: max-age=31536000
x-li-pop: afd-prod-lor1-x
content-security-policy: frame-ancestors 'self'
cache-control: no-cache, no-store
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404184&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
pragma: no-cache
x-msedge-ref: Ref A: 6A53134E6BFC48C6B6BB649263A24299 Ref B: PHL30EDGE0116 Ref C: 2024-12-11T03:40:05Z
x-li-uuid: AAYo9lp3C1NJbfnwQNbDag==
content-length: 0

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
531 B 695ms
142ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4766249%2C23300&time=1733888404186&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-li-pop: afd-prod-ltx1-x
content-encoding: gzip
x-fs-uuid: 000628f65a7262a86e69dd2408d1448f
x-msedge-ref: Ref A: 84D4EAE273D24D538F287277AED05C75 Ref B: PHL30EDGE0217 Ref C: 2024-12-11T03:40:04Z
x-li-fabric: prod-lva1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYo9lpyYqhuad0kCNFEjw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
x-li-source-fabric: prod-ltx1
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404186&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404186&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4766249%252C23300%26time%3D1733888404186%26li_adsId%3Dbf34d4c8-6096-4bfc-9850-78f...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404186&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute...

0
146 B

133ms
133ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404186&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 07D5C1BBE2924761BB9186EB7AB0E7AA Ref B: PHL30EDGE0116 Ref C: 2024-12-11T03:40:05Z
x-li-fabric: prod-lor1
x-li-uuid: AAYo9lp5O/Xy4y3JcZDrDg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-fabric: prod-lor1
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
date: Wed, 11 Dec 2024 03:40:04 GMT
x-frame-options: sameorigin
strict-transport-security: max-age=31536000
x-li-pop: afd-prod-lor1-x
content-security-policy: frame-ancestors 'self'
cache-control: no-cache, no-store
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4766249%2C23300&time=1733888404186&li_adsId=bf34d4c8-6096-4bfc-9850-78f928fb025a&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&tm=gtmv2&cookiesTest=true&liSync=true
pragma: no-cache
x-msedge-ref: Ref A: 779D9272E7AB4A3A82BB9FC35C9B5BFC Ref B: PHL30EDGE0116 Ref C: 2024-12-11T03:40:05Z
x-li-uuid: AAYo9lp3GjQXGU8nwPEVyA==
content-length: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 47ms
46ms Image
image/gif 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=b273a8e1-b0f1-4b13-8c37-f59827c6d830&session=c9722196-3af4-4c42-84a0-1e5a09c848c2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A04%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A03%20GMT%22%2C%22timeSpent%22%3A%221025%22%2C%22totalTimeSpent%22%3A%221025%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=37825ad7-53a6-4709-8cf9-1a741aa7512e&v=1.1.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-205-106-91.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:04 GMT
accept-ranges: bytes
content-length: 43
date: Wed, 11 Dec 2024 03:40:04 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 194ms
46ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/investigate-ntlm-brute-force
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
etag: W/"b2877da906a3216c4f3fc4030b205e54"
age: 73462
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: C-tmV9TG_e3FBKOWestBUhkAyT9jNvLOn11S0F02xjycWnuq7GKtow==
date: Wed, 11 Dec 2024 03:40:05 GMT
content-type: application/javascript
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
vary: Accept-Encoding
priority: u=3,i=?0
server-timing: cfExtPri
via: 1.1 91b2b204b1d28fa4ef9ff2294e4c25c4.cloudfront.net (CloudFront)
cf-ray: 8f0273863bcac33f-EWR
x-amz-cf-pop: JFK52-P8
server: cloudflare

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
600 B 76ms
74ms Image
image/gif 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=142972&pi=53575261302&ct=blog-post&ccu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&cpi=53575261302&cgi=740355147&lpi=53575261302&lvi=53575261302&lvc=en&pu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How+to+Investigate+NTLM+Brute+Force+Attacks&cts=1733888405316&rv=1&vi=f3981b5850354edc4303fe73b7d2f930&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: none
x-request-id: 64d6b587-31c7-4afe-baa1-7daec99e4936
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SRYx4Ppxluk6m%2B9sQI9znyoulPnf4j%2B6TJya0K31fZFk6MI%2BHxwhnpRRmrV42zt6mh2QcGLQk06Ndscu1Y7eRWd9j%2FYosAAHXHS%2FblCGAoOuwR1II2pFrXZCbNp%2B8Hquc1IM"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 11 Dec 2024 03:40:05 GMT
x-hubspot-correlation-id: 64d6b587-31c7-4afe-baa1-7daec99e4936
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-gl5zl
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8f0273855f43c336-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
382 B 78ms
77ms Image
image/gif 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=40a8f297-80c2-4c34-9572-8648458abed5&fci=408e80e4-1ae2-45ac-b612-7bd3d82d7d0c&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=142972&pi=53575261302&ct=blog-post&ccu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&cpi=53575261302&cgi=740355147&lpi=53575261302&lvi=53575261302&lvc=en&pu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&t=How+to+Investigate+NTLM+Brute+Force+Attacks&cts=1733888405317&rv=1&vi=f3981b5850354edc4303fe73b7d2f930&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: none
x-request-id: a597b69d-895d-409e-aa71-ca80ba837778
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c4vkVhGx22aU6qSdNnzo%2FbP8%2BLlf5ZWnY9uALYyC%2FogQyT2Atujjv4HDxdODSyMhegXkLNQyp0i3vwEzipL7bPa1rPj5kLXM53ZoLCNe65Nz2dvL7pBGee%2BV0LF94HLsiITE"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 11 Dec 2024 03:40:05 GMT
x-hubspot-correlation-id: a597b69d-895d-409e-aa71-ca80ba837778
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-gl5zl
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8f0273856f58c336-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 Varonis_favicon.ico
www.varonis.com/hubfs/ 15 KB
4 KB 203ms
202ms Other
image/vnd.microsoft.icon 45.60.150.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hubfs/Varonis_favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.150.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

059646f554b3aa53d12c8e66076376021110bccec124e327cace0ad01a5db91b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"091705048464faabe3d5db909ce8d26e"
age: 621330
cache-tag: F-156423830443,P-142972,FLS-ALL
x-amz-version-id: jR8diK6VFAkFw0TIRp9YR0GebjSsmvT6
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7C9pVE4wSnerysIqx4nhIIO%2FH654ivO50A78srK6F5B0nitdnCWQ7IlK7R6kYOLDoh%2FwU0VlUOW%2FLokPOhHOp%2B2Q4Xslf9OtpV8Hz5XfO4SUq1Z62KADjce6y9N97n0UXA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: iKg7nlDv52rgEiH9sNx8UaLzC0NPaSMZ-ff_McZwvqw24N9OvYouPg==
content-type: image/vnd.microsoft.icon
last-modified: Sun, 11 Feb 2024 03:47:17 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156423830443,P-142972,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-cdn: Imperva
x-amz-request-id: SFZSD96KXZB16WBN
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-156423830443,P-142972,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 11 Dec 2024 03:40:05 GMT
vary: Accept-Encoding
x-amz-id-2: pyTZiAcbxh+8MgDQJoh+vSxrmWho9593mVDnKiKJlzs+xszRpjA996Cn+yNdb9VLRiF0/Zr4X2I=
strict-transport-security: max-age=31536000
x-iinfo: 12-201196778-201196808 PNNy RT(1733888400786 4018) q(0 0 0 -1) r(0 0) U24
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-ray: 8f027386cc0ae646-IAD
access-control-allow-origin: *
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1707623236568

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
576 B 163ms
163ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a52e72fd4ec08259d61f02cdfd6b0cbd9c234797c0166a8194cd1e08307ea7f4

Request headers

Authorization: Bearer f17f1ae9341679920418
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"92-cdGwNB+uBcsAwJwtbSRIxrtnXgo"
apigw-requestid: Cm5vdizFPHcEPag=
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: Jsmp9Vo-qyrRBcKYDf0QqFNwytVjeS11_jHIXWZoFBJ9zYtrIwKjeg==
date: Wed, 11 Dec 2024 03:40:05 GMT
content-type: application/json; charset=utf-8
vary: Origin
priority: u=1,i
server-timing: cfExtPri
via: 1.1 645b3b9307ff6780fc1a76b712bc5728.cloudfront.net (CloudFront)
cf-ray: 8f027387d9f26a50-EWR
access-control-allow-origin: https://www.varonis.com
x-amz-cf-pop: JFK52-P8
x-powered-by: Express
server: cloudflare

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 209ms
144ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://www.varonis.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: Cm5vcgKEvHcEP9A=
cf-cache-status: DYNAMIC
cf-ray: 8f027386e9046a50-EWR
date: Wed, 11 Dec 2024 03:40:05 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
vary: Origin
via: 1.1 663d1f2ecede39322c8a8836b25e1bcc.cloudfront.net (CloudFront)
x-amz-cf-id: QFN77r3bea2my_GymHNgasjXHoLIgDlgRtU52014rBdmFnkTZT-O5A==
x-amz-cf-pop: JFK52-P8
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 54ms
54ms Image
image/gif 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=b273a8e1-b0f1-4b13-8c37-f59827c6d830&session=c9722196-3af4-4c42-84a0-1e5a09c848c2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A04%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222025%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=37825ad7-53a6-4709-8cf9-1a741aa7512e&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-205-106-91.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:05 GMT
accept-ranges: bytes
content-length: 43
date: Wed, 11 Dec 2024 03:40:05 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 / Show response
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ 3 KB
2 KB 814ms
134ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9dbd7e5acae354dee4f1d93bc15c0884e61d76e6ffbf1c486649428dd679069e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: eb2f405f68af09ce219d1733888405
_vtok: MjA4LjI1Mi44MC4yMjM=
visited-url: https://www.varonis.com/blog/investigate-ntlm-brute-force
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8f027392ba98c32c-EWR
access-control-allow-origin: https://www.varonis.com
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 03:40:07 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ Frame 0
0 891ms
93ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.varonis.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8f02738ded14f3bb-EWR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 11 Dec 2024 03:40:06 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 30ms
29ms Image
image/gif 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=b273a8e1-b0f1-4b13-8c37-f59827c6d830&session=c9722196-3af4-4c42-84a0-1e5a09c848c2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A05%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223026%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=37825ad7-53a6-4709-8cf9-1a741aa7512e&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-205-106-91.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:06 GMT
accept-ranges: bytes
content-length: 43
date: Wed, 11 Dec 2024 03:40:06 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
BLOB 200
OK c1215939-16f0-45d8-98f0-e81d2cbb1597 Show response
https://www.varonis.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.varonis.com/c1215939-16f0-45d8-98f0-e81d2cbb1597
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9dbd7e5acae354dee4f1d93bc15c0884e61d76e6ffbf1c486649428dd679069e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 3453

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 50ms
49ms Image
image/gif 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=b273a8e1-b0f1-4b13-8c37-f59827c6d830&session=c9722196-3af4-4c42-84a0-1e5a09c848c2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A06%20GMT%22%2C%22timeSpent%22%3A%221063%22%2C%22totalTimeSpent%22%3A%224089%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=37825ad7-53a6-4709-8cf9-1a741aa7512e&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-205-106-91.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:07 GMT
accept-ranges: bytes
content-length: 43
date: Wed, 11 Dec 2024 03:40:07 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 79ms
79ms Image
image/gif 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=b273a8e1-b0f1-4b13-8c37-f59827c6d830&session=c9722196-3af4-4c42-84a0-1e5a09c848c2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A07%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225089%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=37825ad7-53a6-4709-8cf9-1a741aa7512e&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-205-106-91.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:08 GMT
accept-ranges: bytes
content-length: 43
date: Wed, 11 Dec 2024 03:40:08 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 29ms
29ms Image
image/gif 23.205.106.91
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=b273a8e1-b0f1-4b13-8c37-f59827c6d830&session=c9722196-3af4-4c42-84a0-1e5a09c848c2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A09%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2011%20Dec%202024%2003%3A40%3A08%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226090%22%7D&isIframe=false&m=%7B%22description%22%3A%22This%20post%20explains%20the%20process%20the%20Varonis%20IR%20team%20follows%20to%20investigate%20NTLM%20Brute%20Force%20attacks%2C%20which%20are%20common%20incidents%20reported%20by%20customers.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22How%20to%20Investigate%20NTLM%20Brute%20Force%20Attacks%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Finvestigate-ntlm-brute-force&pageViewId=37825ad7-53a6-4709-8cf9-1a741aa7512e&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.91 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-205-106-91.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.varonis.com/blog/investigate-ntlm-brute-force

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f02dad-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 03:40:09 GMT
accept-ranges: bytes
content-length: 43
date: Wed, 11 Dec 2024 03:40:09 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cse.google.com
URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq

Domain: eps.6sc.co
URL: https://eps.6sc.co/v3/company/details

Verdicts & Comments Add Verdict or Comment

120 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

76 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.varonis.com/	1970-01-21 01:38:10	Name: __cf_bm Value: lmijkeywiQIyrUJzqwNUxi1o.nXRNXb4JdJ0sh_0Wp8-1733888401-1.0.1.1-REACbtqv0Pf2CaouWeAhZcPtlF8wK9GNtIZqeDXqw1yT4vjxa3Wgp8U4ISjay41vs3owYk2ESUL.NU05Zw1nvg
.www.varonis.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Y5xZ839sT6xhSRpY22q7daZTni.O4ujPFQBijoSruds-1733888401686-0.0.1.1-604800000
.varonis.com/	1970-01-21 10:22:31	Name: visid_incap_2074238 Value: 7/qhHCw9TOiPDo8XTvnsx5AJWWcAAAAAQUIPAAAAAABr5YlCL2mPBddDFxcH6nDZ
.varonis.com/	1969-12-31 23:59:59	Name: nlbi_2074238 Value: 0S2PfZLMAEVZbgaXV8um7wAAAADaM4SzznbfmFXPFIfksKF1
.varonis.com/	1969-12-31 23:59:59	Name: incap_ses_1349_2074238 Value: vk+xJEUi0BHj9Fvxj5y4EpAJWWcAAAAA9ea19lV5YgqixFl/CPxZgQ==
.hsforms.net/	1970-01-21 01:38:10	Name: __cf_bm Value: 6s3LITp0I00MDFDuZtpnsdncGkRLx3QzL_amRxCq6W8-1733888402-1.0.1.1-71kV2AIbtsmgUoL2DyHzFnaIOVfr500COWko9MHcJY5vlR9Z9LwkjH3BikuctoIIqcvJDrtkkeQTqeabEA5DeA
.info.varonis.com/	1970-01-21 01:38:10	Name: __cf_bm Value: 8cSVEkEW41Gh3Z7N7tHk1E.ZuP0bSvjWepzLJfHog5M-1733888403-1.0.1.1-YX86qNbypQWG5ay.LPmrS0vdJXDRtthcAKsN4LDn3z3MwdUdkOTudlysOfUU5wPfttgYTYeTIf0_Nb_5eOOZ8A
.info.varonis.com/	1969-12-31 23:59:59	Name: _cfuvid Value: iJcZXUlkHwwHoFGRiUm1w2ScjyY6n6qEdisWwPLg3.c-1733888403020-0.0.1.1-604800000
.varonis.com/	1970-01-21 03:47:44	Name: _gcl_au Value: 1.1.1814763189.1733888403
tags.srv.stackadapt.com/	1970-01-21 10:23:44	Name: sa-user-id Value: s%3A0-22489312-4f5d-5a8b-704b-39214eaa5c1c.GiMT9ASZjn5OygZX1AIShBy1JhKZgg%2FoBmxsdxCBZk8
.srv.stackadapt.com/	1970-01-21 10:23:44	Name: sa-user-id Value: s%3A0-22489312-4f5d-5a8b-704b-39214eaa5c1c.GiMT9ASZjn5OygZX1AIShBy1JhKZgg%2FoBmxsdxCBZk8
tags.srv.stackadapt.com/	1970-01-21 10:23:44	Name: sa-user-id-v2 Value: s%3AIkiTEk9dWotwSzkhTqpcHND8UN8.OXzlTGw8y0li8jzlJ3a5eU39OvXNUOM8UGqAayab8JI
.srv.stackadapt.com/	1970-01-21 10:23:44	Name: sa-user-id-v2 Value: s%3AIkiTEk9dWotwSzkhTqpcHND8UN8.OXzlTGw8y0li8jzlJ3a5eU39OvXNUOM8UGqAayab8JI
tags.srv.stackadapt.com/	1970-01-21 10:23:44	Name: sa-user-id-v3 Value: s%3AAQAKIKvR_lQcImTBfbNgx4bYiKkop7dAinKURvXMj3c2sGQmEAEYAyCTk-S6BjABOgTFt2_2QgS884V4.i71JBtNuYdSxfiwg7P2fpZU1d0wCE24gjQBk%2Fa2ZQPw
.srv.stackadapt.com/	1970-01-21 10:23:44	Name: sa-user-id-v3 Value: s%3AAQAKIKvR_lQcImTBfbNgx4bYiKkop7dAinKURvXMj3c2sGQmEAEYAyCTk-S6BjABOgTFt2_2QgS884V4.i71JBtNuYdSxfiwg7P2fpZU1d0wCE24gjQBk%2Fa2ZQPw
.varonis.com/	1970-01-21 11:14:08	Name: _ga_PCF2HBX32M Value: GS1.1.1733888403.1.0.1733888403.0.0.0
.varonis.com/	1970-01-21 10:23:44	Name: _biz_uid Value: 13102d2ce326438a937586425907fd38
.varonis.com/	1970-01-21 10:23:44	Name: _biz_nA Value: 1
www.varonis.com/	1970-01-21 10:23:44	Name: sa-user-id Value: s%253A0-22489312-4f5d-5a8b-704b-39214eaa5c1c.GiMT9ASZjn5OygZX1AIShBy1JhKZgg%252FoBmxsdxCBZk8
www.varonis.com/	1970-01-21 10:23:44	Name: sa-user-id-v2 Value: s%253AIkiTEk9dWotwSzkhTqpcHND8UN8.OXzlTGw8y0li8jzlJ3a5eU39OvXNUOM8UGqAayab8JI
www.varonis.com/	1970-01-21 10:23:44	Name: sa-user-id-v3 Value: s%253AAQAKIKvR_lQcImTBfbNgx4bYiKkop7dAinKURvXMj3c2sGQmEAEYAyCTk-S6BjABOgTFt2_2QgS884V4.i71JBtNuYdSxfiwg7P2fpZU1d0wCE24gjQBk%252Fa2ZQPw
.adsrvr.org/	1970-01-21 10:23:44	Name: TDID Value: 9bbf2bd1-1700-4e42-b5e2-d5587486524f
.bizible.com/	1970-01-21 10:23:44	Name: _BUID Value: 13102d2ce326438a937586425907fd38
.varonis.com/	1970-01-21 03:47:44	Name: _fbp Value: fb.1.1733888403631.2763391793687234
.adnxs.com/	1970-01-21 03:47:44	Name: XANDR_PANID Value: AyscCBoyRiRI4CBNGo7bA0a5aT9AmL9FvF7QwoNsd0NEhtfy-iliVWeeDZLdKc0AXGTLBNmW5ybR-jRYa7m_t2j1cdxTFE8DFCVVyBOxDys.
.adnxs.com/	1970-01-21 11:14:08	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 03:47:44	Name: uuid2 Value: 7411344159084542844
www.varonis.com/	1970-01-21 11:14:08	Name: _gd_visitor Value: b273a8e1-b0f1-4b13-8c37-f59827c6d830
www.varonis.com/	1970-01-21 01:38:22	Name: _gd_session Value: c9722196-3af4-4c42-84a0-1e5a09c848c2
.varonis.com/	1970-01-21 10:23:44	Name: _biz_pendingA Value: %5B%5D
.varonis.com/	1970-01-21 03:47:44	Name: _rdt_uuid Value: 1733888403701.56be240a-1a52-4ec8-882f-4448a9b4565a
.varonis.com/	1970-01-21 11:14:08	Name: _ga Value: GA1.2.1147256297.1733888404
.varonis.com/	1970-01-21 01:39:34	Name: _gid Value: GA1.2.1710491284.1733888404
.adnxs.com/	1970-01-21 03:47:44	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2GU%ksqru!]tbP6j2F-XstGt!@D`c$mk:^
.varonis.com/	1970-01-21 01:38:08	Name: _gat_UA-2019109-1 Value: 1
.bizibly.com/	1970-01-21 10:23:44	Name: _BUID Value: 2f80569d6d24e55776c3b9e7967e13e1
.varonis.com/	1970-01-21 10:23:44	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22XDomain%22%3A%221%22%2C%22ViewThrough%22%3A%221%22%7D
.rubiconproject.com/	1970-01-21 10:23:44	Name: audit_p Value: 1\|etlKeFR4ll4z3S3IJF6lRmRqTTNF7iscMhdfSpfKxCztSRNyoMFDqKaqlJn1+aNqm69VTcJJzwcwHTRO1/p4iHX0qfg68IpFQAPcN3ARK85Uy0OppKh8LQrltLvh4oRojRsHauHDFOcgp8yKCudfybO9AGWTmWhobb0AfqHo73zREvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.rubiconproject.com/	1970-01-21 10:23:44	Name: khaos Value: M4JCDYRN-22-9KI3
.rubiconproject.com/	1970-01-21 10:23:44	Name: khaos_p Value: M4JCDYRN-22-9KI3
.rubiconproject.com/	1970-01-21 10:23:44	Name: audit Value: 1\|etlKeFR4ll4z3S3IJF6lRmRqTTNF7iscMhdfSpfKxCztSRNyoMFDqKaqlJn1+aNqm69VTcJJzwcwHTRO1/p4iHX0qfg68IpFQAPcN3ARK85Uy0OppKh8LQrltLvh4oRojRsHauHDFOcgp8yKCudfybO9AGWTmWhobb0AfqHo73zREvsM2ra73MRmS8gGs6ylTlon0IrnE1p4+byUJuUHKNl4Am3SUH3rwETMVR8lnVPictVKI3nW/ZSmfFa9k+2RfCCm1vF3Tgn8ih/oL8+08tuVaVkDFDbShAUs62yL6R/QD5U7tEfUTQ==
.varonis.com/	1970-01-21 01:38:10	Name: _sp_ses.1082 Value: *
.varonis.com/	1970-01-21 11:14:08	Name: _sp_id.1082 Value: 7f28ceb5-72d0-4fa5-94fc-cbb96620b910.1733888404.1.1733888404.1733888404.44fb358d-d1d6-43be-ba0c-8c281476b5ad
.hubspot.com/	1970-01-21 01:38:10	Name: __cf_bm Value: THO4XsySm6TKskea7zhLSDu1renbv26ftcFfdvm1A48-1733888403-1.0.1.1-_TACNMPrhVA5Zu3rT1oahCuWcRlPzoXT9xqU8zb_5qWHSUNnF1AGDvVhLOMor2KIBioCwJuDKjzelyiyD9A04A
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: L_DQs7JWeYZRI0VbnK3ED3AYyd2hISybgGnZ8dMWeLw-1733888403885-0.0.1.1-604800000
.varonis.com/	1970-01-21 11:14:08	Name: _ga_36XYNTY1LS Value: GS1.2.1733888403.1.0.1733888403.60.0.0
.t.co/	1970-01-21 11:14:08	Name: muc_ads Value: 6fa6dc99-18c5-48e0-87af-3daf91b69d0b
.t.co/	1970-01-21 01:38:10	Name: __cf_bm Value: Z1NyX74q5lKI0FDj.A.hC4pyzPQgbXx8kTKFE6NviIk-1733888404-1.0.1.1-CER8dGbuQDQVywW0nkuh2pI0iX1WaxBS1tok4PLtbqnjwa7ACbKMkyYe98IplcTG5cC52hiU4FDL92uacCJdPQ
www.varonis.com/	1970-01-21 01:48:13	Name: slireg Value: https://scout.us1.salesloft.com
.twitter.com/	1970-01-21 11:14:08	Name: guest_id_marketing Value: v1%3A173388840404051076
.twitter.com/	1970-01-21 11:14:08	Name: guest_id_ads Value: v1%3A173388840404051076
.twitter.com/	1970-01-21 11:14:08	Name: personalization_id Value: "v1_mqTuHRnF+YgTIhNCmm2QiA=="
.twitter.com/	1970-01-21 11:14:08	Name: guest_id Value: v1%3A173388840404051076
.varonis.com/	1970-01-21 01:39:34	Name: _uetsid Value: 9b8eb940b77111efab9a0fd6bce9151f
.varonis.com/	1970-01-21 10:59:44	Name: _uetvid Value: 9b8ee130b77111ef8e7903f1d417aefc
www.varonis.com/	1970-01-21 10:23:44	Name: sliguid Value: e1ec8404-e67b-4ed6-9d95-5ed966bc70b6
www.varonis.com/	1970-01-21 10:23:44	Name: slirequested Value: true
.bing.com/	1970-01-21 10:59:44	Name: MUID Value: 32890681E77267DA3E0313D3E61D6690
.bat.bing.com/	1970-01-21 01:48:13	Name: MR Value: 0
.ktxlytics.io/	1970-01-21 10:23:44	Name: sp Value: 065f182b-b5f4-4839-a1ff-698e29709d34
.doubleclick.net/	1970-01-21 11:14:08	Name: IDE Value: AHWqTUmVtmW1LyU6Bp9sMvRyvjwCNkzE7KkK_15P4RRluKBLWvo0T70r3Omz46zYXeE
.adsrvr.org/	1970-01-21 10:23:44	Name: TDCPM Value: CAESFgoHcnViaWNvbhILCMDOr_zw58w9EAUSFwoIYXBwbmV4dXMSCwiCz4z_8OfMPRAFEhUKBmdvb2dsZRILCOqdlILx58w9EAUSFQoGY2FzYWxlEgsIxMGUgvHnzD0QBRgFIAMoATILCLChsqmH6Mw9EAVCDyINCAESCQoFdGllcjIQAVoHNzE2Nzl1M2ABcgZjYXNhbGU.
.casalemedia.com/	1970-01-21 10:23:44	Name: CMID Value: Z1kJlEt3uawAAHJIA8QPnAAA
.casalemedia.com/	1970-01-21 03:47:44	Name: CMPS Value: 1240
.casalemedia.com/	1970-01-21 03:47:44	Name: CMPRO Value: 1240
.hsforms.com/	1970-01-21 01:38:10	Name: __cf_bm Value: yH6pMgKYWJ2SxD6sUTBQ8yv2FJ7BAMqedaL7R4JOd0A-1733888404-1.0.1.1-jFnH0ldtUSo_FCY.lPCLCYlCZUno.RV_5s8.2zJM5kpR9SVhwZiw_gXknRjMwyLVc4_JalxFBha.XTto.pAqtA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: mrH9SsljCdor.YkQdgirPdV5xfd1xSaSGvNhhP0jaHI-1733888404504-0.0.1.1-604800000
.linkedin.com/	1970-01-21 01:39:34	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=3062:u=1:x=1:i=1733888404:t=1733974804:v=2:sig=AQH3vf5dfWt4i1LGmTjc8cgtzi3ylUYr"
.linkedin.com/	1970-01-21 03:47:44	Name: li_sugr Value: 614d4289-f1bb-4945-9520-c3cdbed2dfc7
.linkedin.com/	1970-01-21 02:21:20	Name: UserMatchHistory Value: AQIo_P7_-jSKcgAAAZOzzW3NstF82wdAYhRPR-1BhE2nlK_qbzLKI6MKM4JMTuRBYRjjZXukLpnyVA
.linkedin.com/	1970-01-21 02:21:20	Name: AnalyticsSyncHistory Value: AQL2bYeLgqJSLAAAAZOzzW3N-72qpw2iUVWvUpdL9SmzlFxH_8ALK4lZaAWOA_TWVeugH3J93bFkGYiB3dt7Kw
.linkedin.com/	1970-01-21 10:23:44	Name: bcookie Value: "v=2&5cf9bf76-7bc7-4498-8088-507f3e940ae2"
.www.linkedin.com/	1970-01-21 10:23:44	Name: bscookie Value: "v=1&20241211034005ded0acde-123a-4c57-8477-4fe5e32bb892AQEcegh52LOlkgL8P0ddXLQzC_NZvVth"
.www.varonis.com/	1970-01-21 10:23:44	Name: _zitok Value: eb2f405f68af09ce219d1733888405
.zoominfo.com/	1970-01-21 01:38:10	Name: __cf_bm Value: CdAHDimj_b4A59xk0b2fYtghU5OF8x8z2a9u2jFwePk-1733888407-1.0.1.1-Jf6WWBlyPkWmMOI8jX4618a_sBmVzkqxNKYB1RLAAWvg7f0DAwbSIyC.NMYW9DEgqcF_hRPCBlTvEScw3VzOCw
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: c2edDzTJzsH9scUQto6STEiq44SgzzvAQNyGcBEVSi0-1733888407579-0.0.1.1-604800000

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.varonis.com/blog/investigate-ntlm-brute-force Message: Access to XMLHttpRequest at 'https://eps.6sc.co/v3/company/details' from origin 'https://www.varonis.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
network	error	URL: https://eps.6sc.co/v3/company/details Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

142972.fs1.hubspotusercontent-na1.net
alb.reddit.com
analytics.google.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
bat.bing.com
c.6sc.co
c2.ktxlytics.io
cdn.bizible.com
cdn.bizibly.com
cm.g.doubleclick.net
connect.facebook.net
cse.google.com
cta-service-cms2.hubspot.com
dsum-sec.casalemedia.com
eps.6sc.co
fonts.googleapis.com
forms-na1.hsforms.com
forms.hsforms.com
googleads.g.doubleclick.net
ib.adnxs.com
info.varonis.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.hubspot.com
js.usemessages.com
js.zi-scripts.com
match.adsrvr.org
perf-na1.hsforms.com
pixel-config.reddit.com
pixel.rubiconproject.com
platform.linkedin.com
platform.twitter.com
plausible.io
px.ads.linkedin.com
scout-cdn.salesloft.com
scout.salesloft.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tags.srv.stackadapt.com
td.doubleclick.net
track.hubspot.com
trackit.ktxlytics.io
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.varonis.com
cse.google.com
eps.6sc.co
104.16.117.116
104.16.117.43
104.16.118.116
104.16.137.209
104.16.160.168
104.16.72.105
104.16.76.142
104.17.128.172
104.18.141.119
104.18.27.193
104.18.37.212
104.18.80.204
104.19.175.188
104.244.42.3
13.107.42.14
142.251.16.157
142.251.163.113
142.251.167.113
142.251.179.95
146.75.28.157
150.171.28.10
151.101.129.140
151.101.193.140
151.101.65.140
152.199.2.76
162.159.140.229
169.150.236.104
172.253.63.154
172.253.63.97
172.64.146.132
172.64.147.16
173.194.175.157
216.239.34.181
23.205.106.73
23.205.106.91
23.209.188.7
3.167.69.41
31.13.66.19
31.13.66.35
34.196.12.18
34.234.42.249
45.60.150.169
52.223.40.198
52.44.3.114
64.233.180.105
64.233.180.155
68.67.161.208
69.173.146.5
99.83.231.3
0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
05068ab2af88eb452b3ab5c7d7389df91a55fed0792466d1e645b952dc251ab1
059646f554b3aa53d12c8e66076376021110bccec124e327cace0ad01a5db91b
063fb11a882ba89c4b00ff05f75c206f34b89448bcffeadfc2c08f7691d55dbe
0b58b2a2f7814661294fab81e52d354caa6039798c07c8f8032a6290fa613a16
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
1223df9794a2ad28042fea6f8fed36d41c86f7d3cc1e37915feb32384a82505a
1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1a8bca89be900fc40ef69429d5f2c17598c54290166831cb0b0806ca5293308c
1e66d06f85362fb880602f4eda3d9b726aec4d7308f04bbe37c375475036cc00
1f27085f18da2ceff2a3f448b7da558803acad48374342287e6eacd3589034c4
22bc6ebe2d8ed1bd9de1df7de6f77cd1bad96029eebb6d830799f504d7d471cb
240d410aca3cee565e1ed42102cbb6a42922fdc9ad93f35a542d66168bf12d63
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd
2a4578eb2a71545ae470f3dc8b9d2f08def7c87eab042fa40fc41f6f50bb14e9
2e70eb48f742364cad1a3e6c056de19cc804aff3334641ababfea747ea419859
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
30c5ae11539641f6209aab75acbb66058934efcbc76f820a2eca6b49ba839b77
329ea613b39a3bed33ef56f3e4c9ed3f64e189ac08fd68a488ce12985ef8ee31
376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb
3dd4c16dc18be08040ba32d53ab0853eb4ce51bd1e3d40aea41364d3af9fffe8
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
444ed9825e6e8b8a93f774efcd67c1b43b78d75c42e52b0825d3b25f68857a8d
46d11334d5de0f7347f38cc87fe4f65d9bfbae29d2fd722ce5952c238a46f077
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67
4d9aff7583b254af4719db23a790365cb75f412de7892dc8b2b8c523be635578
53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70
5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49
56df5bf2317bc2156b954c3fd2913afcce23eb4947c47f3ac401017dc4a0151d
5999d7cc581ef277bdb5f89c30243e18be8a707b93f19266116f4e8ca201b0a5
621316cc008d906942239d59d35864ce45f8cfb1114ac6a9668c8f04d9046c83
6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d3e3a466ea6f95a378f12c0b88bb117ac89c4e7b30758173f64bc80b87c3a1e
7304be8468bd2101fd7cdda0d540b4a37080c39a9f0a7a1eb2a7fd922e8a4f94
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
788db8a878105bdf53b3bac8f46ef4676f23973293ada91243586a17814d2791
79259d0f3238b029ef1c2aa320c5b01fba8eac13b15f20f365e07d0e51a38e22
7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238
8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
90c07a0f7df6ce7d9492c57d01a66644cb8c3bf9e67188e95ffcf0a6c1e9c0bb
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4
95ca71588e51f8364b11c77efb3b2bbcdff055c2634cfcce6b41a4d3a5cbe16a
969cf2523f0a3fd10c555584d43d89565a434b725a441bd7ec0592e3b4936cb1
97feffad5791718e6f06b1089a57470654912f51d4858deafb06f808425f70fa
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
99c8bfc5bda59b48e8d654069b8b8bd6ddf015a2a6dcb2c1f2df327c5536185d
9dbd7e5acae354dee4f1d93bc15c0884e61d76e6ffbf1c486649428dd679069e
a08a8d858d266109baa4d2dde40802f8bcb49a12695d87e7834121c01ee03e0c
a3bcb13b2f3908544ec050c5f19e01f0c93071eb639c820c42a792fe015dadfb
a52e72fd4ec08259d61f02cdfd6b0cbd9c234797c0166a8194cd1e08307ea7f4
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
a6fe517c40295b7e3fae7207e1db47f15715f4f800d86d968f615f35ffc52bcc
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1db4773f07530c87892bbe63dcbf9d72f669414fc6481588c9707e12aca3707
b68f851f2bfeb6dac7995a48adb301413ab71cbdc0c957a93188dd11f2db47a6
b7aab557343f0e0899f6ab6b35b4e9fa9459c82664d6448e42e222cad9e6edc1
bd6a2c2e6967a14b880413da005bf9e57a394669242cd4dcf91855df7d4337ee
c1b24ca6deb4f4105343780e198f2330f4cb03c3e2b9e1441d412776623718cf
c1e927ffdac60bd1236a8a0863746f0a18d451a43e1b53f2eb4c6a66669819af
c2c89d9a4dacba6507e94c004a92f04bd42757b3141e8a00e0ab4789edf8a2f6
c4d5dcf0ae9f1646da7332c6eee1643ebf5c1d5c87ce54517b7c4ac298dda17a
c4eb49795f7a703429e7012cec0a556e6faf6f551f07cd337f66c5a1ec3a5847
c675a3c350975be47ae587ebf49de2a9924d62ce1141004266639cdff7df93e7
c978a74e02a2585a63d883b4c0e13c527c395be59fe32a99ce06f9f073b54926
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca8b14217051bca97ce1ce4294d53a08fabab2e5684a9542a503ded1ee41f7a4
caa729283b7b5a247aa014b6f1c70b9d844039daa03f4948f9e94cd3027745f5
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
cca2bf9b0e9f7de5afcf4282c87d26301ed0ebca7cbd30feedb0a4da3108b153
cce2184ec089babc70ded47b8474c543f6a5ff013e4bfd9dbae8689489bb13ba
cd38ae1d2a1ae32daa9ed2895a5a9d72e41bd2ac0b363aab255d216a58076d91
ce1eade43de61291fb7e1708bdbe373f955aa88e54e9c894fa6ab1ed455ab1b5
cf65c53411aebd90b2935e116011cb91f6743632a7af00e83aebfb83ecaad2ed
d1fa32430bf10df61563faa447e1dc9cde222c75f4d2607e553233da375cc65b
d36922df079667f4d9690532324be4d69b71151ce8e8c5f764bb63e8a29fd968
d480de66b420ea6afb356fe87de6fe62f5cbbd08662f077ff2edae95a2b900df
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623
da6cc3e07157e3847c0cc83a0ed1261245a44880786922222e9e56a8aa9bb92a
dbc0f30e58b2a906e2bdbdf999ce1d8352660f5e59204c6c47efc3ed98b57cb1
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
e0926308bbf7d8918e7893af49e058bd6e4be2caf53ccaaf318ea2879fc99b50
e3409ac09af396e35fd67c5e024386d36c52138b7541e6a4644c31a94a2d33a4
e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
e971a8a7d867891c1d9e7a2e04c04b4dc2d958e5600f6909bc2e92bca7959b6f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd38983aac253be575fad833970a74c40ad03895967a1e28c29df202d6dff968
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff64557f6a778fbd52f7af7c11e29014fa71d522b7fb8f6f27671ceea92818aa

www.varonis.com Open in urlscan Pro 45.60.150.169 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

148 Requests

95 %HTTPS

0 %IPv6

38 Domains

61 Subdomains

47 IPs

2 Countries

2780 kBTransfer

6162 kBSize

76 Cookies

42 Outgoing links

Redirected requests

148 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.varonis.com Open in urlscan Pro
45.60.150.169 Public Scan

Screenshot
Live screenshot

Full Image

148
Requests

95 %
HTTPS

0 %
IPv6

38
Domains

61
Subdomains

47
IPs

2
Countries

2780 kB
Transfer

6162 kB
Size

76
Cookies

148 HTTP transactions
2 data transactions