URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authenticati...
Submission: On October 22 via api from BY — Scanned from DE

Summary

This website contacted 67 IPs in 7 countries across 57 domains to perform 238 HTTP transactions. The main IP is 104.16.69.86, located in and belongs to CLOUDFLARENET, US. The main domain is www.cyberark.com. The Cisco Umbrella rank of the primary domain is 313134.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 28th 2024. Valid for: a year.
This is the only time www.cyberark.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 26 104.16.69.86 13335 (CLOUDFLAR...)
30 18.66.102.3 16509 (AMAZON-02)
7 2606:4700::68... 13335 (CLOUDFLAR...)
8 2600:9000:20e... 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
8 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2600:9000:249... 16509 (AMAZON-02)
17 2a00:1450:400... 15169 (GOOGLE)
2 34.117.77.79 396982 (GOOGLE-CL...)
2 23.197.137.224 16625 (AKAMAI-AS)
5 2a00:1450:400... 15169 (GOOGLE)
2 52.48.129.25 16509 (AMAZON-02)
7 2600:1f18:e8a... 14618 (AMAZON-AES)
4 13.224.189.92 16509 (AMAZON-02)
12 95.101.111.184 20940 (AKAMAI-ASN1)
4 104.102.34.125 16625 (AKAMAI-AS)
2 2a04:4e42:600... 54113 (FASTLY)
6 2a00:1450:400... 15169 (GOOGLE)
1 35.174.248.58 14618 (AMAZON-AES)
1 52.17.200.40 16509 (AMAZON-02)
1 1 54.77.122.229 16509 (AMAZON-02)
1 66.235.152.225 16509 (AMAZON-02)
1 192.28.147.68 15224 (OMNITURE)
1 151.101.193.140 54113 (FASTLY)
1 151.101.65.140 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
1 13.224.189.52 16509 (AMAZON-02)
1 52.222.236.93 16509 (AMAZON-02)
5 192.28.146.116 15224 (OMNITURE)
1 2001:4860:480... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 12 37.252.171.85 29990 (ASN-APPNEX)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
2 3 142.250.186.130 15169 (GOOGLE)
3 3 2a00:1450:400... 15169 (GOOGLE)
3 3 2a00:1450:400... 15169 (GOOGLE)
3 18.245.86.77 16509 (AMAZON-02)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 2a03:2880:f08... 32934 (FACEBOOK)
4 2600:9000:206... 16509 (AMAZON-02)
1 2 142.250.184.230 15169 (GOOGLE)
4 3.126.222.51 16509 (AMAZON-02)
2 35.204.89.238 396982 (GOOGLE-CL...)
2 18.245.60.41 16509 (AMAZON-02)
1 172.217.16.198 15169 (GOOGLE)
1 2 52.17.118.158 16509 (AMAZON-02)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
3 54.159.177.125 14618 (AMAZON-AES)
17 22 34.91.62.186 396982 (GOOGLE-CL...)
1 2600:9000:211... 16509 (AMAZON-02)
2 3 46.228.174.117 56396 (AMOBEE)
1 76.223.111.18 16509 (AMAZON-02)
1 2600:1f18:612... 14618 (AMAZON-AES)
1 2 34.111.113.62 396982 (GOOGLE-CL...)
1 1 34.250.214.229 16509 (AMAZON-02)
1 1 52.57.232.9 16509 (AMAZON-02)
2 2 2600:1901:0:8... 15169 (GOOGLE)
1 2 2a00:1288:80:... 203220 (YAHOO-DEB)
1 2 54.78.254.47 16509 (AMAZON-02)
1 52.73.21.157 14618 (AMAZON-AES)
1 2.23.197.190 16625 (AKAMAI-AS)
1 54.72.108.116 16509 (AMAZON-02)
1 34.242.121.27 16509 (AMAZON-02)
2 35.244.174.68 396982 (GOOGLE-CL...)
1 69.173.144.139 26667 (RUBICONPR...)
1 34.98.64.218 396982 (GOOGLE-CL...)
2 142.250.185.226 15169 (GOOGLE)
1 63.140.62.27 16509 (AMAZON-02)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 1 15.197.193.217 16509 (AMAZON-02)
1 13.225.83.200 16509 (AMAZON-02)
2 18.245.86.73 16509 (AMAZON-02)
1 1 34.208.53.22 16509 (AMAZON-02)
238 67
Apex Domain
Subdomains
Transfer
30 cdntwrk.com
content.cdntwrk.com — Cisco Umbrella Rank: 82621
2 MB
26 cyberark.com
www.cyberark.com — Cisco Umbrella Rank: 313134
457 KB
24 simpli.fi
tag.simpli.fi — Cisco Umbrella Rank: 4957
i.simpli.fi — Cisco Umbrella Rank: 4183
um.simpli.fi — Cisco Umbrella Rank: 913
13 KB
17 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
480 KB
13 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5626
c.6sc.co — Cisco Umbrella Rank: 6951
ipv6.6sc.co — Cisco Umbrella Rank: 5794
b.6sc.co — Cisco Umbrella Rank: 3611
22 KB
12 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 479
ib.adnxs.com — Cisco Umbrella Rank: 267
14 KB
10 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
9920016.fls.doubleclick.net — Cisco Umbrella Rank: 744805
ad.doubleclick.net — Cisco Umbrella Rank: 150
cm.g.doubleclick.net — Cisco Umbrella Rank: 283
2 KB
9 marketo.com
sjrtp6-cdn.marketo.com — Cisco Umbrella Rank: 112528
rtp-static.marketo.com — Cisco Umbrella Rank: 20384
sjrtp6.marketo.com — Cisco Umbrella Rank: 97420
182 KB
8 segreencolumn.com
ob.segreencolumn.com — Cisco Umbrella Rank: 30124
obs.segreencolumn.com — Cisco Umbrella Rank: 24681
42 KB
8 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 430
105 KB
8 uberflip.com
cihost.uberflip.com — Cisco Umbrella Rank: 109907
659 KB
7 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
425 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
22 KB
6 trustarc.com
consent.trustarc.com — Cisco Umbrella Rank: 3434
consent-pref.trustarc.com — Cisco Umbrella Rank: 15711
34 KB
5 dpmsrv.com
s.dpmsrv.com — Cisco Umbrella Rank: 32050
a.dpmsrv.com — Cisco Umbrella Rank: 29811
20 KB
5 driftt.com
js.driftt.com — Cisco Umbrella Rank: 6590
71 KB
5 gstatic.com
fonts.gstatic.com
157 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
186 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 321
px4.ads.linkedin.com — Cisco Umbrella Rank: 6828
2 KB
4 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 2579
10 KB
4 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 4670
12 KB
4 google.de
www.google.de — Cisco Umbrella Rank: 11271
255 B
4 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 4401
www.google.com — Cisco Umbrella Rank: 3
72 B
3 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 89
3 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 243
cyberark.demdex.net — Cisco Umbrella Rank: 422256
2 KB
3 ml314.com
ml314.com — Cisco Umbrella Rank: 1614
in.ml314.com — Cisco Umbrella Rank: 11277
13 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
3 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 462
140 B
2 exelator.com
loadm.exelator.com — Cisco Umbrella Rank: 1779
2 KB
2 yahoo.com
cms.analytics.yahoo.com — Cisco Umbrella Rank: 1830
ups.analytics.yahoo.com — Cisco Umbrella Rank: 495
507 B
2 pro-market.net
fei.pro-market.net — Cisco Umbrella Rank: 2566
872 B
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 542
d.agkn.com — Cisco Umbrella Rank: 782
1 KB
2 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 446
1 KB
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 503
730 B
2 bidr.io
cnv.event.prod.bidr.io — Cisco Umbrella Rank: 18207
1 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
73 KB
2 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 1994
alb.reddit.com — Cisco Umbrella Rank: 1330
761 B
2 omtrdc.net
cyberark.tt.omtrdc.net — Cisco Umbrella Rank: 758458
cyberark.sc.omtrdc.net — Cisco Umbrella Rank: 347598
1 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1063
13 KB
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3657
6 KB
1 usbrowserspeed.com
a.usbrowserspeed.com — Cisco Umbrella Rank: 3106
262 B
1 cloudfront.net
d1eoo1tco6rr5e.cloudfront.net
1 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 945
86 B
1 openx.net
us-u.openx.net — Cisco Umbrella Rank: 516
264 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 413
239 B
1 lijit.com
ce.lijit.com — Cisco Umbrella Rank: 912
223 B
1 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 976
266 B
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 1137
27 B
1 bfmio.com
sync.bfmio.com — Cisco Umbrella Rank: 1507
421 B
1 tremorhub.com
simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 6710
175 B
1 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 415
140 B
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1136
378 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 582
236 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 784
14 KB
1 mktoresp.com
316-czp-275.mktoresp.com — Cisco Umbrella Rank: 672915
318 B
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1371
490 B
0 intentiq.com Failed
sync.intentiq.com Failed
238 57
Domain Requested by
30 content.cdntwrk.com www.cyberark.com
content.cdntwrk.com
26 www.cyberark.com 1 redirects www.cyberark.com
content.cdntwrk.com
22 um.simpli.fi 17 redirects
17 www.googletagmanager.com www.cyberark.com
www.googletagmanager.com
www.google-analytics.com
9 b.6sc.co www.cyberark.com
8 assets.adobedtm.com www.cyberark.com
assets.adobedtm.com
8 cihost.uberflip.com www.cyberark.com
cihost.uberflip.com
7 secure.adnxs.com j.6sc.co
7 obs.segreencolumn.com ob.segreencolumn.com
www.cyberark.com
7 cdnjs.cloudflare.com www.cyberark.com
cdnjs.cloudflare.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
5 ib.adnxs.com 2 redirects
5 js.driftt.com www.cyberark.com
js.driftt.com
5 sjrtp6.marketo.com sjrtp6-cdn.marketo.com
rtp-static.marketo.com
5 consent.trustarc.com www.cyberark.com
consent.trustarc.com
5 fonts.gstatic.com fonts.googleapis.com
5 fonts.googleapis.com www.cyberark.com
cihost.uberflip.com
4 tags.srv.stackadapt.com www.cyberark.com
tags.srv.stackadapt.com
4 nexus.ensighten.com www.googletagmanager.com
nexus.ensighten.com
4 www.google.de www.cyberark.com
3 a.dpmsrv.com s.dpmsrv.com
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 www.google.com 3 redirects
3 googleads.g.doubleclick.net 3 redirects
3 www.googleadservices.com 2 redirects www.googletagmanager.com
3 rtp-static.marketo.com sjrtp6-cdn.marketo.com
2 www.facebook.com
2 cm.g.doubleclick.net s.dpmsrv.com
2 idsync.rlcdn.com
2 loadm.exelator.com 1 redirects
2 fei.pro-market.net 2 redirects
2 pixel.tapad.com 1 redirects
2 sync.1rx.io 2 redirects
2 cnv.event.prod.bidr.io 1 redirects
2 s.dpmsrv.com www.cyberark.com
2 9920016.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 connect.facebook.net www.cyberark.com
connect.facebook.net
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 www.redditstatic.com www.cyberark.com
www.redditstatic.com
2 j.6sc.co www.googletagmanager.com
j.6sc.co
2 dpm.demdex.net assets.adobedtm.com
www.cyberark.com
2 munchkin.marketo.net www.cyberark.com
munchkin.marketo.net
2 ml314.com www.cyberark.com
ml314.com
1 a.usbrowserspeed.com 1 redirects
1 d1eoo1tco6rr5e.cloudfront.net nexus.ensighten.com
1 insight.adsrvr.org 1 redirects
1 cyberark.sc.omtrdc.net assets.adobedtm.com
1 us-u.openx.net
1 pixel.rubiconproject.com
1 ce.lijit.com
1 bcp.crwdcntrl.net
1 stags.bluekai.com
1 sync.bfmio.com
1 ups.analytics.yahoo.com
1 cms.analytics.yahoo.com 1 redirects
1 d.agkn.com 1 redirects
1 aa.agkn.com 1 redirects
1 simplifi.partners.tremorhub.com
1 eb2.3lift.com
1 sync.targeting.unrulymedia.com
1 s.ad.smaato.net
1 px4.ads.linkedin.com
1 i.simpli.fi tag.simpli.fi
1 ad.doubleclick.net
1 tag.simpli.fi www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 region1.analytics.google.com www.googletagmanager.com
1 consent-pref.trustarc.com consent.trustarc.com
1 alb.reddit.com www.cyberark.com
1 pixel-config.reddit.com www.redditstatic.com
1 316-czp-275.mktoresp.com munchkin.marketo.net
1 cyberark.tt.omtrdc.net assets.adobedtm.com
1 cm.everesttech.net 1 redirects
1 cyberark.demdex.net assets.adobedtm.com
1 in.ml314.com ml314.com
1 sjrtp6-cdn.marketo.com www.cyberark.com
1 ob.segreencolumn.com www.cyberark.com
0 sync.intentiq.com Failed
238 80
Subject Issuer Validity Valid
cyberark.com
Cloudflare Inc ECC CA-3
2024-01-28 -
2024-12-31
a year crt.sh
content.cdntwrk.com
Amazon RSA 2048 M03
2024-08-24 -
2025-09-22
a year crt.sh
cdnjs.cloudflare.com
WE1
2024-09-28 -
2024-12-27
3 months crt.sh
*.uberflip.com
Amazon RSA 2048 M03
2024-06-06 -
2025-07-04
a year crt.sh
upload.video.google.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-09 -
2025-08-09
a year crt.sh
*.segreencolumn.com
Amazon RSA 2048 M03
2024-06-18 -
2025-07-17
a year crt.sh
*.google-analytics.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
event-horizon.gcp.bomm.in
WR3
2024-10-18 -
2025-01-16
3 months crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2023-12-08 -
2024-12-11
a year crt.sh
*.gstatic.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-09-25 -
2025-10-26
a year crt.sh
*.trustarc.com
Amazon RSA 2048 M02
2024-03-16 -
2025-04-14
a year crt.sh
6sc.co
R10
2024-09-23 -
2024-12-22
3 months crt.sh
*.marketo.com
DigiCert TLS RSA SHA256 2020 CA1
2023-12-08 -
2024-12-11
a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-10-06 -
2025-04-03
6 months crt.sh
*.ml314.com
Amazon RSA 2048 M02
2024-09-14 -
2025-10-11
a year crt.sh
*.tt.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1
2024-02-26 -
2025-03-28
a year crt.sh
*.mktoresp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-08-15 -
2025-09-15
a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1
2024-10-13 -
2025-04-11
6 months crt.sh
*.g.doubleclick.net
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
*.google.de
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2024-02-14 -
2025-03-16
a year crt.sh
*.googleadservices.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
drift.com
Amazon RSA 2048 M03
2024-07-30 -
2025-08-27
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-07-31 -
2024-10-29
3 months crt.sh
nexus.ensighten.com
Amazon RSA 2048 M03
2024-08-29 -
2025-09-28
a year crt.sh
*.doubleclick.net
WR2
2024-09-30 -
2024-12-23
3 months crt.sh
*.srv.stackadapt.com
Amazon RSA 2048 M02
2024-08-09 -
2025-09-07
a year crt.sh
*.simpli.fi
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-07 -
2024-12-07
a year crt.sh
*.dpmsrv.com
Amazon RSA 2048 M02
2024-02-16 -
2025-03-16
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-10-14 -
2025-04-14
6 months crt.sh
*.sc.omtrdc.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-07 -
2025-03-09
a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2024-07-30 -
2025-07-03
a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2024-02-06 -
2025-03-05
a year crt.sh

This page contains 10 frames:

Primary Page: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Frame ID: EF5261DB654C8AC03184ECEF8951ECE6
Requests: 227 HTTP requests in this frame

Frame: https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js
Frame ID: EBDC0C14854B8CAE488F301B06F9128E
Requests: 2 HTTP requests in this frame

Frame: https://cyberark.demdex.net/dest5.html?d_nsid=0
Frame ID: 93D5B0CBDC81F09115E814637EEEBEEF
Requests: 1 HTTP requests in this frame

Frame: https://consent.trustarc.com/get?name=crossdomain.html&domain=cyberark.com
Frame ID: A90BFFCAE2CA820CE808BD1D2DA3567B
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&country=de&action=notice&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=fd5756fa-fd1b-45b4-97bf-c119069b26f3&userType=NEW
Frame ID: 4B76FE0B2A14D8E74167809E845CC9AF
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.cyberark.com
Frame ID: 00999D4F1F60088613B8E50607C3BABD
Requests: 1 HTTP requests in this frame

Frame: https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Frame ID: D9BB821088F103BA944F78603EF4F654
Requests: 1 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
Frame ID: DC6E0D37D0D12B2BEEFAF818C21813D1
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=f6bafa70-4051-428e-bfd3-3a1454b90d46&sessionStarted=1729556452.237&campaignRefreshToken=843b3c86-3638-43d6-96e7-4bf0f959d0b2&hideController=false&pageLoadStartTime=1729556448519&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Frame ID: 22701E1B1B9C316542B7928646D751D0
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1729556448519
Frame ID: 82D1C8E9EA433103DBB3ED35512A3721
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • consent\.trustarc\.com

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

238
Requests

88 %
HTTPS

34 %
IPv6

57
Domains

80
Subdomains

67
IPs

7
Countries

4634 kB
Transfer

9665 kB
Size

80
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86
  • https://www.cyberark.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js
Request Chain 98
  • https://cm.everesttech.net/cm/dd?d_uuid=17521897870795926943090136164194094885 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6
Request Chain 132
  • https://www.googleadservices.com/pagead/conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM HTTP 302
  • https://www.google.com/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSGwDpaXnfxY3mQY95f266y_ZpaVzSL6PHbuS3tw&random=3834910460 HTTP 302
  • https://www.google.de/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSGwDpaXnfxY3mQY95f266y_ZpaVzSL6PHbuS3tw&random=3834910460&ipr=y
Request Chain 142
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA HTTP 302
  • https://www.google.com/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA&is_vtc=1&cid=CAQSGwDpaXnfN_ik5DsA7V5F87PCLfN7SBxsUEXEYw&random=3621428707 HTTP 302
  • https://www.google.de/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA&is_vtc=1&cid=CAQSGwDpaXnfN_ik5DsA7V5F87PCLfN7SBxsUEXEYw&random=3621428707&ipr=y
Request Chain 151
  • https://9920016.fls.doubleclick.net/activityi;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps HTTP 302
  • https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Request Chain 156
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=[ORDER]&ord=[CACHEBUSTER] HTTP 303
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1
Request Chain 166
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&e_ipv6=AQL-FeYJ_xlFrAAAAZKxmRLIHBkldi8UpRj6oHwo-aTEUM7CMgEd3epqX12NLL2TA8_9v8vS_fUKIL1QDsDJ7ZY3VsRQ0g
Request Chain 167
  • https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&dpmCid%3D%26zn%3D%26sn%3D%26q%3DxImp%26v%3D1.x%26cl%3D62%26pixelIndex%3D0%26r%3D78365%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.cyberark.com%252Fresources%252Fthreat-research-blog%252Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26dpmCid%253D%2526zn%253D%2526sn%253D%2526q%253DxImp%2526v%253D1.x%2526cl%253D62%2526pixelIndex%253D0%2526r%253D78365%2526tzOffset%253D-120%2526url%253Dhttps%25253A%25252F%25252Fwww.cyberark.com%25252Fresources%25252Fthreat-research-blog%25252Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps HTTP 302
  • https://a.dpmsrv.com/dpmpxl/index.php?id=4084603115321777412&dpmCid=&zn=&sn=&q=xImp&v=1.x&cl=62&pixelIndex=0&r=78365&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Request Chain 170
  • https://um.simpli.fi/smaato HTTP 302
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 171
  • https://um.simpli.fi/nexxen HTTP 302
  • https://sync.1rx.io/usersync/simplifi/7DEEB55C4D1F4B0799E41E7096C9DA73 HTTP 302
  • https://sync.1rx.io/usersync/simplifi/7DEEB55C4D1F4B0799E41E7096C9DA73?zcc=1&cb=1729556452210 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003
Request Chain 172
  • https://um.simpli.fi/triplelift HTTP 302
  • https://eb2.3lift.com/xuid?mid=7969&xuid=7DEEB55C4D1F4B0799E41E7096C9DA73&dongle=yf3
Request Chain 173
  • https://um.simpli.fi/telaria_p HTTP 302
  • https://simplifi.partners.tremorhub.com/sync?UISF=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 174
  • https://um.simpli.fi/tapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 175
  • https://um.simpli.fi/ad_advisor HTTP 302
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=7DEEB55C4D1F4B0799E41E7096C9DA73 HTTP 302
  • https://d.agkn.com/pixel/10751/?che=1729556452276&ip=217.114.215.131&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219883205043000015856 HTTP 302
  • https://um.simpli.fi/aa_px?sk=219883205043000015856 HTTP 302
  • https://um.simpli.fi/empty.gif
Request Chain 176
  • https://um.simpli.fi/intentiq HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 179
  • https://um.simpli.fi/dtnx HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=7DEEB55C4D1F4B0799E41E7096C9DA73;mimetype=img; HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=7DEEB55C4D1F4B0799E41E7096C9DA73;mimetype=img;sr HTTP 302
  • https://cms.analytics.yahoo.com/cms?partner_id=DATCS HTTP 302
  • https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS
Request Chain 180
  • https://um.simpli.fi/exelatem HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0&xl8blockcheck=1
Request Chain 182
  • https://um.simpli.fi/beachfront HTTP 302
  • https://sync.bfmio.com/sync?pid=141&uid=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 183
  • https://um.simpli.fi/bluekai HTTP 302
  • https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 184
  • https://um.simpli.fi/crwdcntrl HTTP 302
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 185
  • https://um.simpli.fi/lj_match HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 186
  • https://um.simpli.fi/liveramp_match HTTP 302
  • https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 187
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1729556451902&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM HTTP 302
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSKQDpaXnfbF1UqGHHo6kZ5SC7mKISp4x66a-dMMLw3PtLhIpxP8i1s62b&random=2407399201 HTTP 302
  • https://www.google.de/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSKQDpaXnfbF1UqGHHo6kZ5SC7mKISp4x66a-dMMLw3PtLhIpxP8i1s62b&random=2407399201&ipr=y
Request Chain 189
  • https://um.simpli.fi/an HTTP 302
  • https://ib.adnxs.com/setuid?entity=66&code=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 190
  • https://um.simpli.fi/rb_match HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=7DEEB55C4D1F4B0799E41E7096C9DA73&expires=365
Request Chain 191
  • https://um.simpli.fi/ox_match HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=7DEEB55C4D1F4B0799E41E7096C9DA73
Request Chain 199
  • https://insight.adsrvr.org/tags/0v1kpom/u9beit9/iframe HTTP 301
  • https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
Request Chain 206
  • https://a.usbrowserspeed.com/cs?pid=d177d942cb8207b52f57818feb9bb79a7b77ce6e0ed688e3af36875661b9be1d&r=https%3A%2F%2Fs.dpmsrv.com%2Fblank.png&puid=62_4084603115321777412 HTTP 302
  • https://s.dpmsrv.com/blank.png

238 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
www.cyberark.com/resources/threat-research-blog/
295 KB
53 KB
Document
General
Full URL
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fac1feb1a5135b9907789af41fd68ec31edf9912c62409f4aa47f91cef731769
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8d6552d8fd1edba1-FRA
content-encoding
gzip
content-language
en
content-security-policy
frame-ancestors 'self' https://www.cyberark.com/
content-type
text/html; charset=UTF-8
date
Tue, 22 Oct 2024 00:20:48 GMT
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
referrer-policy
unsafe-url
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
lato.css
content.cdntwrk.com/css/google-fonts/
6 KB
965 B
Stylesheet
General
Full URL
https://content.cdntwrk.com/css/google-fonts/lato.css?v=075928935a99
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
88b4bd1c3c8e9af6516b562e9679955ff48479ee6a5771e97ef425d1c5425e1f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"37291223d8c6a87c6435a8740e28f134"
age
204281
access-control-allow-methods
GET, HEAD
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
QujJwjB0E-ZjcXO5hfIaot4DIXdcU9eZBbP1el0YhPJg0ZI3B6anJQ==
date
Sat, 19 Oct 2024 15:36:08 GMT
content-type
text/css
vary
Accept-Encoding
last-modified
Mon, 07 Oct 2024 16:51:46 GMT
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
hubs.d9fdeb361862fc14a04f.css
content.cdntwrk.com/css/hubs/
267 KB
45 KB
Stylesheet
General
Full URL
https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6fe7e313748ef9c88c8bde3bd65111faf8cc408ae3cf0e32274c06a1145b3243

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"3ce909070123f979fd732057f89d472d"
age
544418
access-control-allow-methods
GET, HEAD
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
pJuu9FAsnaTch52IiAfxy6pk6VEQ2vMhEYCP3FJS6eL09OiT0XrnaQ==
date
Tue, 15 Oct 2024 17:07:10 GMT
content-type
text/css
vary
Accept-Encoding
last-modified
Mon, 07 Oct 2024 16:51:46 GMT
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/
101 KB
19 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ceaaba22d75b58e04150311f596306562a3e595e27ed4b1dfa451b82dda9e50
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"660cc074-49fa"
age
4644
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k7gR3SGP%2FF3hnEH82uIoFzazUS1bo8ASUcWsgxXQ%2BbRlcJAM4m8oER0ukk9voXCZDQ9eSw1A1IJleZPr2ENf1tRXMrMALRON4E8pdJJjYnqE3VmTIFLZlnPFhpIkzmdZojJoAyT%2FYZuldQ1ZfB89OXdF"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 12 Oct 2025 00:20:48 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
text/css; charset=utf-8
last-modified
Wed, 03 Apr 2024 02:35:32 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d6552db99dbd350-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
18938
server
cloudflare
fontawesome.css
www.cyberark.com/wp-content/themes/understrap-child-1.0.1/includes/fontawesome/css/
185 KB
40 KB
Stylesheet
General
Full URL
https://www.cyberark.com/wp-content/themes/understrap-child-1.0.1/includes/fontawesome/css/fontawesome.css?ver=6.5.3
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1afb09b056ef890af30cbc33888945853da97fd1fe059d6445d2da33666cdb40
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
cf-bgj
minify
etag
W/"65d769a6-38532"
age
1794757
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:48 GMT
cf-polished
origSize=230706
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
text/css
last-modified
Thu, 22 Feb 2024 15:35:02 GMT
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552db5fa3dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin
*
server
cloudflare
en.css
cihost.uberflip.com/cyberArk/master/build/en/
527 KB
78 KB
Stylesheet
General
Full URL
https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a8d82e3be2a96b75953a364e418e7bbacf8c55438b4c9bcdaacc72d2e0cfdeca

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

vary
Accept-Encoding
content-encoding
gzip
x-amz-meta-s3cmd-attrs
atime:1719209208/ctime:1719209208/gid:127/gname:docker/md5:40f5b02f6e24c823904ef4865208b47f/mode:33188/mtime:1719209208/uid:1001/uname:runner
etag
W/"40f5b02f6e24c823904ef4865208b47f"
age
67014
via
1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
6gl7izeb3JV-Iv42GhhBWY-NVVyDmDwT9fsOxNeRWqQ4hg6akzDDtQ==
date
Mon, 21 Oct 2024 05:43:55 GMT
content-type
text/css
last-modified
Mon, 24 Jun 2024 06:06:54 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/
46 KB
9 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03e60-b752"
age
9707
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FCx%2FBTgi77239Vcow8ToByi5n2dAfPqVuuTFc7FBLyaso7XWhICffJzhVfz7y3gEQSLcKqvbxmnMtAAsQUHN92SUYZiaVU0IUgZNsHAoQBCP1NhPQkc%2BqPFo0NeQGz9fVZ9fe3PRCH%2F0aKQFmK1YFfj"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 12 Oct 2025 00:20:48 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
text/css; charset=utf-8
last-modified
Mon, 04 May 2020 16:10:08 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d6552db99d6d350-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
8281
server
cloudflare
css
fonts.googleapis.com/
12 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400&display=swap
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
67e5974968ed8c4d0d8cc5a63788094985c36685f7e18b2e1643ded31d032088
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Mon, 21 Oct 2024 23:29:33 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
enlighterjs.min.css
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/
78 KB
12 KB
Stylesheet
General
Full URL
https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.css?ver=5.4.2
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"5f4d2349-13634"
age
1794757
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:48 GMT
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
text/css
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Mon, 31 Aug 2020 16:20:25 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552db5fa5dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin
*
server
cloudflare
enlighterjs.min.js
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/
57 KB
20 KB
Script
General
Full URL
https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.js?ver=5.4.2
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"5f4d2349-e307"
age
1794757
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:48 GMT
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
application/javascript
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Mon, 31 Aug 2020 16:20:25 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552db6fa8dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin
*
server
cloudflare
css2
fonts.googleapis.com/
2 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto+Mono&display=swap
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e52c838f42938406d65ae685cc53e2d7c5dc09f2c2080f9d6baa6f66acb554c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Mon, 21 Oct 2024 23:10:06 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
launch-e8e6adf0fe30.min.js
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/
295 KB
87 KB
Script
General
Full URL
https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
8ea3873a69611e840472b4320bb35a35d9ce9bc51d253b7e57ee3bd8732be817

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"d8106e7ed0d53251d2398bfb6573cf8d:1726003825.401054"
expires
Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.cyberark.com
content-length
88822
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/x-javascript
last-modified
Tue, 10 Sep 2024 21:30:25 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
84cf3062f98cbab994d639a975b2798e.js
ob.segreencolumn.com/i/
108 KB
40 KB
Script
General
Full URL
https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:ae00:18:15b9:5a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Caddy /
Resource Hash
139f0fa0e925b7cfb066a495e136bb92914624aea888e8bbda0594595857af6f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=43200
content-encoding
gzip
etag
"1af88-ZO0JkB78fUqbeuh/eVjoywGTys4"
age
18977
via
1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
expires
Tue, 22 Oct 2024 07:04:31 GMT
x-cache
Hit from cloudfront
content-length
40393
x-amz-cf-id
oMc1YDVW6vd2v3IpZcWbz2sTF066p8w8lywIol3lSPgJ8s3YzN_Tkg==
date
Mon, 21 Oct 2024 19:04:46 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
Caddy
x-amz-cf-pop
FRA56-P6
logo.svg
cihost.uberflip.com/cyberArk/OB-8671/build/assets/
14 KB
5 KB
Image
General
Full URL
https://cihost.uberflip.com/cyberArk/OB-8671/build/assets/logo.svg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
952f35790a58d6c58cd01db0b7994f8b1e3f2d4328f8dd2ed423c01579d403c6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

vary
Accept-Encoding
content-encoding
gzip
x-amz-meta-s3cmd-attrs
atime:1670855619/ctime:1670855619/gid:123/gname:docker/md5:f86c6ef84b83b048b2a5521fb36ab761/mode:33188/mtime:1670855619/uid:1001/uname:runner
etag
W/"f86c6ef84b83b048b2a5521fb36ab761"
age
72306
via
1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
ekSo_HGQzKPqLMMWYL8kpoY71y9j4XwM_wvqN3wIfpSDhXHNrRmr_Q==
date
Mon, 21 Oct 2024 04:15:43 GMT
content-type
image/svg+xml
last-modified
Mon, 12 Dec 2022 14:33:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
cora-ai-nav.png
www.cyberark.com/wp-content/uploads/2024/05/
20 KB
23 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2024/05/cora-ai-nav.png
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
789ee7ec8ddfe397c857cf0799e6bb655608853a54b7bf6642cc4a4e1378fbf0
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"6647a196-7a87"
age
1794671
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:48 GMT
cf-polished
origFmt=png, origSize=31367
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
image/webp
content-disposition
inline; filename="cora-ai-nav.webp"
vary
Accept
last-modified
Fri, 17 May 2024 18:27:34 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552db6fa9dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
20100
server
cloudflare
Icons-Globe@2x.png
www.cyberark.com/wp-content/uploads/2020/12/
456 B
4 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2020/12/Icons-Globe@2x.png
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45aca110620ac12009925cac1e38aa4e71426a2b83ee7f356010069b45539d56
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5fed076b-47b"
age
1793855
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:48 GMT
cf-polished
origFmt=png, origSize=1147
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
image/webp
content-disposition
inline; filename="Icons-Globe@2x.webp"
vary
Accept
last-modified
Wed, 30 Dec 2020 23:04:11 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dbd820dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
456
server
cloudflare
ajax-loader-white-2x.gif
content.cdntwrk.com/img/hubs/
3 KB
3 KB
Image
General
Full URL
https://content.cdntwrk.com/img/hubs/ajax-loader-white-2x.gif?v=19a554b579c4
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c1cd0852f3077f1b059e16529d8de16acb490990d6cb796dd74873de0bfd8a91

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age
0
etag
"5217392f882b27d35ec2e72946f2df7e"
age
589653
access-control-allow-methods
GET, HEAD
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
1bzMv4cCOoynRaR2xipJZwMg08DM5nB4tMomKeoY7VFZOrTwNZ_Cbw==
date
Tue, 15 Oct 2024 04:33:16 GMT
content-type
image/gif
last-modified
Mon, 07 Oct 2024 16:51:53 GMT
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
2707
x-amz-cf-pop
FRA56-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
chevron-down-64x64.png
content.cdntwrk.com/img/hubs/
760 B
1 KB
Image
General
Full URL
https://content.cdntwrk.com/img/hubs/chevron-down-64x64.png?v=78668873251b
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age
0
etag
"26818bdf0706c780af4a52b44ea17fdc"
age
89108
access-control-allow-methods
GET, HEAD
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
xpYKVJgp_buAq8Ue7dyQxBVA3UMP46CEZ-rL9gyWO5NzOIlUuoCI5w==
date
Sun, 20 Oct 2024 23:35:41 GMT
content-type
image/png
vary
Accept-Encoding
last-modified
Mon, 07 Oct 2024 16:51:53 GMT
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
760
x-amz-cf-pop
FRA56-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
gtm.js
www.googletagmanager.com/
359 KB
118 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
479dbd7adb24eeca702986de7d7d3f34fe50bba22cad3db36b488d09e2e08582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Tue, 22 Oct 2024 00:20:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 22 Oct 2024 00:05:40 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
119665
x-xss-protection
0
server
Google Tag Manager
Golden-SAML-image.png
www.cyberark.com/wp-content/uploads/2017/11/
68 KB
71 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/Golden-SAML-image.png
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf59b9c3eb9ce46a4fa0a9745ca1ffe227c94acb49dc5bcfc8a582c75c202b26
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5d72f385-1c8b3"
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
cf-polished
origFmt=png, origSize=116915
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/webp
content-disposition
inline; filename="Golden-SAML-image.webp"
vary
Accept
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dd9a11dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
69266
server
cloudflare
Image-1.jpg
www.cyberark.com/wp-content/uploads/2017/11/
55 KB
59 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/Image-1.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ae1d8ff559d265d54750e40737826960c9948d43edfb72b2d33c7fb2dcd3ebb
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5d72f385-1eba9"
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
cf-polished
qual=85, origFmt=jpeg, origSize=125865
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/webp
content-disposition
inline; filename="Image-1.webp"
vary
Accept
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dd9a17dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
56394
server
cloudflare
SAML-2.jpg
www.cyberark.com/wp-content/uploads/2017/11/
18 KB
22 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/SAML-2.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2f4e6e7c111bd008a79fa50a2f95fd41995df4f1995843910ff407c6e805f24
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5d72f385-6a7a"
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
cf-polished
degrade=85, origSize=27258, status=webp_bigger
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/jpeg
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dd9a19dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
18691
server
cloudflare
SAML-2-b.jpg
www.cyberark.com/wp-content/uploads/2017/11/
40 KB
43 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/SAML-2-b.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da9ff7b06912466abc8c42b979f84706ce896098ab9ea85e81258426db80fdb0
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5d72f385-c9d3"
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
cf-polished
degrade=85, origSize=51667, status=webp_bigger
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/jpeg
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dd9a1bdba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
40688
server
cloudflare
ADFS-Public-Certificate.jpg
www.cyberark.com/wp-content/uploads/2017/11/
12 KB
16 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/ADFS-Public-Certificate.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0055d15dc97d09fc7eed2789abfe2c3039920d83ee38d86f43d223a84b2d8fba
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-cache-status
MISS
etag
"5d72f385-3142"
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/jpeg
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dd9a1cdba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
12610
server
cloudflare
IdP-Name.jpg
www.cyberark.com/wp-content/uploads/2017/11/
2 KB
6 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/IdP-Name.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da70aaab22df021fab995b92d471f3e92495729f3c219f5d676c6cae8239b417
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5d72f385-300e"
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
cf-polished
qual=85, origFmt=jpeg, origSize=12302
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/webp
content-disposition
inline; filename="IdP-Name.webp"
vary
Accept
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dd9a1ddba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
2434
server
cloudflare
Role-name.jpg
www.cyberark.com/wp-content/uploads/2017/11/
3 KB
6 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/Role-name.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eee6eaf59f3744b188505112ab4f349b8a7bdb5a460a253042a55ce40373bf2f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5d72f385-31b3"
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
cf-polished
qual=85, origFmt=jpeg, origSize=12723
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/webp
content-disposition
inline; filename="Role-name.webp"
vary
Accept
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dd9a1edba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
2974
server
cloudflare
PS-aws.jpg
www.cyberark.com/wp-content/uploads/2017/11/
4 KB
8 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/PS-aws.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59a7a179044a073f8724448ebb09aef58d8874ffcbb4138c3f89482c3ea5db63
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5d72f385-366a"
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
cf-polished
qual=85, origFmt=jpeg, origSize=13930
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/webp
content-disposition
inline; filename="PS-aws.webp"
vary
Accept
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dd9a1fdba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
4146
server
cloudflare
PS-python.jpg
www.cyberark.com/wp-content/uploads/2017/11/
20 KB
24 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/PS-python.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19bb468ba17ea560dc3b738083bfdfbe55dea24abc35be5d6889d1bc2fd31182
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5d72f385-7d2d"
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=6G_cjHNfaL74vA05_z1_fBxhwrzO1DobMuEhD4lJQRw-1729556449-1.0.1.1-kEvbShSxxPrE9_BbKOylndFbv__8zehqQ2Xih6VPJRUgV6eH2tVtf4c8yXes2gX2u0B5qL_PXwH8AnUQznsn9yqsB2oauiWtmdzDLub3oQCXxUGDCn1.ZVmqolRPFatxahJPKed_uZJAxBY34L66R0IHAhArNFZczCv.z6nAVEo"}],"group":"cf-csp-endpoint","max_age":86400}
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
cf-polished
qual=85, origFmt=jpeg, origSize=32045
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/webp
content-disposition
inline; filename="PS-python.webp"
vary
Accept
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=6G_cjHNfaL74vA05_z1_fBxhwrzO1DobMuEhD4lJQRw-1729556449-1.0.1.1-kEvbShSxxPrE9_BbKOylndFbv__8zehqQ2Xih6VPJRUgV6eH2tVtf4c8yXes2gX2u0B5qL_PXwH8AnUQznsn9yqsB2oauiWtmdzDLub3oQCXxUGDCn1.ZVmqolRPFatxahJPKed_uZJAxBY34L66R0IHAhArNFZczCv.z6nAVEo; report-to cf-csp-endpoint
cf-ray
8d6552dd9a20dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
20136
server
cloudflare
operation-of-tool.jpg
www.cyberark.com/wp-content/uploads/2017/11/
32 KB
36 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2017/11/operation-of-tool.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfcf469c7a66c6b348b50f9cd98a103da4c6ba969f80fb88ee7fed530315b302
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj
imgq:85,h2pri
etag
"5d72f385-142b2"
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
cf-polished
qual=85, origFmt=jpeg, origSize=82610
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/webp
content-disposition
inline; filename="operation-of-tool.webp"
vary
Accept
last-modified
Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552dd9a21dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
33204
server
cloudflare
mediaproxy
content.cdntwrk.com/
7 KB
7 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2017%2F12%2FPredictions-e1513000344330.jpg&size=1&version=1718922359&sig=25183725287a8f589d78c190845ce651&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
0250e8c55348f0165caec330ed0138ccbb65cfe6535abc96fabea630163b3df1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
10605041
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
6908
x-amz-cf-id
EKzIuuYg_pPXeiAbuhAq38yV1_5lNeRyCMl6vTATzhrtgWvs9MwFEQ==
date
Fri, 21 Jun 2024 06:30:06 GMT
content-type
image/webp
content-disposition
inline; filename="Predictions-e1513000344330.webp"
last-modified
Fri, 21 Jun 2024 06:29:57 GMT
mediaproxy
content.cdntwrk.com/
6 KB
6 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2017%2F10%2Fplugin-e1508789670134.jpg&size=1&version=1718922359&sig=3d7223731d2f233e7c32519e60e21179&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
f7812c4e95ca8f1f951f6cdc39e851fa8495343245ee2679697ebdc2acbd76b7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
3079451
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
5812
x-amz-cf-id
_LQJP7lIkOHiagtqsReVvozXA5dI_utj8yUm1cuNW8ZeF0XCnSozOQ==
date
Mon, 16 Sep 2024 08:56:36 GMT
content-type
image/webp
content-disposition
inline; filename="plugin-e1508789670134.webp"
last-modified
Mon, 16 Sep 2024 08:56:27 GMT
mediaproxy
content.cdntwrk.com/
30 KB
31 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F08%2Fsecurity-analysis-of-azure.jpg&size=1&version=1724836584&sig=ce2a27c97cc205784185538023cbafcb&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
56a4c695b3c177ae27175aebb8c2a661ba15e626d4d9fcca1fd610e21947f8fb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
4719764
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
30906
x-amz-cf-id
yq04VVCboUnbfTk6ZZ4pMYzqm5H1Ytr4gmRCofiPgFKeaTFIIsfqjw==
date
Wed, 28 Aug 2024 09:18:04 GMT
content-type
image/webp
content-disposition
inline; filename="security-analysis-of-azure.webp"
last-modified
Wed, 28 Aug 2024 09:17:54 GMT
mediaproxy
content.cdntwrk.com/
103 KB
104 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F08%2Fai-treason.png&size=1&version=1724832176&sig=854985ddfaae3088b2e719f656c503dd&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
c927e5e6481bf7a50454e40f52e1d6a0384d68fc8c626778dc9f04273780aebd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
4724164
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
105636
x-amz-cf-id
E_t8MsJ5Vh8q92Vf0u8M43iT0pPgD0By8jaVoVahxfPQq-W3_flKTQ==
date
Wed, 28 Aug 2024 08:04:43 GMT
content-type
image/webp
content-disposition
inline; filename="ai-treason.webp"
last-modified
Wed, 28 Aug 2024 08:04:34 GMT
mediaproxy
content.cdntwrk.com/
18 KB
18 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Fbrief-history.jpg&size=1&version=1724832176&sig=ed4175d6fc08019d967e03d8edae399a&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
c5965d5d4043ea8e2514e8d8b488720375088fae0c54a112eb029e83def9c4b5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
4724082
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
18542
x-amz-cf-id
zy-1QU-282RWJ_blI_cyQsSd0S1j68dpv8yuHgN4WDHBzhKz06VB8A==
date
Wed, 28 Aug 2024 08:06:05 GMT
content-type
image/webp
content-disposition
inline; filename="brief-history.webp"
last-modified
Wed, 28 Aug 2024 08:05:55 GMT
mediaproxy
content.cdntwrk.com/
18 KB
18 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Fdouble-dipping-hero.jpg&size=1&version=1721914638&sig=3cdd00ffc171c6df7bbb7f6a3f9e756f&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
1055046717fb33ae9b9d0205f0c5242d99138168002d54ace053c07e49c97b27

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
7641600
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
18346
x-amz-cf-id
d2hIqYv77E4m-X2hyrl8WazwjZ3-sAPbgzrq3HaVUUBTuHgFRmj8lQ==
date
Thu, 25 Jul 2024 13:40:47 GMT
content-type
image/webp
content-disposition
inline; filename="double-dipping-hero.webp"
last-modified
Thu, 25 Jul 2024 13:40:38 GMT
mediaproxy
content.cdntwrk.com/
155 KB
155 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Flocal-privilege-escalation-vulnerability.png&size=1&version=1723021942&sig=4fae45bfb4adf70489250e22793e701c&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
2a3715832a93638fea5b7278a3ec48a129918aa31fc99603f0b7630e565edf6f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
6534347
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
158490
x-amz-cf-id
Ha-ZZvKlsBpD2l-MxMbrcNPYSxF9j-DaoU5Ql62GXraGRDnMHkHe-g==
date
Wed, 07 Aug 2024 09:15:00 GMT
content-type
image/webp
content-disposition
inline; filename="local-privilege-escalation-vulnerability.webp"
last-modified
Wed, 07 Aug 2024 09:14:50 GMT
mediaproxy
content.cdntwrk.com/
15 KB
15 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Fbypass-golang.jpg&size=1&version=1723019318&sig=5a3e1e48bbdb35e5985dfd5119f8eb85&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b5bb34030760357507f6f487e177477dbb8c7f671d2234ede059914a419a11

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
6536975
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
14880
x-amz-cf-id
5g6UsIbtJnTYttZwPvE3PJL_LNgIOVRtF_FN4mDB735uuCBqNlkeBg==
date
Wed, 07 Aug 2024 08:31:13 GMT
content-type
image/webp
content-disposition
inline; filename="bypass-golang.webp"
last-modified
Wed, 07 Aug 2024 08:31:03 GMT
mediaproxy
content.cdntwrk.com/
20 KB
20 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Fcurrentstate-ofobrowser-cookies.jpg&size=1&version=1724348512&sig=7e1b942a6fca792d513a415d1c7569e2&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
2023d576439d0a3c2f727055923e314484ca21b0790ac1bdfe2e8727723c39eb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
5207888
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
20556
x-amz-cf-id
I8lI0WJmKW5Bdy_sAWwIBHQr4ebopCI-fcKctH5jBtMFLxU3MQ9nKw==
date
Thu, 22 Aug 2024 17:42:39 GMT
content-type
image/webp
content-disposition
inline; filename="currentstate-ofobrowser-cookies.webp"
last-modified
Thu, 22 Aug 2024 17:42:29 GMT
mediaproxy
content.cdntwrk.com/
22 KB
22 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F06%2Fkeycloak-blog-hero.jpg&size=1&version=1720633182&sig=446bfb24fb8e212122fde96e0d8b7af6&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
524281b4e193562aa90fbd5101733e2738dd88d2171d4361f1b73b2e06a59bfe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
8923191
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
22218
x-amz-cf-id
qMwwk8hweOzsycsEyHjvh4cNlbwoz8Vc4JvYsiNg9ohfB73R-wsSlQ==
date
Wed, 10 Jul 2024 17:40:57 GMT
content-type
image/webp
content-disposition
inline; filename="keycloak-blog-hero.webp"
last-modified
Wed, 10 Jul 2024 17:40:47 GMT
mediaproxy
content.cdntwrk.com/
116 KB
116 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F05%2Fcreepy-bed.png&size=1&version=1719845022&sig=6530dded9453b2f389f8885cf04d80a0&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
e3a815612bbd1985cde65c5e4f47ca80ebdb95fb6166c59188d3b26c6df90e85

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
9710898
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
118588
x-amz-cf-id
Ip15vPiGYOcUuUpFRB-jLtEYvQN1OB8sHtStYOGvJvXKtIyKU88GQg==
date
Mon, 01 Jul 2024 14:52:29 GMT
content-type
image/webp
content-disposition
inline; filename="creepy-bed.webp"
last-modified
Mon, 01 Jul 2024 14:52:20 GMT
mediaproxy
content.cdntwrk.com/
122 KB
122 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F04%2Flinux-with-syzkaller.png&size=1&version=1723019440&sig=fc031b634965a4a77cea69f70ff2c5f4&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
ef66e9df572ace7075e22087a9df85a85a3fd11f165b4da3d7881813b9684ccf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
6536975
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
124726
x-amz-cf-id
1kd83bKVfciWGyeJuSrdbZMMZuWYhZw5tEbmzdCiBLBQWIokmXDltQ==
date
Wed, 07 Aug 2024 08:31:13 GMT
content-type
image/webp
content-disposition
inline; filename="linux-with-syzkaller.webp"
last-modified
Wed, 07 Aug 2024 08:31:03 GMT
mediaproxy
content.cdntwrk.com/
24 KB
24 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F03%2Fhero-labs-crumbled-security.jpg&size=1&version=1719543178&sig=eab423d3606b6a46f247e40b15bc3bc0&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
0623e10825f73d9189d396ac17783eccc55e05af0f92dd84422d2bb8522680ec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
10012261
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
24254
x-amz-cf-id
H9ptqUWLFG38YVb3LYdEeY3fJ8El9H77MxAd1BMvDx3ENdWAyXXXQw==
date
Fri, 28 Jun 2024 03:09:46 GMT
content-type
image/webp
content-disposition
inline; filename="hero-labs-crumbled-security.webp"
last-modified
Fri, 28 Jun 2024 03:09:37 GMT
mediaproxy
content.cdntwrk.com/
234 KB
235 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F02%2Fcosmos-millions-from-the-blockchain.png&size=1&version=1718922360&sig=f935bb8b13cf3c88fd05cea3350b8e96&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
67916d020980b0b2146bf72b94ac76ba8f60b7258a0c5613ee1b0fe8379ba24c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
10633495
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
239536
x-amz-cf-id
-lAmvh3XRNIkXd6S0Iq4MloewC8HplIG7bdjAjglnYUlpKyMdCcqUg==
date
Thu, 20 Jun 2024 22:35:52 GMT
content-type
image/webp
content-disposition
inline; filename="cosmos-millions-from-the-blockchain.webp"
last-modified
Thu, 20 Jun 2024 22:35:43 GMT
mediaproxy
content.cdntwrk.com/
6 KB
7 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F07%2Fdeep-dive-into-penetration-testing.jpg&size=1&version=1719516434&sig=570c075b3b5f08e0cf019cb834b95c03&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
8dd7a7eeccaaffd8a75ac8a2420ae500376d9f7f652dd8545deebd399bb96cfa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
10039908
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
6536
x-amz-cf-id
EvqfRXMI2S6leO7h2jHBBrWDgywvvh0uQnZD1zZCxlJ8sS1vx9sdfw==
date
Thu, 27 Jun 2024 19:28:59 GMT
content-type
image/webp
content-disposition
inline; filename="deep-dive-into-penetration-testing.webp"
last-modified
Thu, 27 Jun 2024 19:28:50 GMT
mediaproxy
content.cdntwrk.com/
142 KB
143 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F01%2Fransomware-playing-a-broken-game.png&size=1&version=1724348911&sig=fe7d371eff9e4e05df01e80c10b6fe45&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
d999840e4597740dd31ed034dca5776a96d92d556d9b30d442c903725a1dc21d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
5206019
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
145488
x-amz-cf-id
JcXKDvc_7WStJ_tEPwNv28Bwz3JIcmopqPEkNWN7T5lFgvArLdHS8A==
date
Thu, 22 Aug 2024 18:13:48 GMT
content-type
image/webp
content-disposition
inline; filename="ransomware-playing-a-broken-game.webp"
last-modified
Thu, 22 Aug 2024 18:13:39 GMT
mediaproxy
content.cdntwrk.com/
7 KB
7 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F12%2Fsafenet-banner.jpg&size=1&version=1718922360&sig=35b3e26671c9eb0ae5c3789bac60eac1&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
bce8ce0d0f68ceecff66a7d2a6c3dd78fce20c7595f4239a69909d7c5e2c363a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
10633489
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
7054
x-amz-cf-id
Ek6zcZFUCBFnVld-3Pt6X0bhcL9ylNLM33yRjaG7qe_qrY-PUZTXXQ==
date
Thu, 20 Jun 2024 22:35:59 GMT
content-type
image/webp
content-disposition
inline; filename="safenet-banner.webp"
last-modified
Thu, 20 Jun 2024 22:35:49 GMT
mediaproxy
content.cdntwrk.com/
142 KB
143 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F10%2Ffuzzer_v.png&size=1&version=1718922360&sig=1c809e82f72d641941ffd6b01d025980&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
ae4fae929c4bc4e4df1273de5c1a2cccc944b0741850a882711ddbe1c1a74250

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
10633488
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
145452
x-amz-cf-id
i9FmLW7anPTp5hckWDl5fuyzLtdppp3FlpR7hEZ2xozDvbMx1qmZZg==
date
Thu, 20 Jun 2024 22:35:59 GMT
content-type
image/webp
content-disposition
inline; filename="fuzzer_v.webp"
last-modified
Thu, 20 Jun 2024 22:35:49 GMT
mediaproxy
content.cdntwrk.com/
7 KB
8 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Fnvme.jpg&size=1&version=1718922360&sig=9c537939ec4791ea60bcda14e758b8b2&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
fe68ada9a3d8295f355417eee75328dc8b09a238e2a2cf2dcbb738d4e5ddc511

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
10633486
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
7518
x-amz-cf-id
UyJpyUErCXNEAljyecOyUy1ReLe89CV9FDDi_He6BLt88HLWJIaFVw==
date
Thu, 20 Jun 2024 22:36:02 GMT
content-type
image/webp
content-disposition
inline; filename="nvme.webp"
last-modified
Thu, 20 Jun 2024 22:35:52 GMT
mediaproxy
content.cdntwrk.com/
12 KB
12 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Ffantastic-rootkits.jpg&size=1&version=1718922360&sig=775691fe9dbc60caf5bfad4fd64a4086&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
ad48841a67a5fe1429379e173147275e4e87794f01df53c9ec53257ebd3b1042

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
10633486
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
12384
x-amz-cf-id
lR0hXd7AlpXCe9m-h561pSJSQiYE-g8Tlb14r6H9Q7SlkvC_ZNkL3Q==
date
Thu, 20 Jun 2024 22:36:02 GMT
content-type
image/webp
content-disposition
inline; filename="fantastic-rootkits.webp"
last-modified
Thu, 20 Jun 2024 22:35:52 GMT
mediaproxy
content.cdntwrk.com/
6 KB
7 KB
Image
General
Full URL
https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F07%2Fdeep-dive-into-penetration-testing.jpg&size=1&version=1718922360&sig=38e5c710cb733305b6971d990596056f&default=hubs%2Ftilebg-blogs.jpg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
8dd7a7eeccaaffd8a75ac8a2420ae500376d9f7f652dd8545deebd399bb96cfa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=1234567890
age
10633493
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
6536
x-amz-cf-id
zae60gqYQSMfhxxVYf6XbbWsMELIjGEVQ2xWWDO5TYHxSUy3fe0oGg==
date
Thu, 20 Jun 2024 22:35:54 GMT
content-type
image/webp
content-disposition
inline; filename="deep-dive-into-penetration-testing.webp"
last-modified
Thu, 20 Jun 2024 22:35:45 GMT
email-decode.min.js
www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
791 B
Script
General
Full URL
https://www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"670fb497-4d7"
x-content-type-options
nosniff
cf-ray
8d6552dc489cdba1-FRA
expires
Thu, 24 Oct 2024 00:20:48 GMT
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 12:41:59 GMT
vary
Accept-Encoding
server
cloudflare
x-frame-options
DENY
hubs_app.d9fdeb361862fc14a04f.js
content.cdntwrk.com/js/hubs/
817 KB
245 KB
Script
General
Full URL
https://content.cdntwrk.com/js/hubs/hubs_app.d9fdeb361862fc14a04f.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
37e95127d694d4e83ae2a63427d36108b85d8f116879c790c506a4f9dee75199

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age
0
content-encoding
gzip
etag
W/"76f576d4a665a073e2c3aa2714058e8e"
age
589718
access-control-allow-methods
GET, HEAD
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
XzyRWFc3_eSQ0_KaMSBBCYXiGKG8XCXwkNXylpCp4mZH1IQczjojBw==
date
Tue, 15 Oct 2024 04:32:11 GMT
content-type
application/javascript
vary
Accept-Encoding
last-modified
Mon, 07 Oct 2024 16:51:56 GMT
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
en.bundle.js
cihost.uberflip.com/cyberArk/master/build/en/
297 KB
86 KB
Script
General
Full URL
https://cihost.uberflip.com/cyberArk/master/build/en/en.bundle.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca82fdebe02da89a7878f169d27eda219b2034e7dd55a52acc4b6c47327b64e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

vary
Accept-Encoding
content-encoding
gzip
x-amz-meta-s3cmd-attrs
atime:1719348515/ctime:1719348515/gid:127/gname:docker/md5:afa69e89aefa16fe8d5c324f36a2a613/mode:33188/mtime:1719348515/uid:1001/uname:runner
etag
W/"afa69e89aefa16fe8d5c324f36a2a613"
age
81137
via
1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
ueBM5OkUCsob1oV9Xbbr5y71U2TqOPjfi2XAvnThusdK-CYeojD9bQ==
date
Mon, 21 Oct 2024 01:48:31 GMT
content-type
text/javascript
last-modified
Tue, 25 Jun 2024 20:48:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
sha256.min.js
cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/
9 KB
4 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/sha256.min.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03ec6-2339"
age
439047
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RmF31bV9cmed3uDXsUSGcwYSCsF%2FraZsmsOFFIOeu%2FPjDx2O9K4RiQweSQPzegHG6FnCqwPDzphx0zVmh%2FgQbE4ST4aMFj7UB9WPs4NU1WzjI11VxpQOLjr6S9lCfYvrgTrclX%2BrhmEhpTwXg3scWKWb"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 12 Oct 2025 00:20:48 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:11:50 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d6552ddca7d9f40-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
2977
server
cloudflare
External-darkblue.svg
www.cyberark.com/wp-content/uploads/2021/01/
952 B
4 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2021/01/External-darkblue.svg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f150486021d4182821249f13273a7a87862756e2b021e3d19121aaae6a2e09d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"60072571-3b8"
age
1794672
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/svg+xml
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Tue, 19 Jan 2021 18:31:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552de5ac8dba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin
*
server
cloudflare
cyberark-logo-dark.svg
www.cyberark.com/wp-content/uploads/2021/01/
4 KB
5 KB
Image
General
Full URL
https://www.cyberark.com/wp-content/uploads/2021/01/cyberark-logo-dark.svg
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67e2f25233ffe02ea0a70301e7440e6371d8943ca3f759b1d128b590e7e9419b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"60d5d6b4-f6a"
age
1793855
x-content-type-options
nosniff
expires
Wed, 22 Oct 2025 00:20:49 GMT
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/svg+xml
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified
Fri, 25 Jun 2021 13:14:28 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control
public, max-age=31536000
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d6552de5acadba1-FRA
permissions-policy
midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin
*
server
cloudflare
css2
fonts.googleapis.com/
11 KB
802 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=DM+Sans:ital,opsz,wght@0,9..40,100..1000;1,9..40,100..1000&family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700&display=swap
Requested by
Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5b637e98e4790e5e42030aacdedaefcfdfaaa725e6d3caa64c8670045517a35a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Tue, 22 Oct 2024 00:20:48 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css
fonts.googleapis.com/
29 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap
Requested by
Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
688d6577ebeea79fd6e9ab9d09f9ac69a2cca4e6f2060776e9326aba482176bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Mon, 21 Oct 2024 23:02:43 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css2
fonts.googleapis.com/
676 KB
180 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@100;300;400;500;700;900&display=swap
Requested by
Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
27983c8670fbfe01d17c2a0fdd22394e69589bc13e249015da683900010d8b92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:48 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Tue, 22 Oct 2024 00:07:18 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
ajax_ping
www.cyberark.com/resources/hubsFront/
49 B
342 B
XHR
General
Full URL
https://www.cyberark.com/resources/hubsFront/ajax_ping
Requested by
Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.d9fdeb361862fc14a04f.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self' https://www.cyberark.com/
content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
unsafe-url
cf-ray
8d6552df6c47dba1-FRA
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date
Tue, 22 Oct 2024 00:20:49 GMT
x-xss-protection
1; mode=block
content-type
application/json
content-language
en
server
cloudflare
x-frame-options
DENY
stats_temp_item_609327918x82031fb193d58aa563c3e0ede71ad00183b5b096fd533ba5f0c0edf0dc4e94061729556448946841d422cabd28ade3e68ef4888b4cbc525720a5ccf930b26da1879712ceae
www.cyberark.com/resources/hubsFront/signalMetricsTemp/
0
178 B
Image
General
Full URL
https://www.cyberark.com/resources/hubsFront/signalMetricsTemp/stats_temp_item_609327918x82031fb193d58aa563c3e0ede71ad00183b5b096fd533ba5f0c0edf0dc4e94061729556448946841d422cabd28ade3e68ef4888b4cbc525720a5ccf930b26da1879712ceae?t=1729556449169
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self' https://www.cyberark.com/
content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
unsafe-url
cf-ray
8d6552df7c5ddba1-FRA
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date
Tue, 22 Oct 2024 00:20:49 GMT
x-xss-protection
1; mode=block
content-type
text/html; charset=UTF-8
content-language
en
server
cloudflare
x-frame-options
DENY
tag.aspx
ml314.com/
38 KB
13 KB
Script
General
Full URL
https://ml314.com/tag.aspx?229
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=6sDw2Q==, md5=YyYW/xWCXwMKqzORpY7wQg==
content-encoding
br
age
1878
x-goog-stored-content-encoding
identity
x-cache-hit
hit
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
39162
date
Mon, 21 Oct 2024 23:49:31 GMT
last-modified
Wed, 24 Jul 2024 19:30:50 GMT
content-type
application/javascript
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY3b4bR57eDeUsQGL9JOa_eBpdoEcGAALfIdbwz-hdWn0ySKRfGkJvo91vw3hDaJV4jHEIg
cache-control
public,max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
cache-id
FRA
accept-ranges
bytes
x-goog-generation
1721849450340665
content-length
12522
server
UploadServer
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-137-224.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Content-Encoding
gzip
ETag
"cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
729
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date
Tue, 22 Oct 2024 00:20:49 GMT
Content-Type
application/x-javascript
Last-Modified
Fri, 17 Mar 2023 01:24:48 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
sprite-1x.png
content.cdntwrk.com/img/hubs/
59 KB
59 KB
Image
General
Full URL
https://content.cdntwrk.com/img/hubs/sprite-1x.png
Requested by
Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a249bcffb2d8e92a3bdff919def43b14841803ad93b80ffa864db1090e007594

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css

Response headers

access-control-max-age
0
etag
"9e7227669aa01cd19bcc27e802668929"
age
241828
access-control-allow-methods
GET, HEAD
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
VQD_9XxRPS2QcND49R1nTPd5Xp5zTOyg3-u31LJP0VsEjWC-9D8slw==
date
Sat, 19 Oct 2024 05:10:22 GMT
content-type
image/png
vary
Accept-Encoding
last-modified
Mon, 07 Oct 2024 16:51:54 GMT
via
1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
60511
x-amz-cf-pop
FRA56-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
truncated
/
43 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
uparrow.png
content.cdntwrk.com/img/hubs/
194 B
545 B
Image
General
Full URL
https://content.cdntwrk.com/img/hubs/uparrow.png
Requested by
Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1fb7ee27fdfb34869f89aa51d9af1cf86ecc6800ab591ec3ca78f155742200b2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css

Response headers

access-control-max-age
0
etag
"e5bbd7205c8f2ff1cd6c9f777f31da64"
age
257610
access-control-allow-methods
GET, HEAD
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
yKTx_PfCJvgYz0EMWjFZakYj-3hLgVvZEzeDy_20HsjCxj6AzeZTCQ==
date
Sat, 19 Oct 2024 01:16:52 GMT
content-type
image/png
vary
Accept-Encoding
last-modified
Mon, 07 Oct 2024 16:51:54 GMT
via
1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
194
x-amz-cf-pop
FRA56-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v17/
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/titilliumweb/v17/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:ital,opsz,wght@0,9..40,100..1000;1,9..40,100..1000&family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://fonts.googleapis.com/

Response headers

age
13382
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 21 Oct 2025 20:37:47 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 21 Oct 2024 20:37:47 GMT
last-modified
Thu, 24 Aug 2023 20:30:13 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
12372
x-xss-protection
0
server
sffe
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/webfonts/
153 KB
153 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae17c16afbea216707b2203ea1cf9bdb45b9bfe47d0f4ae3258ddbc6294dd02f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css

Response headers

cf-cdnjs-via
cfworker/kv
cf-cache-status
HIT
etag
"660cc074-262f0"
age
9610
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFQsWErI2cMoArUHXkywx7zc9rQkoccfrWxk5qFwtiYbyvjURIzBq%2FgT9gj%2FJXNbqhjp0daiAheXAILd%2B8lXWsfNKDlcr9Rl5wIdThN11ix%2Frg4rlcfeaeq9cA0KkX0asZZodu9SFEfA4qbFJjHlNfav"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 12 Oct 2025 00:20:49 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/octet-stream; charset=utf-8
last-modified
Wed, 03 Apr 2024 02:35:32 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d6552e01825d350-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
156400
server
cloudflare
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/
47 KB
47 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://fonts.googleapis.com/

Response headers

age
8486
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 21 Oct 2025 21:59:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 21 Oct 2024 21:59:23 GMT
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
48236
x-xss-protection
0
server
sffe
rP2Hp2ywxg089UriCZOIHQ.woff2
fonts.gstatic.com/s/dmsans/v15/
61 KB
61 KB
Font
General
Full URL
https://fonts.gstatic.com/s/dmsans/v15/rP2Hp2ywxg089UriCZOIHQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:ital,opsz,wght@0,9..40,100..1000;1,9..40,100..1000&family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
177628e7287755e9c42cb9adcee0d7b59183e2c1c9480a047005b39d806089c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://fonts.googleapis.com/

Response headers

age
563055
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 15 Oct 2025 11:56:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 15 Oct 2024 11:56:34 GMT
last-modified
Thu, 21 Mar 2024 23:58:50 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
62792
x-xss-protection
0
server
sffe
FontAwesome6Pro-Light.woff2
cihost.uberflip.com/cyberArk/master/build/fonts/
335 KB
336 KB
Font
General
Full URL
https://cihost.uberflip.com/cyberArk/master/build/fonts/FontAwesome6Pro-Light.woff2
Requested by
Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
33bfff284b4455e2dd459c4bf0e6076a5fe5f8632b42b8ccd2dd5a0d55dbcfbb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

etag
"c20e0f2006126b2025f47c77e1d5ee51"
age
67710
access-control-allow-methods
GET, HEAD
x-cache
Hit from cloudfront
x-amz-cf-id
eziLHvj9d-7gFCva0F9-oMBWi0gG8gAG-ds6Wm6BPfwi2X1xzMYNfg==
date
Mon, 21 Oct 2024 05:32:20 GMT
content-type
font/woff2
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified
Mon, 24 Jun 2024 06:06:57 GMT
x-amz-meta-s3cmd-attrs
atime:1719209208/ctime:1719209208/gid:127/gname:docker/md5:c20e0f2006126b2025f47c77e1d5ee51/mode:33188/mtime:1719209208/uid:1001/uname:runner
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
343492
x-amz-cf-pop
FRA2-C1
server
AmazonS3
x-amz-server-side-encryption
AES256
fontawesome-webfont.woff2
cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/fonts/
75 KB
76 KB
Font
General
Full URL
https://cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

etag
"af7ae505a9eed503f8b8e6982036873e"
age
83446
access-control-allow-methods
GET, HEAD
x-cache
Hit from cloudfront
x-amz-cf-id
IVNPx3k1s3NDyK5xVBfwmBEdfZg6ofERCp1Ngb2a2YDYy3xjk2SWtw==
date
Mon, 21 Oct 2024 01:10:04 GMT
content-type
binary/octet-stream
last-modified
Wed, 27 Jan 2021 17:56:57 GMT
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-meta-s3cmd-attrs
atime:1611770160/ctime:1611770160/gid:117/gname:docker/md5:af7ae505a9eed503f8b8e6982036873e/mode:33188/mtime:1611770160/uid:1001/uname:runner
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
77160
x-amz-cf-pop
FRA2-C1
server
AmazonS3
372722_2_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/
25 KB
26 KB
Font
General
Full URL
https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_2_unhinted_0.woff2
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://www.cyberark.com/

Response headers

etag
"83914a011477cb60998949144e2ac5aa"
age
83446
access-control-allow-methods
GET, HEAD
x-cache
Hit from cloudfront
x-amz-cf-id
KEJcwZzmPfh8lRpcBueq5R2Ta7QiaLimQ71fFVHeBi_UX4kENQkOEQ==
date
Mon, 21 Oct 2024 01:10:04 GMT
content-type
binary/octet-stream
last-modified
Wed, 27 May 2020 16:17:01 GMT
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-meta-s3cmd-attrs
atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:83914a011477cb60998949144e2ac5aa/mode:33188/mtime:1590596208/uid:1001/uname:runner
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
26033
x-amz-cf-pop
FRA2-C1
server
AmazonS3
372722_4_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/
25 KB
25 KB
Font
General
Full URL
https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_4_unhinted_0.woff2
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://www.cyberark.com/

Response headers

etag
"da77e86db861301f9320c467d834e649"
age
83446
access-control-allow-methods
GET, HEAD
x-cache
Hit from cloudfront
x-amz-cf-id
PQ9UzTiv0ErOFXPslHxjJ2Zb5MYt5mr1oy2SkUeqPFKJ4Gwnn-XFAA==
date
Mon, 21 Oct 2024 01:10:04 GMT
content-type
binary/octet-stream
last-modified
Wed, 27 May 2020 16:17:01 GMT
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-meta-s3cmd-attrs
atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:da77e86db861301f9320c467d834e649/mode:33188/mtime:1590596208/uid:1001/uname:runner
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
25237
x-amz-cf-pop
FRA2-C1
server
AmazonS3
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/
63 KB
63 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-brands-400.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Response headers

cf-cdnjs-via
cfworker/kv
cf-cache-status
HIT
etag
"5eb03e60-fa90"
age
437708
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1zNVKxkJw3P%2BDStKFQeExHS1d9rSw6ojjSlqcTUS9Kz6V%2F475%2BK%2BQyNGyd2TKSJKywEFEdGhU1v1xEfogSsXDW1thb7iZfiK8rh0vbmLAV3sXVv4KYSTAE4bAB3q3fmHMMcCmsQSm6MPzgusI%2ByfyLsR"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 12 Oct 2025 00:20:49 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/octet-stream; charset=utf-8
last-modified
Mon, 04 May 2020 16:10:08 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d6552e01827d350-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
64144
server
cloudflare
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/
61 KB
62 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Response headers

cf-cdnjs-via
cfworker/kv
cf-cache-status
HIT
etag
"5eb03e60-f408"
age
1102570
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8VQjwu5Fe7JIql8Lo88X74dEL4TxY7gV7438MVbFbkus6KbsAJXipY3EZR1u1Nmc5kp1wJSg9IubP%2FwHHc8eRJLIFTFu7e8b7dJ2WxL4EmjfacZPwwCUuBmKdYQNqClvHeZyuce2v5SrWRQpxVB4UKmo"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 12 Oct 2025 00:20:49 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/octet-stream; charset=utf-8
last-modified
Mon, 04 May 2020 16:10:08 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d6552e01828d350-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
62472
server
cloudflare
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/
24 KB
24 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://fonts.googleapis.com/

Response headers

age
6013
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 21 Oct 2025 22:40:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 21 Oct 2024 22:40:36 GMT
last-modified
Thu, 14 Dec 2023 02:04:54 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
24984
x-xss-protection
0
server
sffe
aHViPTEwODU0MCZjbWQ9YmFja2dyb3VuZF9pbWFnZSZ2ZXJzaW9uPTE3MTg3NzAxMDMmc2lnPTZiMjEwNzkxYWUwNDc5NGRjMjRkYmM3YjBhOTVkNzM1
content.cdntwrk.com/files/
20 KB
21 KB
Image
General
Full URL
https://content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9YmFja2dyb3VuZF9pbWFnZSZ2ZXJzaW9uPTE3MTg3NzAxMDMmc2lnPTZiMjEwNzkxYWUwNDc5NGRjMjRkYmM3YjBhOTVkNzM1
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
a36681fe4fd06eb0856952cddb2047065db39f00e819dbf0e9715540083f8198

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=15552000
etag
"1613686879-be99bf6a6e12dc968d17e108eb199e37"
age
10785219
via
1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
TMv5DZ6KdqnAO95RoQG2IEnqOfzJ5Z73_Im0WsZNwqIWzZ05X2QA3Q==
date
Wed, 19 Jun 2024 04:27:10 GMT
content-type
image/webp
content-disposition
inline; filename="background_image.webp"
last-modified
Thu, 18 Feb 2021 22:21:19 GMT
372722_1_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/
25 KB
26 KB
Font
General
Full URL
https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_1_unhinted_0.woff2
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d4761d421bbf2f059126b9ce4f5e0a9f7bc83b046a58162780a2b9c3ab8c9a56

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://www.cyberark.com/

Response headers

etag
"0601eae673330329b340003d42fc1c36"
age
67094
access-control-allow-methods
GET, HEAD
x-cache
Hit from cloudfront
x-amz-cf-id
vz2J4PA84WEFB6tYeu7yB9rt8Gv6-iXYrRafntlQ3csrDNZ2N7nJsA==
date
Mon, 21 Oct 2024 05:42:36 GMT
content-type
binary/octet-stream
last-modified
Wed, 27 May 2020 16:17:01 GMT
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-meta-s3cmd-attrs
atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:0601eae673330329b340003d42fc1c36/mode:33188/mtime:1590596208/uid:1001/uname:runner
via
1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
26041
x-amz-cf-pop
FRA2-C1
server
AmazonS3
ajax_updateMAPUsers
www.cyberark.com/resources/hubsFront/
126 B
188 B
XHR
General
Full URL
https://www.cyberark.com/resources/hubsFront/ajax_updateMAPUsers
Requested by
Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.d9fdeb361862fc14a04f.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b98e0f76f97857fce1b3fbd8e9ed5775988e85fffd71dcc2422f8d012378ea34
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self' https://www.cyberark.com/
content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
unsafe-url
cf-ray
8d6552e04d4ddba1-FRA
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date
Tue, 22 Oct 2024 00:20:49 GMT
x-xss-protection
1; mode=block
content-type
application/json
content-language
en
server
cloudflare
x-frame-options
DENY
NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v17/
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:ital,opsz,wght@0,9..40,100..1000;1,9..40,100..1000&family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://fonts.googleapis.com/

Response headers

age
548239
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 15 Oct 2025 16:03:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 15 Oct 2024 16:03:30 GMT
last-modified
Thu, 24 Aug 2023 20:48:16 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
11796
x-xss-protection
0
server
sffe
fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/webfonts/
115 KB
116 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/webfonts/fa-brands-400.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
232c6f6a7678304f9efaa26f30b1610debc2ba9f4cd636b5e6751c8d73761b92
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css

Response headers

cf-cdnjs-via
cfworker/kv
cf-cache-status
HIT
etag
"660cc074-1cc5c"
age
441844
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2FXNuG%2FfVM9wB4%2FFJIBxn2UUP%2FviA8KjEhhHLnas4IK480KHmbrBuLN2RW3kiCzZuNRS82vr2pHMP8WiZkjpRl%2Bl0WWFQXpueH2FQBTY5V%2BBiklPlRudH6gDVMd3p9OvwB06Q3g5FM9tNrZiijvjmU2o"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Sun, 12 Oct 2025 00:20:49 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/octet-stream; charset=utf-8
last-modified
Wed, 03 Apr 2024 02:35:32 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d6552e078b3d350-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
117852
server
cloudflare
id
dpm.demdex.net/
367 B
916 B
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=9AB97041603F3EDB0A495C66%40AdobeOrg&d_nsid=0&ts=1729556449421
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.48.129.25 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-129-25.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
f5c6d1a4a78814a5c7684cfb348d04091c496cc2e9520d8f41741a3cf2c37e91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-1-v067-01b150888.edge-irl1.demdex.com 2 ms
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
x-tid
Wf2h5wkzSi8=
expires
Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin
https://www.cyberark.com
content-length
310
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/json;charset=utf-8
vary
Origin
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/
35 KB
13 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"d8232f86c8016a8e0acaa7ecfdf72b3e:1722493571.189276"
expires
Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.cyberark.com
content-length
13012
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/x-javascript
last-modified
Thu, 01 Aug 2024 06:26:11 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"bb4b6453e3ab80111a2b227318d22efb:1722493571.614634"
expires
Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.cyberark.com
content-length
1597
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/x-javascript
last-modified
Thu, 01 Aug 2024 06:26:11 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
ct
obs.segreencolumn.com/
4 KB
2 KB
Script
General
Full URL
https://obs.segreencolumn.com/ct?id=45375&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1729556449519&hl=2&op=0&ag=566412661&rand=5386097295211887951718710607811673526831611289046122028058081372299600061500226188700&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDY3MzZdLFsiYWJuY2giLDE3XSxbLTE0LCItIl0sWy0xNiwiMCJdLFstNjcsIi0iXSxbLTcxLCJhMDExMDAxMDEwMDEwMDEwMTAwMDEwMTAwMTExMTEwMTAwMDAxMCJdLFstMTAsIi0iXSxbLTEyLCJudWxsIl0sWy0zNiwiW1wiNC8zXCIsXCI0LzNcIl0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsNSx0cnVlLHRydWUsbnVsbCwwLHRydWUsdHJ1ZV0iXSxbLTQ0LCIwLDAsMCw1Il0sWy02NiwiZ2VvbG9jYXRpb24sY2h1YWZ1bGx2ZXJzaW9ubGlzdCxjcm9zc29yaWdpbmlzb2xhdGVkLHNjcmVlbndha2Vsb2NrLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LHNoYXJlZHN0b3JhZ2VzZWxlY3R1cmwsY2h1YWFyY2gsY29tcHV0ZXByZXNzdXJlLGNocHJlZmVyc3JlZHVjZWR0cmFuc3BhcmVuY3ksdXNiLGNoc2F2ZWRhdGEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUsc2hhcmVkc3RvcmFnZSxydW5hZGF1Y3Rpb24sY2h1YWZvcm1mYWN0b3JzLGNoZG93bmxpbmssb3RwY3JlZGVudGlhbHMscGF5bWVudCxjaHVhLGNodWFtb2RlbCxjaGVjdCxhdXRvcGxheSxjYW1lcmEscHJpdmF0ZXN0YXRldG9rZW5pc3N1YW5jZSxhY2NlbGVyb21ldGVyLGNodWFwbGF0Zm9ybXZlcnNpb24saWRsZWRldGVjdGlvbixwcml2YXRlYWdncmVnYXRpb24saW50ZXJlc3Rjb2hvcnQsY2h2aWV3cG9ydGhlaWdodCxsb2NhbGZvbnRzLGNodWFwbGF0Zm9ybSxtaWRpLGNodWFmdWxsdmVyc2lvbix4cnNwYXRpYWx0cmFja2luZyxjbGlwYm9hcmRyZWFkLGdhbWVwYWQsZGlzcGxheWNhcHR1cmUsa2V5Ym9hcmRtYXAsam9pbmFkaW50ZXJlc3Rncm91cCxjaHdpZHRoLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24sYnJvd3Npbmd0b3BpY3MsZW5jcnlwdGVkbWVkaWEsZ3lyb3Njb3BlLHNlcmlhbCxjaHJ0dCxjaHVhbW9iaWxlLHdpbmRvd21hbmFnZW1lbnQsdW5sb2FkLGNoZHByLGNocHJlZmVyc2NvbG9yc2NoZW1lLGNodWF3b3c2NCxhdHRyaWJ1dGlvbnJlcG9ydGluZyxmdWxsc2NyZWVuLGlkZW50aXR5Y3JlZGVudGlhbHNnZXQscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGhpZCxjaHVhYml0bmVzcyxzdG9yYWdlYWNjZXNzLHN5bmN4aHIsY2hkZXZpY2VtZW1vcnksY2h2aWV3cG9ydHdpZHRoLHBpY3R1cmVpbnBpY3R1cmUsbWFnbmV0b21ldGVyLGNsaXBib2FyZHdyaXRlLG1pY3JvcGhvbmUiXSxbLTgsIi0iXSxbLTEzLCItIl0sWy0zMywiLSJdLFstNDAsIjMzIl0sWy00MywiMDAwMDAwMDEwMTAwMDAwMTAwMTExMDExMDAxMDExMDEwMDAwMDEwIl0sWy01MiwiLSJdLFstNTMsIjEwMCJdLFstNjIsIjgwIl0sWy02NCwiWzAsXCJcIixbXV0iXSxbLTUsIi0iXSxbLTYsIntcIndcIjpbXCIxXCIsXCIyXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMzAsIltcInZcIiwwXSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy01NywiV0UwWlYxeE9jVmhYWFZWY1N4Y0ZXbFpVU1V4TlhGMEhHV0pZU2hsWVNVbFZRR1FaRVZ4UFdGVVpXRTBaQlZoWFZsZEFWRlpNU2djWkVRTU9Bd2dNQ1FvSkFSQVZHUVZZVjFaWFFGUldURW9IQXdnQkF3b0pFQlZZVFJsNFMwdFlRQmRLWEJrUlVVMU5TVW9ERmhaV1d4ZEtYRjVMWEZ4WFdsWlZURlJYRjFwV1ZCWlFGZ0VOV2w4S0NROExYd0FCV2x0WVd3QUFEVjBQQ2dCWUFBNE1Xd3NPQUFGY0YxTktBd2dERHdFSUNna1FGVmhOR1VzWkVWRk5UVWxLQXhZV1Zsc1hTbHhlUzF4Y1YxcFdWVXhVVnhkYVZsUVdVQllCRFZwZkNna1BDMThBQVZwYldGc0FBQTFkRHdvQVdBQU9ERnNMRGdBQlhCZFRTZ01JQXc0TERnPT0iXSxbLTIxLCItIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTQxLCItIl0sWy00NywiRXVyb3BlL0JlcmxpbixkZSxsYXRuLGdyZWdvcnkiXSxbLTU0LCJ7XCJoXCI6W1wiMzU3NDQwNzAwN1wiLFwiMjc4ODU0MDQ1NVwiLFwiXzNcIixcIjI4NzI4OTkzMjBcIixcIjM2ODAzNzc5OTJcIixcIjc1MDU2Mjc0MlwiXSxcImRcIjpbXSxcImJcIjpbXSxcInNcIjoxfSJdLFstNjEsIntcIndnc2xcIjpcIjQ7cGFja2VkXzR4OF9pbnRlZ2VyX2RvdF9wcm9kdWN0O3VucmVzdHJpY3RlZF9wb2ludGVyX3BhcmFtZXRlcnM7cG9pbnRlcl9jb21wb3NpdGVfYWNjZXNzO3JlYWRvbmx5X2FuZF9yZWFkd3JpdGVfc3RvcmFnZV90ZXh0dXJlcztcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiaW50ZWwgaW5jLlwiLFwiclwiOlwiaW50ZWwgaXJpcyBvcGVuZ2wgZW5naW5lXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjUsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjoxOTMwODIwMjc5LFwic2VjXCI6XCJcIn0iXSxbMzcsIlszMzE2MjI0MDQ5LGZ1bmN0aW9uKG5ld1ZhbHVlKSB7XG4gICAgICAgICAgICAgIGFkZENvbnRlbnRXaW5kb3dQcm94eSh0aGlzKVxuICAgICAgICAgICAgICAvLyBSZXNldCBwcm9wZXJ0eSwgdGhlIGhvb2sgaXMgb25seSBuZWVkZWQgb25jZVxuICAgICAgICAgICAgICBPYmplY3QuZGVmaW5lUHJvcGVydHkoaWZyYW1lLCAnc3JjZG9jJywge1xuICAgICAgICAgICAgICAgIGNvbmZpZ3VyYWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgd3JpdGFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHZhbHVlOiBfc3JjZG9jXG4gICAgICAgICAgICAgIH0pXG4gICAgICAgICAgICAgIF9pZnJhbWUuc3JjZG9jID0gbmV3VmFsdWVcbiAgICAgICAgICAgIH1dIl0sWy00LCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W1widGl0bGVcIixcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIixcInR3aXR0ZXI6dGl0bGVcIixcInR3aXR0ZXI6ZGVzY3JpcHRpb25cIl19Il0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMzEsImZhbHNlIl0sWy0zMiwiLSJdLFstNDUsIjYyMCw2NzcsMCwwLDAsNTYyLDAsMCw2NDgsMCwwLDAsMCwwLDAsMCwwLDAsMCw2ODQsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTUwLCItIl0sWy01NSwiMSJdLFstNTksImRlZmF1bHQiXSxbLTYwLDIwN10sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy03LCItIl0sWy0yMywiKyJdLFstMjksIi0iXSxbLTM4LCJsLC0xLC0xLDEsMCwwLDAsOCw5NywzODQsLTEsMCwxMjk3LjUsMTI5Ny41LDE0NDgsMTQ0OCJdLFstMiwiNyxlQUhXWDEvZjNxekN2Ymt1eW1Rd2dsSWFGM3BJc2dJSWpTUSs4aUtncUkwb3NJQWlwRkVFUVJJa1VnZEVRUXBVb0pTQXRDQXFTSDlHeXk3WldaK2VyL2QrZTkyYndzQ1NELzFlIl0sWy0xNSwiLSJdLFstNDgsIjAsMCJdLFstNTEsIi0iXSxbLTYzLCIwIl0sWy05LCIrIl0sWy0xNywiMjQiXSxbLTE5LCJbMTE3MCwxNTcwLDExNzAsMTU3MCwwLDAsMSwyNCwyNCxcIi1cIiwxNjAwLDEyMDAsMTYwMCwxMjAwLDE2MDAsMTI4NSwxNjAwLDEyMDAsMCwwLDAsMCxcIi1cIixcIi1cIiwxNjAwLDEyMDBdIl0sWy0yNSwiLSJdLFstMjcsIls1MCwxMCwwLFwiNGdcIixudWxsXSJdLFstMzQsIi0iXSxbLTM1LCJbMTcyOTU1NjQ0OTQ5OCwtMl0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy00NiwiMCJdLFstNzAsIi0iXSxbLTE4LCJbMCwwLDAsMV0iXSxbLTU4LCItIl0sWy02NSwiLSJdLFstNjksIkxpbnV4IHg4Nl82NHxHb29nbGUgSW5jLnw4fDI0fHwwIl0sWyJibmNoIiwyNTBdLFstMSwiLSJdLFstMjAsIi0iXSxbLTI0LCJbXSJdLFstMjYsIntcInRqaHNcIjoxOTY0MzI5NyxcInVqaHNcIjoxNjQ4MTE2MSxcImpoc2xcIjo0Mjk0NzA1MTUyfSJdLFstNDksIi0iXSxbLTY4LCItIl0sWyJkZGIiLCIwLDcsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCw5LDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDIsNiwwLDAsMCwxLDEsMCwxLDAsMSwwLDAsMCwxLDAsNSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbImNiIiwiMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsNSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCw4LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMSwwLDMsMSwwLDAsMCwwLDAsMCwxLDAsMSJdXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=S3suAbMrUU&pto=1490&ver=62&gac=-&mei=&ap=&fe=1&duid=1.1729556449.oyQePtFo1CuwwOkR&suid=1.1729556449.oRaS1qqnwi1C7ier&tuid=1.1729556449.kRHq2V0CaTHVjFND&fbc=-&gtm=W10%3D&it=72%2C484%2C619&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by
Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
9d9bceae4048b57ba01c25f2fdba932a9936f9ed3e7e43aabc1e463856c00db4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
https://www.cyberark.com
content-encoding
gzip
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
content-length
1445
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
text/javascript
RCaadfaa88901e4f0e8cbb8050b0941051-source.min.js
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/
538 B
583 B
Script
General
Full URL
https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RCaadfaa88901e4f0e8cbb8050b0941051-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0f73a273925d016886f0d993c95bd14be555b826b82afca044a9111ff0d9f2a9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires
Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.cyberark.com
content-length
327
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/x-javascript
last-modified
Tue, 10 Sep 2024 21:30:26 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
main.js
www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/ Frame EBDC
Redirect Chain
  • https://www.cyberark.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?
8 KB
4 KB
Script
General
Full URL
https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33af9b233d5770f84d5a7235aebfce12c8c8aae4a7afe780a0d9b87b56c1dbf8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding
gzip
x-content-type-options
nosniff
cf-ray
8d6552e29ff1dba1-FRA
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?
x-content-type-options
nosniff
cf-ray
8d6552e1af02dba1-FRA
access-control-allow-origin
*
content-length
0
date
Tue, 22 Oct 2024 00:20:49 GMT
vary
Accept-Encoding
server
cloudflare
notice
consent.trustarc.com/
15 KB
6 KB
Script
General
Full URL
https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-92.fra2.r.cloudfront.net
Software
/
Resource Hash
4bfc478aed04b437be702f1cf6622778ac8bb9609bdd9ad2ef61f8e43ef41512
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=3600
content-encoding
gzip
via
1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
content-length
5525
x-amz-cf-id
IgsWXAsylIgz92ZLgd9_LeQDYDTZSdyTMQg_dtqQz7OlYrmgoI6qDQ==
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA2-C1
d24194f2-6101-4c07-b071-d2eb5d40f5e6.js
j.6sc.co/j/
1 KB
908 B
Script
General
Full URL
https://j.6sc.co/j/d24194f2-6101-4c07-b071-d2eb5d40f5e6.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e8b5fa15cdf049327e2516b875ebfc85c0d40eeb6d9da10ba2397b189d3509a2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
etag
"cad1056fc6c74d93f72dff6dcdb96f6f"
x-amz-version-id
t4QDDVseVEU1.3_MbYjAtic.rctf1GXv
expires
Tue, 22 Oct 2024 00:50:50 GMT
x-amz-cf-id
YRxa2C694pcFlyJHea3tU2mJLPP0GPyibv0Klbclv3pnuMNPDZfSWA==
date
Tue, 22 Oct 2024 00:20:50 GMT
last-modified
Wed, 31 Jul 2024 16:07:58 GMT
vary
Accept-Encoding
content-type
application/javascript
x-amz-meta-content-type
application/json
cache-control
private, max-age=1800
accept-ranges
bytes
content-length
529
x-amz-cf-pop
FRA60-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
rtp.js
sjrtp6-cdn.marketo.com/rtp-api/v1/
152 KB
42 KB
Script
General
Full URL
https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.34.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-34-125.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.45.v20220203) /
Resource Hash
4beb123e00f4bef8edecb3c7ddda6eb703d9fac9a91c24ddde2aef8a1cd49bc2
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security
max-age=63113904
Cache-Control
public, max-age=300
Content-Encoding
gzip
Connection
keep-alive
Content-Length
42512
Date
Tue, 22 Oct 2024 00:20:49 GMT
Content-Type
application/x-javascript; charset=UTF-8
Last-Modified
Thu, 17 Oct 2024 14:20:51 GMT
Server
Jetty(9.4.45.v20220203)
Vary
Accept-Encoding
js
www.googletagmanager.com/gtag/
217 KB
78 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-9920016
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a1b920e479c79dcaa01636fef3b9b80f2005e4f0aefb623e8e312a6cce834ea1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Tue, 22 Oct 2024 00:20:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 22 Oct 2024 00:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
80024
x-xss-protection
0
server
Google Tag Manager
pixel.js
www.redditstatic.com/ads/
42 KB
13 KB
Script
General
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
1f120dbe60c10831180babf37afc0edb7c01e9f4e7b135cfedc58b3523c887fb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
public, max-age=60
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
etag
"5e9ac3a42b557bf8ca38cf2e8baba70b"
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
12126
date
Tue, 22 Oct 2024 00:20:49 GMT
last-modified
Tue, 15 Oct 2024 19:34:59 GMT
content-type
application/javascript
vary
Accept-Encoding,Origin
server
snooserv
x-amz-server-side-encryption
AES256
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
age
3274
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 01:26:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 21 Oct 2024 23:26:15 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
munchkin.js
munchkin.marketo.net/163/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/163/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-137-224.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Cache-Control
max-age=8640000
Content-Encoding
gzip
ETag
"ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Connection
keep-alive
Expires
Thu, 30 Jan 2025 00:20:49 GMT
Accept-Ranges
bytes
Content-Length
4741
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date
Tue, 22 Oct 2024 00:20:49 GMT
Content-Type
application/x-javascript
Last-Modified
Fri, 06 Jan 2023 02:26:40 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
utsync.ashx
ml314.com/
62 B
237 B
Script
General
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=52079&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pv=1729556449661_rre7tcc68&bl=de-de&cb=3963861&return=&ht=&d=&dc=&si=1729556449661_rre7tcc68&cid=production%7C%7C108540%7C%7C6824673%7C%7C609327918&s=1600x1200&rp=&v=2.7.4.212
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?229
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
79.77.117.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 google
expires
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/javascript
server
Google Frontend
ud.ashx
in.ml314.com/
20 B
482 B
Script
General
Full URL
https://in.ml314.com/ud.ashx?topiclimit=&cb=2292024&v=2.7.4.212
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?229
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.174.248.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-174-248-58.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Cache-Control
public
X-AspNet-Version
4.0.30319
Content-Encoding
gzip
Connection
keep-alive
Expires
Wed, 23 Oct 2024 00:20:50 GMT
Content-Length
138
Date
Tue, 22 Oct 2024 00:20:49 GMT
Content-Type
application/javascript; charset=utf-8
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
RC215bf8f3db2048f5a863a53bd773832d-source.min.js
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/
429 B
533 B
Script
General
Full URL
https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RC215bf8f3db2048f5a863a53bd773832d-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
c725d1f370fda095ffc8e000d4780897eb77b5708e28f8486c7ccbb3b7fc38a6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires
Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.cyberark.com
content-length
277
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/x-javascript
last-modified
Tue, 10 Sep 2024 21:30:26 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
dest5.html
cyberark.demdex.net/ Frame 93D5
0
0
Document
General
Full URL
https://cyberark.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.17.200.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-200-40.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Tue, 22 Oct 2024 00:20:49 GMT
dcs
dcs-prod-irl1-1-v067-009db42c9.edge-irl1.demdex.com 0 ms
expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Wed, 16 Oct 2024 08:54:26 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
vary
accept-encoding
x-tid
LQAerbU4SQ0=
ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=17521897870795926943090136164194094885
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6
42 B
717 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Server
52.48.129.25 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-129-25.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-2-v067-0d832b281.edge-irl1.demdex.com 2 ms
content-encoding
gzip
pragma
no-cache
x-content-type-options
nosniff
x-tid
I0yO9uX3RgI=
expires
Thu, 01 Jan 1970 00:00:00 UTC
content-length
59
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
image/gif

Redirect headers

Cache-Control
no-cache
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length
0
Date
Tue, 22 Oct 2024 00:20:49 GMT
Connection
keep-alive
Server
AMO-cookiemap/1.1
delivery
cyberark.tt.omtrdc.net/rest/v1/
351 B
838 B
XHR
General
Full URL
https://cyberark.tt.omtrdc.net/rest/v1/delivery?client=cyberark&sessionId=a9db798c9972494f99961f3a433e9161&version=2.11.4
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.235.152.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-66-235-152-225.data.adobedc.net
Software
jag /
Resource Hash
de2e29b346da4bc7fc22f9d1f1b548cc29d6fbbb07ec236e795a1a6853c6b1cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
e73d4483-23a8-4e46-8fd1-19e977261960
cache-control
no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin
*
content-encoding
gzip
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
access-control-allow-origin
https://www.cyberark.com
date
Tue, 22 Oct 2024 00:20:49 GMT
x-xss-protection
1; mode=block
content-type
application/json;charset=UTF-8
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
server
jag
visitWebPage
316-czp-275.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://316-czp-275.mktoresp.com/webevents/visitWebPage?_mchNc=1729556449737&_mchCn=&_mchId=316-CZP-275&_mchTk=_mch-cyberark.com-1729556449735-82067&_mchHo=www.cyberark.com&_mchPo=&_mchRu=%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&_mchPc=https%3A&_mchVr=163&_mchEcid=9AB97041603F3EDB0A495C66%40AdobeOrg%3A6%3A13433950944575235472312575952379861128&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Transfer-Encoding
chunked
X-Request-Id
7fc32e5a-cc17-4a35-b556-e16c7fe4c957
Content-Encoding
gzip
Connection
keep-alive
Access-Control-Allow-Origin
*
Date
Tue, 22 Oct 2024 00:20:50 GMT
Content-Type
text/plain; charset=UTF-8
Server
nginx/1.20.1
8d6552d8fd1edba1
www.cyberark.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame EBDC
0
615 B
XHR
General
Full URL
https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/jsd/r/8d6552d8fd1edba1
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
8d6552e35910dba1-FRA
content-length
0
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
x-content-type-options
nosniff
config
pixel-config.reddit.com/pixels/t2_o2i62ves/
3 B
124 B
XHR
General
Full URL
https://pixel-config.reddit.com/pixels/t2_o2i62ves/config
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=14400
content-encoding
gzip
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
27
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/json
t2_o2i62ves_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/
86 B
700 B
XHR
General
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_o2i62ves_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=300
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding
gzip
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
98
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/json
vary
Accept-Encoding,Origin
server
snooserv
rp.gif
alb.reddit.com/
42 B
637 B
Image
General
Full URL
https://alb.reddit.com/rp.gif?ts=1729556449794&id=t2_o2i62ves&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=9844c189-b22f-4d1d-83cc-d8043497f49e&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_49267bce&dpm=&dpcc=&dprc=
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after
0
cross-origin-resource-policy
cross-origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via
1.1 varnish
accept-ranges
bytes
content-length
42
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/gif
server
Varnish
collect
www.google-analytics.com/j/
15 B
435 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1202403874&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABAAAAACAEK~&jid=1850960514&gjid=962583278&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&_slc=1&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&npa=1&z=437074547
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5cbd2c4ce1325baae0fa325bdd95a25a925b094d7e88fc6fcebb834a6906c5b4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:49 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://www.cyberark.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
15
server
Golfe2
collect
stats.g.doubleclick.net/j/
1 B
647 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-44168172-9&cid=146266419.1729556450&jid=1850960514&gjid=962583278&_gid=1583040074.1729556450&npa=1&_u=YGBAgEABAAAAAGAEK~&z=656788960
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgdc:149:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:49 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgdc:149:0
access-control-allow-origin
https://www.cyberark.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
1
server
Golfe2
v1.7-504
consent.trustarc.com/asset/notice.js/v/
94 KB
28 KB
Script
General
Full URL
https://consent.trustarc.com/asset/notice.js/v/v1.7-504
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-92.fra2.r.cloudfront.net
Software
/
Resource Hash
ea452041e2a080dde60b253797884b42af24197c86bcb0514d2526908d11f1d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cyberark.com
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=2592000
access-control-expose-headers
*
content-encoding
gzip
pragma
public
age
587
via
1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
uLuMxGaadLoW3GRGM31DA3AftTnfrxAKvC05MXjh84bZkuRBMeHxnA==
date
Tue, 22 Oct 2024 00:11:02 GMT
content-type
text/javascript
last-modified
Wed, 9 Oct 2024 01:59:13 GMT
vary
Accept-Encoding
x-amz-cf-pop
FRA2-C1
get
consent.trustarc.com/ Frame A90B
0
0
Document
General
Full URL
https://consent.trustarc.com/get?name=crossdomain.html&domain=cyberark.com
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-52.fra2.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

age
583
cache-control
max-age=2592000
content-encoding
gzip
content-type
text/html
date
Tue, 22 Oct 2024 00:11:06 GMT
pragma
public
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Origin
via
1.1 c3b74c81fdcb7942211a6c721efa13fc.cloudfront.net (CloudFront)
x-amz-cf-id
CkVfTPARTTvmE-jxhgwB4HDLIhTrae5ikjyglWUkY4ReD48DAxr22Q==
x-amz-cf-pop
FRA2-C1
x-cache
Hit from cloudfront
log
consent.trustarc.com/
43 B
428 B
Image
General
Full URL
https://consent.trustarc.com/log?domain=cyberark.com&country=de&state=&behavior=expressed&session=fd5756fa-fd1b-45b4-97bf-c119069b26f3&userType=NEW&c=5ec2&referer=https://www.cyberark.com&language=en
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-92.fra2.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
via
1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
expires
Mon, 26 Jul 1997 05:00:00 GMT
x-cache
Miss from cloudfront
content-length
43
x-amz-cf-id
vUKoypM3moab2bfcW68ssW3HzyzdluAJWIhlTPZAszvZ4LIz7lA7mg==
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
image/gif
x-amz-cf-pop
FRA2-C1
vary
Origin
js
www.googletagmanager.com/gtag/
312 KB
102 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-XTLTD7RKN5&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e8a9bf176b6fad2653eec220b27ad2aba42463150c6bfccceb446ef4545c0df7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Tue, 22 Oct 2024 00:20:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:49 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
104737
x-xss-protection
0
server
Google Tag Manager
/
consent-pref.trustarc.com/ Frame 4B76
0
0
Document
General
Full URL
https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&country=de&action=notice&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=fd5756fa-fd1b-45b4-97bf-c119069b26f3&userType=NEW
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-504
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-93.fra56.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-type
text/html
date
Tue, 22 Oct 2024 00:20:50 GMT
expect-ct
max-age=86400; enforce;
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Origin
via
1.1 34fdfb7c7c11559df7e622af2b62f5ca.cloudfront.net (CloudFront)
x-amz-cf-id
EkbtLJO9gmG6Vu67R6RlCsRYuLA6hlC2Dpirh1AV1wdSDZ_bYcCsNw==
x-amz-cf-pop
FRA56-P4
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-xss-protection
1
noticemsg
consent.trustarc.com/
43 B
428 B
Image
General
Full URL
https://consent.trustarc.com/noticemsg?action=consent&domain=cyberark.com&behavior=expressed&country=de&language=en&rand=0.5164205622347444&session=fd5756fa-fd1b-45b4-97bf-c119069b26f3&userType=NEW&referer=https://www.cyberark.com
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-92.fra2.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
via
1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
expires
Mon, 26 Jul 1997 05:00:00 GMT
x-cache
Miss from cloudfront
content-length
43
x-amz-cf-id
BM1Wf1ViJ6AtDREuw9JuoJn_4Apf6SsgbydxQiRvIOtyISmjtCLbBw==
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
image/gif
x-amz-cf-pop
FRA2-C1
vary
Origin
jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/
23 KB
4 KB
Stylesheet
General
Full URL
https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css
Requested by
Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.34.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-34-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
143a1ee63c9fe87791cde6209d3716bf432ede02fc23ecbd064edfe1cc02bca9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Allow-Headers
*
Access-Control-Max-Age
86400
Content-Encoding
gzip
ETag
"c89c0f4cc3c0f0f2bd846508a3cd504c:1715749730.923559"
Connection
keep-alive
Access-Control-Allow-Credentials
false
Access-Control-Allow-Methods
GET
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
3762
Date
Tue, 22 Oct 2024 00:20:50 GMT
Content-Type
text/css
Last-Modified
Wed, 15 May 2024 05:08:51 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
trw
sjrtp6.marketo.com/gw1/
202 B
639 B
Script
General
Full URL
https://sjrtp6.marketo.com/gw1/trw?aid=cyberarksoftware&trwv.uid=cyberarksoftware-1729556450086-440833af&trwv.vc=1&trwsa.sid=cyberarksoftware-1729556450086-624e3f6e&trwsb.cpv=1&ctzo=+02:00&uri=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1729556449735-82067&pm=&viewedTypes=&rts=1729556450088
Requested by
Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.146.116 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
a02215e865c2949ab838df058f262ddc8d5361d613eeb881f97be60f1f1dc4bf
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security
max-age=63113904
Cache-Control
no-cache
Content-Length
202
Date
Tue, 22 Oct 2024 00:20:51 GMT
Content-Type
application/x-javascript;charset=utf-8
Server
Jetty(9.4.45.v20220203)
Connection
close
ga-integration-2.0.5.js
rtp-static.marketo.com/rtp/libs/
18 KB
6 KB
Script
General
Full URL
https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js
Requested by
Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.34.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-34-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Allow-Headers
*
Access-Control-Max-Age
86400
Content-Encoding
gzip
ETag
"18a7b0f60655900c0010a35d07b9da0f:1686816053.163727"
Connection
keep-alive
Access-Control-Allow-Credentials
false
Access-Control-Allow-Methods
GET
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
5654
Date
Tue, 22 Oct 2024 00:20:50 GMT
Content-Type
application/x-javascript
Last-Modified
Thu, 15 Jun 2023 08:00:53 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-XTLTD7RKN5&gtm=45je4ah0v9135218693za200&_p=1729556448528&_gaz=1&gcd=13l3l3l2l3l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101686685~101823848~101836706&ul=de-de&sr=1600x1200&cid=146266419.1729556450&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sid=1729556450&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&tfd=2111
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XTLTD7RKN5&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.cyberark.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
269 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-XTLTD7RKN5&cid=146266419.1729556450&gtm=45je4ah0v9135218693za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3l1&npa=1&frm=0&tag_exp=101686685~101823848~101836706
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XTLTD7RKN5&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.cyberark.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-XTLTD7RKN5&cid=146266419.1729556450&gtm=45je4ah0v9135218693za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3l1&npa=1&frm=0&tag_exp=101686685~101823848~101836706&tag_exp=101686685~101823848~101836706&z=1600032596
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 22 Oct 2024 00:20:50 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
msg
sjrtp6.marketo.com/gw1/
0
426 B
Script
General
Full URL
https://sjrtp6.marketo.com/gw1/msg?a=2&sid=cyberarksoftware-1729556450086-624e3f6e&aid=cyberarksoftware&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1729556449735-82067&viewedTypes=&0.4418614891279915&rts=1729556450146
Requested by
Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.146.116 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security
max-age=63113904
Cache-Control
no-cache
Content-Length
0
Date
Tue, 22 Oct 2024 00:20:51 GMT
Content-Type
text/javascript;charset=utf-8
Server
Jetty(9.4.45.v20220203)
Connection
close
6si.min.js
j.6sc.co/
68 KB
19 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/j/d24194f2-6101-4c07-b071-d2eb5d40f5e6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
private, proxy-revalidate, max-age=10800
content-encoding
gzip
etag
"66fb91ae-111bb"
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 03:20:50 GMT
accept-ranges
bytes
content-length
18819
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
last-modified
Tue, 01 Oct 2024 06:07:42 GMT
ajax_ping
www.cyberark.com/resources/hubsFront/
49 B
155 B
XHR
General
Full URL
https://www.cyberark.com/resources/hubsFront/ajax_ping
Requested by
Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.d9fdeb361862fc14a04f.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self' https://www.cyberark.com/
content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
unsafe-url
cf-ray
8d6552e5ac57dba1-FRA
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date
Tue, 22 Oct 2024 00:20:50 GMT
x-xss-protection
1; mode=block
content-type
application/json
content-language
en
server
cloudflare
x-frame-options
DENY
getuidj
secure.adnxs.com/
11 B
704 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://www.cyberark.com
an-x-request-uuid
df13088e-1d37-4218-9cf7-565aa028355a
content-length
11
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:50 GMT
x-xss-protection
0
content-type
application/json; charset=utf-8
server
nginx/1.23.4
/
c.6sc.co/
7 B
194 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
GET,POST
access-control-allow-origin
https://www.cyberark.com
content-length
7
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
text/html
access-control-allow-headers
*
/
ipv6.6sc.co/
36 B
338 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f514531503c88d1dcd2951aa5ed98f3b188fe016f1a47fc2e2ba103c72173101

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
pragma
no-cache
6si-ipv6
2001:1b60:1010:3:1012:252e:2f84:bc77
expires
Tue, 22 Oct 2024 00:20:50 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729556450280_34603374_1100017004_22_932_23_34_219";dur=1
access-control-allow-origin
https://www.cyberark.com
content-length
36
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
text/html
vary
Origin
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&v=1.1.29
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"615ccf10-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:50 GMT
accept-ranges
bytes
content-length
43
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
image/gif
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22059bf2ba2b88e39bb3200769d2e411fc%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%7B%5C%5C%5C%22name%5C%5C%5C%22%3A%5C%5C%5C%22prod-cat%5C%5C%5C%22%7D%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22d24194f2-6101-4c07-b071-d2eb5d40f5e6%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&v=1.1.29
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"5e502810-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:50 GMT
accept-ranges
bytes
content-length
43
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
image/gif
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f020a0-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:50 GMT
accept-ranges
bytes
content-length
43
date
Tue, 22 Oct 2024 00:20:50 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
msg
sjrtp6.marketo.com/gw1/
0
426 B
Script
General
Full URL
https://sjrtp6.marketo.com/gw1/msg?a=2&sid=cyberarksoftware-1729556450086-624e3f6e&aid=cyberarksoftware&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1729556449735-82067&viewedTypes=&0.9678841166073318&rts=1729556451172
Requested by
Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.146.116 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security
max-age=63113904
Cache-Control
no-cache
Content-Length
0
Date
Tue, 22 Oct 2024 00:20:51 GMT
Content-Type
text/javascript;charset=utf-8
Server
Jetty(9.4.45.v20220203)
Connection
close
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"60bb2e15-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:51 GMT
accept-ranges
bytes
content-length
43
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
image/gif
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
js
www.googletagmanager.com/gtag/
257 KB
91 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-1071691665&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c14f6d26fa1f78e846b809a9bd0f2c0f61d5c20bd164a6b9794155d2a26a4286
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Tue, 22 Oct 2024 00:20:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 22 Oct 2024 00:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
92767
x-xss-protection
0
server
Google Tag Manager
9ea938e4-65fc-409a-9bd3-00e6a7fb2552
https://www.cyberark.com/ Frame
0
0

/
www.google.de/pagead/1p-conversion/1071691665/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisW...
  • https://www.google.com/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMIm...
  • https://www.google.de/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImM...
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSGwDpaXnfxY3mQY95f266y_ZpaVzSL6PHbuS3tw&random=3834910460&ipr=y
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.de/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSGwDpaXnfxY3mQY95f266y_ZpaVzSL6PHbuS3tw&random=3834910460&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
tc_imp.gif
obs.segreencolumn.com/tracker/
43 B
79 B
Image
General
Full URL
https://obs.segreencolumn.com/tracker/tc_imp.gif?e=37dfbd8ee84e001268e7c230ec438f9c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5a148e6a2217071a10acf9f29f674c8185dd0028381caa797e568e3fd865940d32052593545558310c09c7be394f77be26bb25cb43e2913bf05365ad5f2b7a1bdb53ed46f497d7df3ebb2907fe7ccaaa506fdb0e3315794093845163f260b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf7278ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e82dae36a95655dd7abce2c4940a2323afcc51164ecdcfa718602aa41b18349971ed9d36d9a6d279c9022db668cc0adb1d3fde90b72b26bf6f8f0364e73fb947dc3fd10e60717438c4309da8dced8c6ed8827d82bd78ff89e72fe7b7822cb682c8593925e26daa773a50ce2de489b79a97a4e0445cf39b142d0c0bb71a3c83ecc0de682c8dc77895f0b6eeb481752770668c0ad69b84ec7db806ba19375f8973d9581fee87788bcf154677d9ee2534894a1041503fae1f532b96bdaaa1ffdfc3ce629b23b944fc65682f97f984435eead916f232d331120192862b8fd9e3ec008b6595c0678eabe4ec38a5a59a8ed9df8e92ed0e7f6ee9aeafca959452ea81fd3f75d2ec3107707c53d0c3735a12aeb2f469cf9cb71d472cb37dcfa5f91e158c73f767532086e0e8edcf68d6e0809c34d1bd1aa8da9bad84e1782a2ff2184c51878dbdb0e3f6bff8dd85621b727995e9f1ae33c8713dbc813fea633e29b88d5844662efe33b7f8376a68eb1b7179c6c30101997745e53b9a04392ef13c38586c957cf9b9a350e362aa22fff40f301a08b7b972c42264333787ae75e8a882d0af00e95c7b14386ce3ec93334d04a1e3e83fa924f03ba63ff9c11c406360243b93e2a86abde7694356ff98452e0819aa68131dd04006007ee656117c5c41e56a83df9ffc62f86d6e9085978ab747b6a7c8e1536e6eabf7c69f63807ade3955ddb96fa994b28d15da7152812955c297fc9c25010cf879f89b1e357b865f80c807298d05cd6e7f93725bbd302d094bdb1cdefc48d69139eec2449897fcf5fdf4cebe728a1d3df952cf094dff8e75424d7b2b7ec49c0489a0d5531472ad89a3a35d579f80296d974bf1d28fe7f079865a1847e68b73633034f9ff5d92d86c74c7b3a3e6ca28382e9c971c842a9a6646fcac14345&cri=S3suAbMrUU&ts=1813&cb=1729556451332
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
date
Tue, 22 Oct 2024 00:20:51 GMT
pragma
no-cache
content-type
image/gif
a4382447-0c84-4f17-898e-68d7799ca9d4
https://www.cyberark.com/ Frame
0
0

/
www.googleadservices.com/pagead/conversion/1071691665/
5 KB
3 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/1071691665/?random=1729556451411&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1071691665&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
15c49f20dcdf9710d0b5da0a667e2d3f449209599484dddbb242eee570724980
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
2877
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAAAgAAAAAABA&h=Ag&z=0
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=gtm.init&eid=0&u=AAAAAAAAAAAAAAAgAAAAAABA&h=Ag&tr=1ogtadsdatatos.1ogt1pdatav2.1ccdadsfirst.1ccdpreautopii.1ogtconvdef.1ccdadslast&ti=2ogtadsdatatos.2ogt1pdatav2.2ccdadsfirst.2ccdpreautopii.2ogtconvdef.2ccdadslast&z=0
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=gtm.js&eid=1&u=AAAAAAAAAAAAAAAgAAAAAABA&h=Ag&tr=1rep&ti=1rep&z=0
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=gtm.dom&eid=5&u=AAAAAAAAAAAAAAAgAAAAAABA&h=Ag&z=0
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=gtag.config&eid=8&u=AAAAAAAAAAAAAAAgAAAAAABA&h=Ag&z=0
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame 0099
0
0
Document
General
Full URL
https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.cyberark.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1071691665&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
9681
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Mon, 21 Oct 2024 21:39:30 GMT
expires
Tue, 21 Oct 2025 21:39:30 GMT
last-modified
Mon, 21 Oct 2024 16:58:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
www.google.de/pagead/1p-conversion/1071691665/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1...
  • https://www.google.com/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=...
  • https://www.google.de/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1...
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA&is_vtc=1&cid=CAQSGwDpaXnfN_ik5DsA7V5F87PCLfN7SBxsUEXEYw&random=3621428707&ipr=y
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.de/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA&is_vtc=1&cid=CAQSGwDpaXnfN_ik5DsA7V5F87PCLfN7SBxsUEXEYw&random=3621428707&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?ctid=AW-1071691665&t=s&si=160&m=0&iss=4&sid=1851047455847591&cc=1&tl=2&hc=1&cl=0&pid=9762328&bc=1
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
RC3719b75d704c41bf84889d486a456143-source.min.js
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/
451 B
547 B
Script
General
Full URL
https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RC3719b75d704c41bf84889d486a456143-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
749f69ccbbd831343bc59cacc987b287a4eb26584e0e9e84b4d844cd0342344f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires
Tue, 22 Oct 2024 01:20:51 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.cyberark.com
content-length
292
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
application/x-javascript
last-modified
Tue, 10 Sep 2024 21:30:26 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
jquery-custom-ui.min.js
rtp-static.marketo.com/rtp/libs/jqueryui/1.13.2/
522 KB
126 KB
Script
General
Full URL
https://rtp-static.marketo.com/rtp/libs/jqueryui/1.13.2/jquery-custom-ui.min.js
Requested by
Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.34.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-34-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
b122e173fb310c409d02c56e57eea40f1ea470fed839599c902b085d8fdb0129

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Transfer-Encoding
chunked
Access-Control-Allow-Headers
*
Access-Control-Max-Age
86400
Content-Encoding
gzip
ETag
"85c4e68263c6de164e4bad3fb60222a5:1685620750.615377"
Connection
keep-alive, Transfer-Encoding
Access-Control-Allow-Credentials
false
Access-Control-Allow-Methods
GET
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Date
Tue, 22 Oct 2024 00:20:51 GMT
Content-Type
application/x-javascript
Last-Modified
Thu, 01 Jun 2023 11:54:52 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
ey22i6m9p82y.js
js.driftt.com/include/1729556700000/
221 KB
62 KB
Script
General
Full URL
https://js.driftt.com/include/1729556700000/ey22i6m9p82y.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-77.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e96abb18e70acf14065e3bacb0dbd6942579a85d3d69d9d7551bea9c627ca3a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
x-amz-version-id
px8T70IzhuJ6oS1M7izBjK7Y8.9uRoPx
etag
W/"182931eb99afb01276b448d2f7bd627d"
access-control-allow-methods
GET, POST, OPTIONS
x-cache
RefreshHit from cloudfront
x-amz-cf-id
jSxnIWie5fATZ4du9jYd4gxBZ6_6Q2t35vKysabyzpsghfwxDiAjzQ==
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 18:47:07 GMT
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache
x-envoy-upstream-service-time
34
access-control-allow-credentials
true
via
1.1 9ed190c9d6b2f812d19cbb317856ed88.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA60-P6
server
istio-envoy
x-amz-server-side-encryption
AES256
destination
www.googletagmanager.com/gtag/
257 KB
91 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-1071691665&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3cba90de30ba29910db391f8d0de52aa6b754f83fb6530a04ba6c6bc4f930893
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Tue, 22 Oct 2024 00:20:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 22 Oct 2024 00:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
92687
x-xss-protection
0
server
Google Tag Manager
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=58681
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Tue, 22 Oct 2024 00:20:51 GMT
last-modified
Thu, 22 Aug 2024 10:43:55 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
fbevents.js
connect.facebook.net/en_US/
227 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f4cfd4a5b95dfb31c47cd567d9719fc12a0453f6ff27e2872147a9740e4b9e56
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=26, rtx=0, c=23, mss=1232, tbw=4462, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
zQj7th6DTj8pmrLO/iLwamWn2VvTITbRm80PpFcgedDIAAAL/PwbbhcQfWzHbq+z9f86OLQ2yySRZuTZ2adDIg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
59352
x-xss-protection
0
origin-agent-cluster
?1
Bootstrap.js
nexus.ensighten.com/choozle/14963/
28 KB
9 KB
Script
General
Full URL
https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:4000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
8078cebf9ab8ba5c0802536ed68317072ca51f1cb5293db16d63f923aad2e011

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
br
x-amz-version-id
x04iqw22f74TR7YV8WcAUNCuLsQOa2Ho
etag
W/"ae9736f2c4e7558eebdb8be79cbd6a8d"
age
26783038
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
57sdmccvVu9fkaIjHeBD-ceu6aVIjoXvBYYZvWjmRSQ-Miid0aHXJA==
date
Sun, 17 Dec 2023 00:36:54 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Sat, 28 Oct 2023 14:30:41 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=300
via
1.1 d947c3ab534102b2c9a7f0a4541d2ed8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
server
CloudFront
x-amz-server-side-encryption
AES256
activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0...
9920016.fls.doubleclick.net/ Frame D9BB
Redirect Chain
  • https://9920016.fls.doubleclick.net/activityi;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
  • https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=...
0
0
Document
General
Full URL
https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9920016
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
427
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 22 Oct 2024 00:20:51 GMT
expires
Tue, 22 Oct 2024 00:20:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 22 Oct 2024 00:20:51 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
events.js
tags.srv.stackadapt.com/
22 KB
8 KB
Script
General
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.222.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-222-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
922ab2b3e5bf7c9aeccd33ed91a30e09c8f8c5dea4f853ce8be17e61becdb971

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin
*
cache-control
max-age=5
content-encoding
gzip
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
text/javascript
dc000d50-4dbc-4d9a-ba52-c3015680f76c
tag.simpli.fi/sifitag/
3 KB
2 KB
Script
General
Full URL
https://tag.simpli.fi/sifitag/dc000d50-4dbc-4d9a-ba52-c3015680f76c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
238.89.204.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
329eba5224a490e972374a62dd94c61794c440471cc2d40a13a73d6586d7394d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-request-id
GACebetkq8UtPwJpoU0B
cache-control
max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding
gzip
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
openresty
dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js
s.dpmsrv.com/
94 KB
15 KB
Script
General
Full URL
https://s.dpmsrv.com/dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js
Requested by
Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-41.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5bfb62b234f6963acd89b19dedfa1e75bca2ea85bbf491344424ba177eb6cd48

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Content-Encoding
gzip
ETag
"55de4e40ff8dde1965278c6b2db98fad"
Age
54
Connection
keep-alive
Via
1.1 9bd86598a7f45cc948aa2f9674ece0b2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
X-Cache
Hit from cloudfront
Content-Length
15132
X-Amz-Cf-Id
4gVJU0U2BX8x661zo3sWhV4MMUeYZ3Z3kpuGM73Y46OG0LpbVNF24w==
Date
Tue, 22 Oct 2024 00:19:58 GMT
Content-Type
application/x-javascript
Last-Modified
Wed, 25 Sep 2024 19:00:24 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P5
x-amz-server-side-encryption
AES256
activity;register_conversion=1;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;...
ad.doubleclick.net/
0
24 B
Image
General
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Tue, 22 Oct 2024 00:20:51 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"7614527636609531319"}],"aggregatable_trigger_data":[{"filters":[{"14":["12155760"]}],"key_piece":"0xeec68b5c3d37a868","source_keys":["12","13","14","15","16","17","18","19","20","21"]},{"key_piece":"0xf5f164cdb1fde597","not_filters":{"14":["12155760"]},"source_keys":["12","13","14","15","16","17","18","19","20","21"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"12384970658865304021","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"7614527636609531319","filters":[{"14":["12155760"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"7614527636609531319","filters":[{"14":["12155760"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"7614527636609531319","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"7614527636609531319","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9920016"]}}
content-type
image/png
x-xss-protection
0
server
cafe
cnv
cnv.event.prod.bidr.io/log/
Redirect Chain
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=[ORDER]&ord=[CACHEBUSTER]
  • https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1
43 B
796 B
Image
General
Full URL
https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1
Protocol
HTTP/1.1
Server
52.17.118.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-118-158.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
cache-control
no-cache, must-revalidate
pragma
no-cache
Connection
keep-alive
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
Content-Length
43
Date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif
Server
gunicorn

Redirect headers

strict-transport-security
max-age=2592000; includeSubDomains
location
https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1
Content-Length
0
Date
Tue, 22 Oct 2024 00:20:51 GMT
Server
gunicorn
Connection
keep-alive
favicon.png
content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9ZmF2aWNvbiZ2ZXJzaW9uPTE3MTg3NzAxMDMmZXh0PXBuZyZzaXplPTMyJnNpZz1kZWIxODkzMGVjNTA3YzBmY2EzMjNiM2NjYzEyNmNmNA%253D%253D/
2 KB
2 KB
Other
General
Full URL
https://content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9ZmF2aWNvbiZ2ZXJzaW9uPTE3MTg3NzAxMDMmZXh0PXBuZyZzaXplPTMyJnNpZz1kZWIxODkzMGVjNTA3YzBmY2EzMjNiM2NjYzEyNmNmNA%253D%253D/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-3.fra56.r.cloudfront.net
Software
/
Resource Hash
3315068613710cfcc08a1d43d532aec5d37aaa6b78e6b51f1240cdd429652f10

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop
FRA56-P2
cache-control
max-age=2592000
age
1399885
via
1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
content-length
1967
x-amz-cf-id
8zY-4KTtCVC8XWhXFR42MlputSNKB7-6HwGmBNgMj_ewsN3Ondi24g==
date
Sat, 05 Oct 2024 19:29:26 GMT
content-type
image/png
content-disposition
inline; filename="s3_favicon_67019396281ff_uberflip-ca-central-1-files-prd_hubs_40_108540_108540_favicon.png"
last-modified
Sat, 05 Oct 2024 19:29:26 GMT
RC5266e3ee597a459fbc388f1132b7e943-source.min.js
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/
521 B
583 B
Script
General
Full URL
https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RC5266e3ee597a459fbc388f1132b7e943-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3a9ad67e7151a1a8910746fc45089d1188bf7dfd26532588beff8f03b3981281

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires
Tue, 22 Oct 2024 01:20:51 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.cyberark.com
content-length
327
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
application/x-javascript
last-modified
Tue, 10 Sep 2024 21:30:26 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RCa5164e12c82447adb2cd80d0c9b8bb38-source.min.js
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/
504 B
581 B
Script
General
Full URL
https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RCa5164e12c82447adb2cd80d0c9b8bb38-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
dfc76c674eb8cd322245ee8562bee8ade2d3c6fe5d4f72e51b14c059a88db5bf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires
Tue, 22 Oct 2024 01:20:51 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.cyberark.com
content-length
325
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
application/x-javascript
last-modified
Tue, 10 Sep 2024 21:30:26 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
286320195733404
connect.facebook.net/signals/config/
74 KB
15 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/286320195733404?v=2.9.172&r=stable&domain=www.cyberark.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C28%2C82%2C87%2C47%2C46%2C86%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
89fb40d3f8ee135b22cd7bb01f732702b537bbd12526aaf82ff53a0f37325c2a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=26, rtx=0, c=74, mss=1232, tbw=67532, tp=64, tpl=0, uplat=178, ullat=0
pragma
public
x-fb-debug
63Wd3HBBX8qaVsO4kahcp1hhsMt1nMHHUNQXKq0L31jLNzt4gooscZjhmWrYG1/bLCdxYMOAz/Xs2CirVMuBrA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
cross-origin-opener-policy-report-only
restrict-properties;report-to="coop_report"
x-xss-protection
0
origin-agent-cluster
?1
serverComponent.php
nexus.ensighten.com/choozle/14963/
409 B
740 B
Script
General
Full URL
https://nexus.ensighten.com/choozle/14963/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/choozle/14963/code/&publishedOn=Sat%20Oct%2028%2014:30:32%20GMT%202023&ClientID=923&PageID=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:4000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
54520ead7a4b3404f20b7e2344633752708cb393d277647f8a8b978c024a9758

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, no-store
via
1.1 d947c3ab534102b2c9a7f0a4541d2ed8.cloudfront.net (CloudFront)
expires
Tue, 22 Oct 2024 00:20:50 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
409
x-amz-cf-id
rAqK6MWSqw92NaC3DKO3uPT-mJc1O2KJ849TLIEo8Vsemo3NcHL9pg==
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
text/javascript
x-amz-cf-pop
FRA56-C1
server
CloudFront
visitor
sjrtp6.marketo.com/gw1/rtp/api/v1_1/
760 B
1 KB
XHR
General
Full URL
https://sjrtp6.marketo.com/gw1/rtp/api/v1_1/visitor?sid=cyberarksoftware-1729556450086-624e3f6e&aid=cyberarksoftware&1729556451863
Requested by
Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.146.116 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e432fc19ff8ba0b3e64243eb3b983293f3727e14899a63f67c12a1a34b9c26c8
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63113904
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma
No-cache
Connection
close
Access-Control-Allow-Credentials
true
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Access-Control-Allow-Origin
https://www.cyberark.com
Date
Tue, 22 Oct 2024 00:20:52 GMT
Last-Modified
Mon Oct 21 19:20:52 CDT 2024
Vary
Origin
Server
Jetty(9.4.45.v20220203)
Content-Type
application/json
sgm
sjrtp6.marketo.com/gw1/ga/
742 B
1 KB
XHR
General
Full URL
https://sjrtp6.marketo.com/gw1/ga/sgm?sid=cyberarksoftware-1729556450086-624e3f6e&1729556451863
Requested by
Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.146.116 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
5f1ce8e4dbea557201fd6da0c23fc8f2c7c24da938819d0e3e1dfcb2eb260ce3
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security
max-age=63113904
Cache-Control
no-cache
Connection
close
Access-Control-Allow-Origin
*
Content-Length
742
Date
Tue, 22 Oct 2024 00:20:52 GMT
Content-Type
text/json;charset=utf-8
Server
Jetty(9.4.45.v20220203)
p
i.simpli.fi/
798 B
760 B
Script
General
Full URL
https://i.simpli.fi/p?cid=440562&cb=sifi_att_42656._hp
Requested by
Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/dc000d50-4dbc-4d9a-ba52-c3015680f76c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
238.89.204.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
4c19696ccf0a3d20cc773a19fb1f46883ddba620be1e670606e62b9db980fe60

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding
gzip
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
openresty
attribution_trigger
px.ads.linkedin.com/
2 B
811 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-li-pop
afd-prod-lva1-x
content-encoding
gzip
x-fs-uuid
00062505bdf0ee838be1c4c65e8e1105
x-msedge-ref
Ref A: A03A689D915E4DD38A54EA6A32DEF4D2 Ref B: FRAEDGE1217 Ref C: 2024-10-22T00:20:51Z
x-li-fabric
prod-lva1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYlBb3w7oOL4cTGXo4RBQ==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-for...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-fo...
0
263 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&e_ipv6=AQL-FeYJ_xlFrAAAAZKxmRLIHBkldi8UpRj6oHwo-aTEUM7CMgEd3epqX12NLL2TA8_9v8vS_fUKIL1QDsDJ7ZY3VsRQ0g
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 1301541E21B246668C1BE5A3FC22EB0E Ref B: FRAEDGE1317 Ref C: 2024-10-22T00:20:52Z
x-li-fabric
prod-ltx1
x-li-uuid
AAYlBb36RJ44aQrdAwq3Qg==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&e_ipv6=AQL-FeYJ_xlFrAAAAZKxmRLIHBkldi8UpRj6oHwo-aTEUM7CMgEd3epqX12NLL2TA8_9v8vS_fUKIL1QDsDJ7ZY3VsRQ0g
x-msedge-ref
Ref A: 6F6B57C071A648D0B7147E461DAA58F2 Ref B: FRAEDGE1820 Ref C: 2024-10-22T00:20:51Z
x-li-fabric
prod-ltx1
x-li-uuid
AAYlBb3xRliwQtBuG8c0jA==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Tue, 22 Oct 2024 00:20:51 GMT
index.php
a.dpmsrv.com/dpmpxl/
Redirect Chain
  • https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&dpmCid%3D%26zn%3D%26sn%3D%26q%3DxImp%26v%3D1.x%26cl%3D62%26pixelIndex%3D0%26r%3D78365%26tzOffset%3D-120%26url%3Dhttps%253A%...
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26dpmCid%253D%2526zn%253D%2526sn%253D%2526q%253DxImp%2526v%253D1.x%2526cl%253D62%2526pixelIndex...
  • https://a.dpmsrv.com/dpmpxl/index.php?id=4084603115321777412&dpmCid=&zn=&sn=&q=xImp&v=1.x&cl=62&pixelIndex=0&r=78365&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-b...
263 B
1007 B
Script
General
Full URL
https://a.dpmsrv.com/dpmpxl/index.php?id=4084603115321777412&dpmCid=&zn=&sn=&q=xImp&v=1.x&cl=62&pixelIndex=0&r=78365&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol
HTTP/1.1
Server
54.159.177.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-159-177-125.compute-1.amazonaws.com
Software
/
Resource Hash
6df77d3b54c491827193b069ec9c0da3b3a41eb06d8fdbc08d29f91c07093f73

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Max-Age
10
Cache-Control
no-cache, no-store, must-revalidate
content-encoding
gzip
Pragma
no-cache
Connection
keep-alive
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Expires
0
Access-Control-Allow-Origin
*
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length
228
Content-Type
text/javascript
Access-Control-Allow-Headers
content-type, accept

Redirect headers

cache-control
no-store, no-cache, private
location
https://a.dpmsrv.com/dpmpxl/index.php?id=4084603115321777412&dpmCid=&zn=&sn=&q=xImp&v=1.x&cl=62&pixelIndex=0&r=78365&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
466f35ec-3e85-4142-99c8-95c7bf452b75
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
08773fb052a2034353e4744495485b88.js
nexus.ensighten.com/choozle/14963/code/
673 B
1 KB
Script
General
Full URL
https://nexus.ensighten.com/choozle/14963/code/08773fb052a2034353e4744495485b88.js?conditionId0=4910939
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:206f:4000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
60f515991307abd345708ae3d50ff9a7751c68c208e2586d992c3c6ff729d6b0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

etag
"314ad2369d67fe2807f627dbfdcbf52d"
age
16270012
x-amz-version-id
kpkF4PXL.K8vMpkqxwzwd03dNtjBok8N
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
0P8jkRtws-3PKS6Q3lP6shFX9oomqY63mYmzVVTzGh6C6Ikmge8uIw==
date
Tue, 16 Apr 2024 16:53:59 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 28 Oct 2023 14:30:41 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
673
x-amz-cf-pop
FRA56-C1
server
CloudFront
x-amz-server-side-encryption
AES256
d3d14424fac71699bdbff068d9b1184b.js
nexus.ensighten.com/choozle/14963/code/
2 KB
805 B
Script
General
Full URL
https://nexus.ensighten.com/choozle/14963/code/d3d14424fac71699bdbff068d9b1184b.js?conditionId0=421905
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:206f:4000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
br
etag
W/"e8e93310d35a9462151b8fdab5b436ce"
age
26782400
x-amz-version-id
ffPQ1iXE0NqYZgujQn.J5knMjbGtNIPl
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
H-tcKkeQqTFZeqIpcoLOy5ZH_K8-vEA_q6srWH-LTMENp8Qti0Cx3Q==
date
Sun, 17 Dec 2023 00:47:32 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Sat, 28 Oct 2023 14:30:45 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
server
CloudFront
x-amz-server-side-encryption
AES256
/
s.ad.smaato.net/c/
Redirect Chain
  • https://um.simpli.fi/smaato
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=7DEEB55C4D1F4B0799E41E7096C9DA73
0
236 B
Image
General
Full URL
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
H2
Server
2600:9000:211e:b800:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

via
1.1 b25bc331cb2e5e7e25d9488f5ecdc940.cloudfront.net (CloudFront)
cache-control
no-cache, must-revalidate
x-cache
Miss from cloudfront
x-amz-cf-id
1MfTgGRRotx7KEaA7fkftmHJfy-4qrEtWRThg5ryskogIIM3Gxu2aQ==
date
Tue, 22 Oct 2024 00:20:52 GMT
x-amz-cf-pop
FRA56-C2
server
CloudFront

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003
sync.targeting.unrulymedia.com/csync/
Redirect Chain
  • https://um.simpli.fi/nexxen
  • https://sync.1rx.io/usersync/simplifi/7DEEB55C4D1F4B0799E41E7096C9DA73
  • https://sync.1rx.io/usersync/simplifi/7DEEB55C4D1F4B0799E41E7096C9DA73?zcc=1&cb=1729556452210
  • https://sync.targeting.unrulymedia.com/csync/RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003
43 B
378 B
Image
General
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003
Protocol
H2
Server
46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
date
Tue, 22 Oct 2024 00:20:52 GMT
content-length
43

Redirect headers

expires
0
cache-control
no-store, no-cache, must-revalidate
location
https://sync.targeting.unrulymedia.com/csync/RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003
date
Tue, 22 Oct 2024 00:20:52 GMT
pragma
no-cache
content-type
text/html
xuid
eb2.3lift.com/
Redirect Chain
  • https://um.simpli.fi/triplelift
  • https://eb2.3lift.com/xuid?mid=7969&xuid=7DEEB55C4D1F4B0799E41E7096C9DA73&dongle=yf3
37 B
140 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=7969&xuid=7DEEB55C4D1F4B0799E41E7096C9DA73&dongle=yf3
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://eb2.3lift.com/xuid?mid=7969&xuid=7DEEB55C4D1F4B0799E41E7096C9DA73&dongle=yf3
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
sync
simplifi.partners.tremorhub.com/
Redirect Chain
  • https://um.simpli.fi/telaria_p
  • https://simplifi.partners.tremorhub.com/sync?UISF=7DEEB55C4D1F4B0799E41E7096C9DA73
43 B
175 B
Image
General
Full URL
https://simplifi.partners.tremorhub.com/sync?UISF=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
H2
Server
2600:1f18:612b:4200:d0bf:d36:b5ac:b7f8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif
server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://simplifi.partners.tremorhub.com/sync?UISF=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain
  • https://um.simpli.fi/tapad
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73
95 B
426 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
H2
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
95
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/png
server
Jetty(11.0.13)

Redirect headers

strict-transport-security
max-age=31536000
location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
server
Jetty(11.0.13)
empty.gif
um.simpli.fi/
Redirect Chain
  • https://um.simpli.fi/ad_advisor
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=7DEEB55C4D1F4B0799E41E7096C9DA73
  • https://d.agkn.com/pixel/10751/?che=1729556452276&ip=217.114.215.131&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219883205043000015856
  • https://um.simpli.fi/aa_px?sk=219883205043000015856
  • https://um.simpli.fi/empty.gif
43 B
361 B
Image
General
Full URL
https://um.simpli.fi/empty.gif
Protocol
H2
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
access-control-allow-origin
*
content-length
43
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
location
/empty.gif
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain
  • https://um.simpli.fi/intentiq
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7DEEB55C4D1F4B0799E41E7096C9DA73
0
0

pubmatic
um.simpli.fi/
43 B
409 B
Image
General
Full URL
https://um.simpli.fi/pubmatic
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
43
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
freewheel
um.simpli.fi/
43 B
409 B
Image
General
Full URL
https://um.simpli.fi/freewheel
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
43
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cms
ups.analytics.yahoo.com/ups/58726/
Redirect Chain
  • https://um.simpli.fi/dtnx
  • https://fei.pro-market.net/engine?du=24;csync=7DEEB55C4D1F4B0799E41E7096C9DA73;mimetype=img;
  • https://fei.pro-market.net/engine?du=24;csync=7DEEB55C4D1F4B0799E41E7096C9DA73;mimetype=img;sr
  • https://cms.analytics.yahoo.com/cms?partner_id=DATCS
  • https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS
0
108 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS
Protocol
H2
Server
2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Tue, 22 Oct 2024 00:20:52 GMT
age
0
content-type
text/html
server
ATS
referrer-policy
no-referrer-when-downgrade

Redirect headers

strict-transport-security
max-age=31536000
cache-control
no-store
location
https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS
content-length
257
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
content-language
en
server
ATS
/
loadm.exelator.com/load/
Redirect Chain
  • https://um.simpli.fi/exelatem
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0&xl8blockcheck=1
0
771 B
Image
General
Full URL
https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0&xl8blockcheck=1
Protocol
H2
Server
54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date
Tue, 22 Oct 2024 00:20:52 GMT
x-powered-by
Undertow/1
server
nginx
access-control-allow-credentials
true

Redirect headers

cache-control
no-cache
location
https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0&xl8blockcheck=1
access-control-allow-credentials
true
content-length
0
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif
x-powered-by
Undertow/1
server
nginx
yahoo
um.simpli.fi/
43 B
409 B
Image
General
Full URL
https://um.simpli.fi/yahoo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
43
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
sync
sync.bfmio.com/
Redirect Chain
  • https://um.simpli.fi/beachfront
  • https://sync.bfmio.com/sync?pid=141&uid=7DEEB55C4D1F4B0799E41E7096C9DA73
0
421 B
Image
General
Full URL
https://sync.bfmio.com/sync?pid=141&uid=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
HTTP/1.1
Server
52.73.21.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-21-157.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Date
Tue, 22 Oct 2024 00:20:52 GMT
Connection
keep-alive

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://sync.bfmio.com/sync?pid=141&uid=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
29931
stags.bluekai.com/site/
Redirect Chain
  • https://um.simpli.fi/bluekai
  • https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73
27 B
27 B
Image
General
Full URL
https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
HTTP/1.1
Server
2.23.197.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-23-197-190.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5607bc0b49036b5f13acf3f5767e0fb2fb947f5369bda253939e78e2b11f85b4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Connection
keep-alive
Expires
Tue, 22 Oct 2024 00:20:52 GMT
Content-Length
27
Date
Tue, 22 Oct 2024 00:20:52 GMT
AK-GRN
0.98d01702.1729556452.140b80e
Content-Type
text/html

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
tpid=7DEEB55C4D1F4B0799E41E7096C9DA73
bcp.crwdcntrl.net/map/c=7625/tp=SIMP/
Redirect Chain
  • https://um.simpli.fi/crwdcntrl
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73
49 B
266 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
H2
Server
54.72.108.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-72-108-116.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache
pragma
no-cache
expires
0
access-control-allow-origin
*
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
49
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif
x-server
10.45.21.145
server
Jetty(9.4.38.v20210224)

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
merge
ce.lijit.com/
Redirect Chain
  • https://um.simpli.fi/lj_match
  • https://ce.lijit.com/merge?pid=2&3pid=7DEEB55C4D1F4B0799E41E7096C9DA73
0
223 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=2&3pid=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
H2
Server
34.242.121.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-242-121-27.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

expires
Fri, 20 Mar 2009 00:00:00 GMT
cache-control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Tue, 22 Oct 2024 00:20:52 GMT
pragma
no-cache
vary
Accept-Encoding
x-merge
GDPR Optout true

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://ce.lijit.com/merge?pid=2&3pid=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
419566.gif
idsync.rlcdn.com/
Redirect Chain
  • https://um.simpli.fi/liveramp_match
  • https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73
0
98 B
Image
General
Full URL
https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
H2
Server
35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
/
www.google.de/pagead/1p-conversion/1026675585/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1729556451902&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHB...
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDs...
  • https://www.google.de/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQ...
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSKQDpaXnfbF1UqGHHo6kZ5SC7mKISp4x66a-dMMLw3PtLhIpxP8i1s62b&random=2407399201&ipr=y
Protocol
H3
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.de/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSKQDpaXnfbF1UqGHHo6kZ5SC7mKISp4x66a-dMMLw3PtLhIpxP8i1s62b&random=2407399201&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
spotx_match
um.simpli.fi/
0
272 B
Image
General
Full URL
https://um.simpli.fi/spotx_match
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.62.91.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-methods
GET, POST, OPTIONS
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-origin
*
date
Tue, 22 Oct 2024 00:20:52 GMT
x-content-type-options
nosniff
setuid
ib.adnxs.com/
Redirect Chain
  • https://um.simpli.fi/an
  • https://ib.adnxs.com/setuid?entity=66&code=7DEEB55C4D1F4B0799E41E7096C9DA73
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=66&code=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
H2
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
facfd5ba-9c62-4acc-bc47-65352998d9de
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://ib.adnxs.com/setuid?entity=66&code=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://um.simpli.fi/rb_match
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=7DEEB55C4D1F4B0799E41E7096C9DA73&expires=365
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=7DEEB55C4D1F4B0799E41E7096C9DA73&expires=365
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
7d6e3b6fefbbeb4d018118d74243a2fc
Pragma
no-cache
Content-Type
image/gif

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=7DEEB55C4D1F4B0799E41E7096C9DA73&expires=365
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://um.simpli.fi/ox_match
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=7DEEB55C4D1F4B0799E41E7096C9DA73
43 B
264 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072966&val=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
private, max-age=0, no-cache
pragma
no-cache
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Tue, 22 Oct 2024 00:20:51 GMT
content-type
image/gif
vary
Accept
server
OXGW/0.0.0

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://us-u.openx.net/w/1.0/sd?id=537072966&val=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
*
content-length
142
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
pixel
cm.g.doubleclick.net/
170 B
409 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)
sa.css
tags.srv.stackadapt.com/
65 B
203 B
Stylesheet
General
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.222.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-222-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
a30bb9458dd13fdc8c80f92b3532fa21dd7b5459a0b48eeea0c3bf71dec1ec93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin
*
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
65
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/css
sa.jpeg
tags.srv.stackadapt.com/
0
2 KB
Fetch
General
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.222.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-222-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin
*
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
651
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/jpeg
s49903071052839
cyberark.sc.omtrdc.net/b/ss/cyberarkproduction/1/JS-2.27.0-LEWM/
43 B
389 B
XHR
General
Full URL
https://cyberark.sc.omtrdc.net/b/ss/cyberarkproduction/1/JS-2.27.0-LEWM/s49903071052839
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-27.data.adobedc.net
Software
jag /
Resource Hash
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, no-store, max-age=0, no-transform, private
pragma
no-cache
etag
3714194200525012992-4618239780686736093
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin
https://www.cyberark.com
p3p
CP="This is not a P3P policy"
content-length
43
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
1; mode=block
last-modified
Wed, 23 Oct 2024 00:20:52 GMT
vary
*
server
jag
content-type
image/gif;charset=utf-8
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=286320195733404&ev=PageView&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&rl=&if=false&ts=1729556452044&sw=1600&sh=1200&v=2.9.172&r=stable&ec=0&o=12318&fbp=fb.1.1729556452043.29023590965155466&cs_est=true&ler=empty&cdl=API_unavailable&it=1729556451825&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=32, rtx=0, c=10, mss=1328, tbw=2923, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=286320195733404&ev=PageView&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&rl=&if=false&ts=1729556452044&sw=1600&sh=1200&v=2.9.172&r=stable&ec=0&o=12318&fbp=fb.1.1729556452043.29023590965155466&cs_est=true&ler=empty&cdl=API_unavailable&it=1729556451825&coo=false&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7428388398702965151"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
YUPa2WyFoaiRV52k72VZHAcjs6blIsA0T2sNRfxJHkSvTEa6S9EOnEwlt4KxhwUPLdQFEeF56fV9ZhFGxjMjVw==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7428388398702965151", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=32, rtx=0, c=10, mss=1328, tbw=3241, tp=-1, tpl=-1, uplat=180, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
saq_pxl
tags.srv.stackadapt.com/
116 B
311 B
XHR
General
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=jVuggUzL4Z1pNoK2f21A_Q&is_js=true&landing_url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&t=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&tip=QgFbgZCrwQrQO976_9j4dg_7nanCznCet4NuByXsMgE&host=https%3A%2F%2Fwww.cyberark.com&sa_conv_data_css_value=%270-a85b802f-86f5-5544-7197-56414755013b%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9a85b802f86f55544719756414755013bd972d783&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIHA3H2EEmQtKCcneGn8odvHKBl4NWP20rZid3RNg5kptENYBGAQg49_buAYwAToEQN4Ii0IEHcE6fw.Cjt%252BJoOFByImqvUmnVxJsEKyJ3cqPsnyHPGKfKClEfc&sa-user-id-v2=s%253AqFuAL4b1VURxl1ZBR1UBO9ly14M.NBHHbbL%252F1WEzhB%252FcQWfEG7fSHshc3ZePsRTUji6yEVs&sa-user-id=s%253A0-a85b802f-86f5-5544-7197-56414755013b.IDSYYOUm01kjppRzsngxvGR7KTDsl%252Fky1aI%252F1WzCoBM
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.222.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-222-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
c7295f0f8c9fbfaeb021c7f80e61b2ebc9c3312995a17fb8ba238ce9068c9734

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-methods
GET
access-control-allow-origin
https://www.cyberark.com
content-length
116
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
text/plain; charset=utf-8
access-control-allow-credentials
true
access-control-allow-headers
*
iframe
d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/ Frame DC6E
Redirect Chain
  • https://insight.adsrvr.org/tags/0v1kpom/u9beit9/iframe
  • https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
0
0
Document
General
Full URL
https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/code/08773fb052a2034353e4744495485b88.js?conditionId0=4910939
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.83.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-83-200.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Age
66665
Cache-Control
max-age=86400
Connection
keep-alive
Content-Length
138
Content-Type
text/html
Date
Mon, 21 Oct 2024 05:50:09 GMT
ETag
"d45046dc61fcd53aaf217c2c9496ec77"
Last-Modified
Fri, 01 Oct 2021 23:43:18 GMT
Server
AmazonS3
Via
1.1 6c9a2d99a25484f38efa27d58a726b2c.cloudfront.net (CloudFront)
X-Amz-Cf-Id
9JGkShRmHaW_YCw6Vga5d2dQjRMtnrXejw1hJ6cYUo-bBmyE3HTi2g==
X-Amz-Cf-Pop
FRA2-C2
X-Cache
Hit from cloudfront
x-amz-server-side-encryption
AES256

Redirect headers

content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
location
https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A51%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"5e502810-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:52 GMT
accept-ranges
bytes
content-length
43
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
image/gif
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
core
js.driftt.com/ Frame 2270
0
0
Document
General
Full URL
https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=f6bafa70-4051-428e-bfd3-3a1454b90d46&sessionStarted=1729556452.237&campaignRefreshToken=843b3c86-3638-43d6-96e7-4bf0f959d0b2&hideController=false&pageLoadStartTime=1729556448519&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1729556700000/ey22i6m9p82y.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-73.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 22 Oct 2024 00:20:52 GMT
etag
W/"323cf43fb7dd4d8ce2fbf72604328721"
last-modified
Fri, 11 Oct 2024 18:46:52 GMT
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 e0bdfd4f00aaa5b927cf38c4eda059ca.cloudfront.net (CloudFront)
x-amz-cf-id
wkRPvRcQCg9izv1e0HZ3eU5Sv_DsVobAQY1Mf-1-oeAOvArTw-N6qg==
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
KOzChVsUmRwQhfJPojbnFLzc1Y3kJgXL
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
23
chat
js.driftt.com/core/ Frame 82D1
0
0
Document
General
Full URL
https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1729556448519
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1729556700000/ey22i6m9p82y.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-73.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 22 Oct 2024 00:20:52 GMT
etag
W/"323cf43fb7dd4d8ce2fbf72604328721"
last-modified
Fri, 11 Oct 2024 18:46:52 GMT
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 e0bdfd4f00aaa5b927cf38c4eda059ca.cloudfront.net (CloudFront)
x-amz-cf-id
zVHMkPOAXY7FT90Nu172fgQet21MygwlXgODgR9W6XKdMWWazHYC5A==
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
KOzChVsUmRwQhfJPojbnFLzc1Y3kJgXL
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
20
mon
obs.segreencolumn.com/
0
148 B
XHR
General
Full URL
https://obs.segreencolumn.com/mon
Requested by
Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin
https://www.cyberark.com
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
mon
obs.segreencolumn.com/
0
16 B
XHR
General
Full URL
https://obs.segreencolumn.com/mon
Requested by
Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin
https://www.cyberark.com
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
pixel
cm.g.doubleclick.net/
170 B
232 B
Script
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=4084603115321777412&pixelIndex=0
Requested by
Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
071d0a5d172af491aedca9041f20e830d25fd4d339a1006bca3bed949069aa30
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)
blank.png
s.dpmsrv.com/
Redirect Chain
  • https://a.usbrowserspeed.com/cs?pid=d177d942cb8207b52f57818feb9bb79a7b77ce6e0ed688e3af36875661b9be1d&r=https%3A%2F%2Fs.dpmsrv.com%2Fblank.png&puid=62_4084603115321777412
  • https://s.dpmsrv.com/blank.png
563 B
1 KB
Image
General
Full URL
https://s.dpmsrv.com/blank.png
Protocol
HTTP/1.1
Server
18.245.60.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-41.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
275bbb87cacfdec0c1259a2356fb3f2858f18e6f842d1fa1e5c8e8c16eb9a120

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

ETag
"0db3c937b3b1cedbed051c0f2592bc1e"
Age
72856
Connection
keep-alive
Via
1.1 9bd86598a7f45cc948aa2f9674ece0b2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
X-Cache
Hit from cloudfront
Content-Length
563
X-Amz-Cf-Id
L8z-D2fYxkm7GdlmrAoGVG57iMS6_jhtCLRs0nntHNxtRA-cH1s_vQ==
Date
Tue, 22 Oct 2024 00:20:14 GMT
Content-Type
image/png
Last-Modified
Tue, 11 Jun 2024 14:07:56 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P5
x-amz-server-side-encryption
AES256

Redirect headers

location
https://s.dpmsrv.com/blank.png
content-length
53
date
Tue, 22 Oct 2024 00:20:53 GMT
content-type
text/html; charset=utf-8
server
awselb/2.0
423396.gif
idsync.rlcdn.com/
0
42 B
Image
General
Full URL
https://idsync.rlcdn.com/423396.gif?partner_uid=4084603115321777412
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
/
px.ads.linkedin.com/wa/
0
194 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: D2D2920439E341F0A7453C24D9AA1F9A Ref B: FRAEDGE1820 Ref C: 2024-10-22T00:20:52Z
x-li-fabric
prod-ltx1
access-control-allow-credentials
true
x-li-uuid
AAYlBb39QrgsIeEdiTr8Cw==
x-li-proto
http/2
access-control-allow-origin
https://www.cyberark.com
x-cache
CONFIG_NOCACHE
date
Tue, 22 Oct 2024 00:20:52 GMT
vary
Origin
collect
www.google-analytics.com/
35 B
58 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1202403874&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP&ea=Organization&el=Keyweb%20AG&_u=aHBAgEABAAAAAGAEK~&jid=&gjid=&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&cd1=Keyweb%20AG&npa=1&z=1490896191
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

age
85615
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 21 Oct 2024 00:33:57 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
35
server
Golfe2
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=*&eid=18&u=AgAAAAAAAAAAACAgAAAAAABA&ut=Ag&h=Ag&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=*&eid=19&u=AgAAAAAAAAAAACAgAAAAAABA&ut=Ag&h=Ag&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=*&eid=20&u=AgAAAAAAAAAAACAgAAAAAABA&ut=Ag&h=Ag&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
collect
www.google-analytics.com/
35 B
58 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1202403874&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Opt-In%20Campaign%20Audience&el=Keyweb%20AG&_u=aHBAgEABAAAAAGAEK~&jid=&gjid=&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&cd1=Keyweb%20AG&npa=1&z=263422613
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

age
85615
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 21 Oct 2024 00:33:57 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
35
server
Golfe2
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=*&eid=21&u=AgAAAAAAAAAAACAgAAAAAABA&ut=Ag&h=Ag&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
a
www.googletagmanager.com/
0
14 B
Image
General
Full URL
https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=*&eid=22&u=AgAAAAAAAAAAACAgAAAAAABA&ut=Ag&h=Ag&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection
0
content-type
text/html
server
Google Tag Manager
collect
www.google-analytics.com/
35 B
58 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1202403874&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=All%20visitors&el=Keyweb%20AG&_u=aHBAgEABAAAAAGAEK~&jid=&gjid=&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&cd1=Keyweb%20AG&npa=1&z=1038398435
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

age
85615
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 21 Oct 2024 00:33:57 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
35
server
Golfe2
collect
www.google-analytics.com/
35 B
58 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1202403874&t=event&ni=1&_s=5&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Gartner%20MQ%202020&el=Keyweb%20AG&_u=aHBAgEABAAAAAGAEK~&jid=&gjid=&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&cd1=Keyweb%20AG&npa=1&z=177841722
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

age
85615
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 21 Oct 2024 00:33:57 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
35
server
Golfe2
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A52%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223002%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"615ccf10-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:53 GMT
accept-ranges
bytes
content-length
43
date
Tue, 22 Oct 2024 00:20:53 GMT
content-type
image/gif
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
mon
obs.segreencolumn.com/
0
39 B
XHR
General
Full URL
https://obs.segreencolumn.com/mon
Requested by
Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin
https://www.cyberark.com
content-length
0
date
Tue, 22 Oct 2024 00:20:53 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
index.php
a.dpmsrv.com/dpmpxl/
5 B
1 KB
Script
General
Full URL
https://a.dpmsrv.com/dpmpxl/index.php?dpmCid=&zn=&sn=&q=xSeg&v=1.x&ep%5Bids%5D=20714219&cl=62&pixelIndex=0&r=83053&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&id=4084603115321777412
Requested by
Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.159.177.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-159-177-125.compute-1.amazonaws.com
Software
/
Resource Hash
fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Max-Age
10
Cache-Control
no-cache, no-store, must-revalidate
content-encoding
gzip
Pragma
no-cache
Connection
keep-alive
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Expires
0
Access-Control-Allow-Origin
*
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length
31
Content-Type
text/javascript
Access-Control-Allow-Headers
content-type, accept
seg
ib.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/seg?member=827&add=20714219
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
973b7502-cac6-4a1d-8867-9f3a8a166fa6
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:53 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A53%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224003%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"63f020a0-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:54 GMT
accept-ranges
bytes
content-length
43
date
Tue, 22 Oct 2024 00:20:54 GMT
content-type
image/gif
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
mon
obs.segreencolumn.com/
0
39 B
XHR
General
Full URL
https://obs.segreencolumn.com/mon
Requested by
Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin
https://www.cyberark.com
content-length
0
date
Tue, 22 Oct 2024 00:20:54 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
index.php
a.dpmsrv.com/dpmpxl/
5 B
1 KB
Script
General
Full URL
https://a.dpmsrv.com/dpmpxl/index.php?dpmCid=&zn=&sn=&q=xSeg&v=1.x&ep%5Bids%5D=8179407%2C17469484%2C17455522%2C17469469%2C17469519%2C17503755%2C3781750&cl=62&pixelIndex=0&r=753495&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&id=4084603115321777412
Requested by
Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.159.177.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-159-177-125.compute-1.amazonaws.com
Software
/
Resource Hash
fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Max-Age
10
Cache-Control
no-cache, no-store, must-revalidate
content-encoding
gzip
Pragma
no-cache
Connection
keep-alive
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Expires
0
Access-Control-Allow-Origin
*
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length
31
Content-Type
text/javascript
Access-Control-Allow-Headers
content-type, accept
seg
ib.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/seg?member=827&add=8179407,17469484,17455522,17469469,17469519,17503755,3781750
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
67f17ab5-72ae-46ab-ac13-068bf7a1dcff
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4
px
secure.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/px?id=830208&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
124d9acc-9d93-48df-b8cd-4f4dbf40e6e2
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4
px
secure.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/px?id=1093460&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
cf3e9c8b-382b-4bbf-9210-13c1c62062ac
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4
px
secure.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/px?id=1092981&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
e7dd96fe-b9bf-427d-bc21-ee313a58eb8d
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4
px
secure.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/px?id=1093451&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
1a2ef569-dd17-415d-8de8-85ed690bbf8a
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4
px
secure.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/px?id=1093467&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
959c063f-d6b8-44ce-ae24-301bd7c129dc
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4
px
secure.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/px?id=1095425&t=2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
6250ac1e-2316-45c2-9983-2caf0464c2ed
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A54%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225004%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"60bb2e15-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:55 GMT
accept-ranges
bytes
content-length
43
date
Tue, 22 Oct 2024 00:20:55 GMT
content-type
image/gif
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
3.ee35dea2.chunk.js
js.driftt.com/conductor/assets/
158 B
852 B
Script
General
Full URL
https://js.driftt.com/conductor/assets/3.ee35dea2.chunk.js
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1729556700000/ey22i6m9p82y.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-77.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-version-id
rYV3Tk3yEytdzde9thJ_AN9ul6xSrvB.
etag
"e6714addd36102488fb27a980401fd36"
age
3024411
access-control-allow-methods
GET, POST, OPTIONS
x-cache
Hit from cloudfront
x-amz-cf-id
ivNghYQfgyRfGRBh3ngFOhBpv3wgz0ttAweo2RQCGp6DPI4s4fuDVg==
date
Tue, 17 Sep 2024 00:14:04 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 10 Sep 2024 14:51:22 GMT
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=31536000
x-envoy-upstream-service-time
13
access-control-allow-credentials
true
via
1.1 9ed190c9d6b2f812d19cbb317856ed88.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
158
x-amz-cf-pop
FRA60-P6
server
istio-envoy
x-amz-server-side-encryption
AES256
notification.5f7c6014.mp3
js.driftt.com/conductor/assets/media/
8 KB
8 KB
Media
General
Full URL
https://js.driftt.com/conductor/assets/media/notification.5f7c6014.mp3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-77.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

x-amz-version-id
S33UiBwNvliR50b2AEBpFOEOFBHHZpkx
etag
"5f7c6014cf73831f91963a668b71fbb9"
age
7953006
access-control-allow-methods
GET, POST, OPTIONS
x-cache
Hit from cloudfront
x-amz-cf-id
s2Ej_o_BYVVD9wns5b2CST4Ur00fj6XVQvbvfF5NkZ27yGPtauP-Yw==
date
Sun, 21 Jul 2024 23:10:49 GMT
content-type
audio/mpeg
last-modified
Thu, 18 Jul 2024 16:59:01 GMT
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
max-age=31536000
x-envoy-upstream-service-time
18
access-control-allow-credentials
true
Content-Range
bytes 0-7754/7755
via
1.1 9ed190c9d6b2f812d19cbb317856ed88.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
7755
x-amz-cf-pop
FRA60-P6
server
istio-envoy
x-amz-server-side-encryption
AES256
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A55%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226004%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-111-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control
max-age=0, no-cache, no-store
etag
"615ccf10-2b"
pragma
no-cache
x-content-type-options
nosniff
expires
Tue, 22 Oct 2024 00:20:56 GMT
accept-ranges
bytes
content-length
43
date
Tue, 22 Oct 2024 00:20:56 GMT
content-type
image/gif
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
mon
obs.segreencolumn.com/
0
39 B
XHR
General
Full URL
https://obs.segreencolumn.com/mon
Requested by
Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin
https://www.cyberark.com
content-length
0
date
Tue, 22 Oct 2024 00:20:56 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
img.gif
b.6sc.co/v1/beacon/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.cyberark.com
URL
blob:https://www.cyberark.com/9ea938e4-65fc-409a-9bd3-00e6a7fb2552
Domain
www.cyberark.com
URL
blob:https://www.cyberark.com/a4382447-0c84-4f17-898e-68d7799ca9d4
Domain
sync.intentiq.com
URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7DEEB55C4D1F4B0799E41E7096C9DA73
Domain
b.6sc.co
URL
https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A56%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227005%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29

Verdicts & Comments Add Verdict or Comment

189 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| dataLayer object| ubermenu_data object| EnlighterJS object| Hubs function| g_iFrameLoadDataCallback function| g_iFrameScrollCallback object| frontEndPage object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| Shared object| MBP object| html5 function| _ function| ufa object| Modernizr function| jQuery function| $ function| imagesLoaded function| getBomboraUuid function| getBomboraUrlId object| _ml function| loadMarketoTracking object| Munchkin object| obData function| getMatchingTileTag boolean| onbrandLoaded function| __ctcg_ct_45375_exec string| ufPageTitle string| prefix object| tagArray function| firstSubmission function| secondarySubmission function| persistParams function| getQueryString object| queryString function| submitQueryStrings object| urlArray function| stateControl function| previewField function| thirdPartyCTA function| thirdPartyCtaLink function| uber_supports function| uber_op function| uberMenu_openMega function| uberMenu_openFlyout function| uberMenu_close function| uberMenu_redrawSubmenus function| flexTable function| sha256 function| sha224 object| psArray object| topicArray object| industryArray object| typeArray object| stageArray object| personaArray string| tagPrefix object| ufTagArray object| digital_data object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| __target_telemetry object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate function| rtp object| _wq object| __dispatched__ function| rdt function| onYouTubeIframeAPIReady string| GoogleAnalyticsObject function| ga function| mktoMunchkinFunction function| mktoMunchkin function| AppMeasurement_Module_ActivityMap object| input function| AppMeasurement function| s_gi function| s_pgicq object| s function| gtag object| MunchkinTracker function| redditNormalizeEmail object| gaplugins object| gaGlobal object| gaData function| _truste_eumap object| truste string| userType object| $temp_box_overlay function| _truste_eu object| PREF_MGR_API_DEBUG object| PrivacyManagerAPI object| TRUSTE_CMAPI_DEBUG function| getInternetExplorerVersion function| consoleMessage function| makeGetRequest function| createCORSRequest object| ITLocalStorageAPI object| InsighteraUtil object| iiq object| ibq object| trackObj function| isCurrentSession function| addDynamicScript function| rtpRCMD object| AITag object| aiq object| AIConfig function| setButtonWidthHeight function| getDirectionForWidgetSide function| updateWidget function| initialize function| showWidgetCampaign function| hideWidgetCampaign function| injectContent function| execute function| destroy object| InsighteraWidget function| setTimeoutFunction object| exp_2_year function| loadRichMediaImage object| _6si object| _cq object| GooglebQhCsO function| drift string| _linkedin_data_partner_id function| fbq function| _fbq function| saq function| _saq function| extUrl object| ensBootstraps object| Bootstrapper function| alignElementPosition function| applyAttributeHeightToPics function| revertAttributeHeightToPics object| sifi_att_42656 function| lintrk boolean| _already_called_lintrk object| dpmPixels function| cookieWrite function| cookieRead string| g number| s_loadT object| s_i_cyberarkproduction object| res object| saCookies string| current_window_url_param object| 3eiXJRXgVuLsYGH9303q object| _driftFrames object| __post_robot_10_0_46__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked object| drift_event_listeners string| drift_display_mode string| drift_campaign_refresh number| drift_page_view_started number| drift_session_started string| drift_session_id object| drift_frameFactory object| ORIBILI object| drift_sentry_config string| thisTabID

80 Cookies

Domain/Path Name / Value
www.cyberark.com/ Name: _MGZ_
Value: k5k477tu63bhl8uqdve3saakuf
.cyberark.com/ Name: __cf_bm
Value: FqCYh3XfROu86jqQD6Rdmp15j1zMdZV9WCTrCRobp7M-1729556448-1.0.1.1-3rAB7KTzGi_72MoXiYDL0J3A9s3ndLUYgjntRHvCJ.zJyNwL_pt_s4kYSOF4rGjONSF2ot0njtkDrBa2nN9F8Q
.www.cyberark.com/ Name: _ufav
Value: b17d284342c640a6ae920085b5f52a09
.www.cyberark.com/ Name: _ufas
Value: ab4540eee47a47a492f0de62a59cd623
www.cyberark.com/ Name: ufentry
Value: 20241021.205049
.cyberark.com/ Name: at_check
Value: true
.cyberark.com/ Name: _cq_duid
Value: 1.1729556449.oyQePtFo1CuwwOkR
.cyberark.com/ Name: _cq_suid
Value: 1.1729556449.oRaS1qqnwi1C7ier
.cyberark.com/ Name: _gcl_au
Value: 1.1.157129000.1729556450
.demdex.net/ Name: demdex
Value: 17521897870795926943090136164194094885
.cyberark.com/ Name: AMCVS_9AB97041603F3EDB0A495C66%40AdobeOrg
Value: 1
.cyberark.com/ Name: _mkto_trk
Value: id:316-CZP-275&token:_mch-cyberark.com-1729556449735-82067
.cyberark.com/ Name: _rdt_uuid
Value: 1729556449792.9844c189-b22f-4d1d-83cc-d8043497f49e
.cyberark.com/ Name: _ga
Value: GA1.2.146266419.1729556450
.cyberark.com/ Name: _gid
Value: GA1.2.1583040074.1729556450
.cyberark.com/ Name: _dc_gtm_UA-44168172-9
Value: 1
.cyberark.com/ Name: TAsessionID
Value: fd5756fa-fd1b-45b4-97bf-c119069b26f3|NEW
.cyberark.com/ Name: notice_behavior
Value: expressed,eu
.cyberark.com/ Name: cf_clearance
Value: Cf6My.MAkYBnx52uFutE8fOPiTEP.Vj1rcDYg4TzW0E-1729556449-1.2.1.1-2XuFyYAsVwsiaOeO4DViAynziv91WekBzu9PMVdp8OZRc_q0elVktcNy6g.CQxAdPCnnlhSMo_5rkuaxVpe6itu4HPXdYb8KxV9FLRPcjQ4tROhAMZleC0OuvImtObIpFC2Ml0.OGViEnqOM9TEStSc5_JOowsDqaWPxpIOHnAj3xnVES9i6MDpemxSlIjjWgjaBI1rKeY66BZdrB.q5BfQxkqKmS3A8dMCX70VM9T0kllLONsShLEzNR0vikxvx7K0O_PbqafCzlTp7_LmnH5XIA8GD7RDSDnPysB_ImovCplW6nk_6YVrPJWq1dvuT4HUE3CYRPhtVNMAG7ObIStPobAly5oo0ml7W1WxCognd6XhSjfbCon7S6EoYDMPF
.cyberark.com/ Name: mbox
Value: session#a9db798c9972494f99961f3a433e9161#1729558310|PC#a9db798c9972494f99961f3a433e9161.37_0#1792801250
.cyberark.com/ Name: trwv.uid
Value: cyberarksoftware-1729556450086-440833af%3A1
.cyberark.com/ Name: trwsa.sid
Value: cyberarksoftware-1729556450086-624e3f6e%3A1
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
www.cyberark.com/ Name: _an_uid
Value: 0
www.cyberark.com/ Name: _gd_visitor
Value: 7ffbeec5-6b45-45f0-8a8b-0f4614620feb
www.cyberark.com/ Name: _gd_session
Value: ab6ea907-eb75-486e-8278-8c308a8301c4
.dpm.demdex.net/ Name: dpm
Value: 17521897870795926943090136164194094885
.cyberark.com/ Name: AMCV_9AB97041603F3EDB0A495C66%40AdobeOrg
Value: 179643557%7CMCIDTS%7C20019%7CMCMID%7C13433950944575235472312575952379861128%7CMCAAMLH-1730161249%7C6%7CMCAAMB-1730161249%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729563649s%7CNONE%7CMCSYNCSOP%7C411-20026%7CvVersion%7C5.5.0
obs.segreencolumn.com/ Name: cg_uuid
Value: 536d7477d19b9477c920606e748f10b0
.simpli.fi/ Name: suid
Value: 7DEEB55C4D1F4B0799E41E7096C9DA73
www.cyberark.com/ Name: dpm_url_count
Value: 1
.simpli.fi/ Name: uid_syncd_secure
Value: true
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: XANDR_PANID
Value: tYHS_Fum0qv83EfcDMcPt-Otkxih6PBThXrWql-p5BYKxaT_8LgzmvrJgXey0cJmrj9t8DzMUFlLh53DZF7OC1HlOAe4x9nADS1jq_BTWX4.
.adnxs.com/ Name: uuid2
Value: 4084603115321777412
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-a85b802f-86f5-5544-7197-56414755013b.IDSYYOUm01kjppRzsngxvGR7KTDsl%2Fky1aI%2F1WzCoBM
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-a85b802f-86f5-5544-7197-56414755013b.IDSYYOUm01kjppRzsngxvGR7KTDsl%2Fky1aI%2F1WzCoBM
tags.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AqFuAL4b1VURxl1ZBR1UBO9ly14M.NBHHbbL%2F1WEzhB%2FcQWfEG7fSHshc3ZePsRTUji6yEVs
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AqFuAL4b1VURxl1ZBR1UBO9ly14M.NBHHbbL%2F1WEzhB%2FcQWfEG7fSHshc3ZePsRTUji6yEVs
tags.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIHA3H2EEmQtKCcneGn8odvHKBl4NWP20rZid3RNg5kptENYBGAQg49_buAYwAToEQN4Ii0IEHcE6fw.Cjt%2BJoOFByImqvUmnVxJsEKyJ3cqPsnyHPGKfKClEfc
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIHA3H2EEmQtKCcneGn8odvHKBl4NWP20rZid3RNg5kptENYBGAQg49_buAYwAToEQN4Ii0IEHcE6fw.Cjt%2BJoOFByImqvUmnVxJsEKyJ3cqPsnyHPGKfKClEfc
www.cyberark.com/ Name: sa-user-id
Value: s%253A0-a85b802f-86f5-5544-7197-56414755013b.IDSYYOUm01kjppRzsngxvGR7KTDsl%252Fky1aI%252F1WzCoBM
www.cyberark.com/ Name: sa-user-id-v2
Value: s%253AqFuAL4b1VURxl1ZBR1UBO9ly14M.NBHHbbL%252F1WEzhB%252FcQWfEG7fSHshc3ZePsRTUji6yEVs
www.cyberark.com/ Name: sa-user-id-v3
Value: s%253AAQAKIHA3H2EEmQtKCcneGn8odvHKBl4NWP20rZid3RNg5kptENYBGAQg49_buAYwAToEQN4Ii0IEHcE6fw.Cjt%252BJoOFByImqvUmnVxJsEKyJ3cqPsnyHPGKfKClEfc
.cyberark.com/ Name: gpv_c51
Value: https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
.cyberark.com/ Name: s_nr30
Value: 1729556451974-New
.cyberark.com/ Name: s_cc
Value: true
.doubleclick.net/ Name: ar_debug
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUllMFZys5W9Yvhhm2ceDMuPgEylYM6spdLudexPQ-DR3vjYaIe3baaXMkWN
.cyberark.com/ Name: _fbp
Value: fb.1.1729556452043.29023590965155466
.bidr.io/ Name: bito
Value: AAHI5k7OLeAAABQqrzb0Wg
.bidr.io/ Name: bitoIsSecure
Value: ok
.linkedin.com/ Name: bcookie
Value: "v=2&40f4503b-033d-4e22-8930-60689b9f588f"
.linkedin.com/ Name: li_gc
Value: MTswOzE3Mjk1NTY0NTI7MjswMjHyhF5/CqNhqIlCSTD0VCu8i9BYVJd8Lo+eeL17VdKfvg==
.linkedin.com/ Name: lidc
Value: "b=TGST05:s=T:r=T:a=T:p=T:g=3142:u=1:x=1:i=1729556452:t=1729642852:v=2:sig=AQEPcQLw_trk8Mjs8kfFhpLmdlxyjQfp"
.tapad.com/ Name: TapAd_TS
Value: 1729556452217
.tapad.com/ Name: TapAd_DID
Value: 1de5d9c1-8f59-45de-ad8b-3bb6bb272d5e
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003%22%7D
www.cyberark.com/ Name: drift_campaign_refresh
Value: 843b3c86-3638-43d6-96e7-4bf0f959d0b2
.pro-market.net/ Name: anProfile
Value: "1ha0kfoj6gydt+1+1f=1+1g=1+1j=41+rs=s+rt=20011B60101000031012252E2F84BC77+s2=(slqeas)+vm=24-7DEEB55C4D1F4B0799E41E7096C9DA73"
.pro-market.net/ Name: anHistory
Value: "1ha0kfoj6gydt+2+!#7')%@#Ynk"
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.agkn.com/ Name: ab
Value: 0001%3AW0eVuACZxldz9L%2F9GQbBTMrLB9lQ85fd
.exelator.com/ Name: EE
Value: "cfe45b3d74c630311807747cef00370f"
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQSE5LdXENMk4xdwk2czYwNjQ0MLA3NzEPDk1zcDA2NwgbXFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDIckl%252BUWb6IhfXxUUpaQyLSopPBZ%252BMOAsAhQAqIg%253D%253D"
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003%22%7D
.agkn.com/ Name: u
Value: C|0AAAAAAAALqmsZAAAAAAA
.dpmsrv.com/ Name: dpm_pxl
Value: d6c130a41c0b6d987e80e0803d343e0745e0be1d
.dpmsrv.com/ Name: dpm_pxl_aid
Value: 4084603115321777412
www.cyberark.com/ Name: hasLiveRampMatch
Value: true
.bfmio.com/ Name: __141_cid
Value: 7DEEB55C4D1F4B0799E41E7096C9DA73
.bfmio.com/ Name: __io_cid
Value: c2a9c242261305bd3ea83a5db294c234c7f0598c
.cyberark.com/ Name: _ga_XTLTD7RKN5
Value: GS1.2.1729556450.1.0.1729556452.58.0.0
www.cyberark.com/ Name: drift_aid
Value: fff187c7-f545-4672-b089-73c425e23ec0
www.cyberark.com/ Name: driftt_aid
Value: fff187c7-f545-4672-b089-73c425e23ec0
.a.usbrowserspeed.com/ Name: tuid
Value: d0a4b5f2-bd7c-4814-a7ca-7427226ec028
.dpmsrv.com/ Name: xdpm_segs_62
Value:
.adnxs.com/ Name: anj
Value: dTM7k!M4.FEVNsVF']wIg2E>2x:ZP=!g]ht#MUVIpDj>lih.1^KF'gN4/]57IE?TpIEF8[_zj2`JB_#b4nu-MIEXXnKbRn]'U7[N!2>h9/+0J2!.C_apTyWd
.dpmsrv.com/ Name: xdpm_segsid_62
Value: 17469484%2C3781750%2C17469519%2C20714219%2C17455522%2C17503755%2C17469469%2C8179407
www.cyberark.com/ Name: dpm_time_site
Value: 4.001

6 Console Messages

Source Level URL
Text
worker verbose URL: blob:https://www.cyberark.com/9ea938e4-65fc-409a-9bd3-00e6a7fb2552(Line 1)
Message:
Error
network error URL: https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73
Message:
Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network error URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Message:
Refused to execute script from 'https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=4084603115321777412&pixelIndex=0' because its MIME type ('image/png') is not executable.
network error URL: https://idsync.rlcdn.com/423396.gif?partner_uid=4084603115321777412
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

316-czp-275.mktoresp.com
9920016.fls.doubleclick.net
a.dpmsrv.com
a.usbrowserspeed.com
aa.agkn.com
ad.doubleclick.net
alb.reddit.com
assets.adobedtm.com
b.6sc.co
bcp.crwdcntrl.net
c.6sc.co
cdnjs.cloudflare.com
ce.lijit.com
cihost.uberflip.com
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
cnv.event.prod.bidr.io
connect.facebook.net
consent-pref.trustarc.com
consent.trustarc.com
content.cdntwrk.com
cyberark.demdex.net
cyberark.sc.omtrdc.net
cyberark.tt.omtrdc.net
d.agkn.com
d1eoo1tco6rr5e.cloudfront.net
dpm.demdex.net
eb2.3lift.com
fei.pro-market.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.simpli.fi
ib.adnxs.com
idsync.rlcdn.com
in.ml314.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.driftt.com
loadm.exelator.com
ml314.com
munchkin.marketo.net
nexus.ensighten.com
ob.segreencolumn.com
obs.segreencolumn.com
pixel-config.reddit.com
pixel.rubiconproject.com
pixel.tapad.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
rtp-static.marketo.com
s.ad.smaato.net
s.dpmsrv.com
secure.adnxs.com
simplifi.partners.tremorhub.com
sjrtp6-cdn.marketo.com
sjrtp6.marketo.com
snap.licdn.com
stags.bluekai.com
stats.g.doubleclick.net
sync.1rx.io
sync.bfmio.com
sync.intentiq.com
sync.targeting.unrulymedia.com
tag.simpli.fi
tags.srv.stackadapt.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.cyberark.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.redditstatic.com
b.6sc.co
sync.intentiq.com
www.cyberark.com
104.102.34.125
104.16.69.86
13.107.42.14
13.224.189.52
13.224.189.92
13.225.83.200
142.250.184.230
142.250.185.226
142.250.186.130
15.197.193.217
151.101.193.140
151.101.65.140
172.217.16.198
18.245.60.41
18.245.86.73
18.245.86.77
18.66.102.3
192.28.146.116
192.28.147.68
2.23.197.190
2001:4860:4802:34::36
23.197.137.224
2600:1901:0:8eee::
2600:1f18:612b:4200:d0bf:d36:b5ac:b7f8
2600:1f18:e8a:cd08:3437:aff5:50c:d298
2600:9000:206f:4000:2:8f43:5780:93a1
2600:9000:20eb:6000:12:53a8:95c0:93a1
2600:9000:211e:b800:1b:5138:8a40:93a1
2600:9000:2490:ae00:18:15b9:5a80:93a1
2606:4700::6811:190e
2620:1ec:21::14
2a00:1288:80:807::2
2a00:1450:4001:80e::2003
2a00:1450:4001:81d::200a
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:830::200e
2a00:1450:400c:c06::9d
2a02:26f0:3500:10::210:a99
2a02:26f0:3500:58f::1e80
2a02:26f0:7100::210:172
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a04:4e42:600::396
3.126.222.51
34.111.113.62
34.117.77.79
34.208.53.22
34.242.121.27
34.250.214.229
34.91.62.186
34.98.64.218
35.174.248.58
35.204.89.238
35.244.174.68
37.252.171.85
46.228.174.117
52.17.118.158
52.17.200.40
52.222.236.93
52.48.129.25
52.57.232.9
52.73.21.157
54.159.177.125
54.72.108.116
54.77.122.229
54.78.254.47
63.140.62.27
66.235.152.225
69.173.144.139
76.223.111.18
95.101.111.184
0055d15dc97d09fc7eed2789abfe2c3039920d83ee38d86f43d223a84b2d8fba
0250e8c55348f0165caec330ed0138ccbb65cfe6535abc96fabea630163b3df1
0623e10825f73d9189d396ac17783eccc55e05af0f92dd84422d2bb8522680ec
071d0a5d172af491aedca9041f20e830d25fd4d339a1006bca3bed949069aa30
0ae1d8ff559d265d54750e40737826960c9948d43edfb72b2d33c7fb2dcd3ebb
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f73a273925d016886f0d993c95bd14be555b826b82afca044a9111ff0d9f2a9
1055046717fb33ae9b9d0205f0c5242d99138168002d54ace053c07e49c97b27
139f0fa0e925b7cfb066a495e136bb92914624aea888e8bbda0594595857af6f
143a1ee63c9fe87791cde6209d3716bf432ede02fc23ecbd064edfe1cc02bca9
15c49f20dcdf9710d0b5da0a667e2d3f449209599484dddbb242eee570724980
177628e7287755e9c42cb9adcee0d7b59183e2c1c9480a047005b39d806089c2
19bb468ba17ea560dc3b738083bfdfbe55dea24abc35be5d6889d1bc2fd31182
1afb09b056ef890af30cbc33888945853da97fd1fe059d6445d2da33666cdb40
1f120dbe60c10831180babf37afc0edb7c01e9f4e7b135cfedc58b3523c887fb
1f150486021d4182821249f13273a7a87862756e2b021e3d19121aaae6a2e09d
1fb7ee27fdfb34869f89aa51d9af1cf86ecc6800ab591ec3ca78f155742200b2
2023d576439d0a3c2f727055923e314484ca21b0790ac1bdfe2e8727723c39eb
232c6f6a7678304f9efaa26f30b1610debc2ba9f4cd636b5e6751c8d73761b92
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
275bbb87cacfdec0c1259a2356fb3f2858f18e6f842d1fa1e5c8e8c16eb9a120
27983c8670fbfe01d17c2a0fdd22394e69589bc13e249015da683900010d8b92
2a3715832a93638fea5b7278a3ec48a129918aa31fc99603f0b7630e565edf6f
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f
3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
329eba5224a490e972374a62dd94c61794c440471cc2d40a13a73d6586d7394d
3315068613710cfcc08a1d43d532aec5d37aaa6b78e6b51f1240cdd429652f10
33af9b233d5770f84d5a7235aebfce12c8c8aae4a7afe780a0d9b87b56c1dbf8
33bfff284b4455e2dd459c4bf0e6076a5fe5f8632b42b8ccd2dd5a0d55dbcfbb
37e95127d694d4e83ae2a63427d36108b85d8f116879c790c506a4f9dee75199
3a9ad67e7151a1a8910746fc45089d1188bf7dfd26532588beff8f03b3981281
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3cba90de30ba29910db391f8d0de52aa6b754f83fb6530a04ba6c6bc4f930893
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45aca110620ac12009925cac1e38aa4e71426a2b83ee7f356010069b45539d56
479dbd7adb24eeca702986de7d7d3f34fe50bba22cad3db36b488d09e2e08582
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4beb123e00f4bef8edecb3c7ddda6eb703d9fac9a91c24ddde2aef8a1cd49bc2
4bfc478aed04b437be702f1cf6622778ac8bb9609bdd9ad2ef61f8e43ef41512
4c19696ccf0a3d20cc773a19fb1f46883ddba620be1e670606e62b9db980fe60
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
524281b4e193562aa90fbd5101733e2738dd88d2171d4361f1b73b2e06a59bfe
54520ead7a4b3404f20b7e2344633752708cb393d277647f8a8b978c024a9758
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
5607bc0b49036b5f13acf3f5767e0fb2fb947f5369bda253939e78e2b11f85b4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56a4c695b3c177ae27175aebb8c2a661ba15e626d4d9fcca1fd610e21947f8fb
59a7a179044a073f8724448ebb09aef58d8874ffcbb4138c3f89482c3ea5db63
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5b637e98e4790e5e42030aacdedaefcfdfaaa725e6d3caa64c8670045517a35a
5bfb62b234f6963acd89b19dedfa1e75bca2ea85bbf491344424ba177eb6cd48
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
5cbd2c4ce1325baae0fa325bdd95a25a925b094d7e88fc6fcebb834a6906c5b4
5ceaaba22d75b58e04150311f596306562a3e595e27ed4b1dfa451b82dda9e50
5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec
5f1ce8e4dbea557201fd6da0c23fc8f2c7c24da938819d0e3e1dfcb2eb260ce3
60f515991307abd345708ae3d50ff9a7751c68c208e2586d992c3c6ff729d6b0
66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4
67916d020980b0b2146bf72b94ac76ba8f60b7258a0c5613ee1b0fe8379ba24c
67e2f25233ffe02ea0a70301e7440e6371d8943ca3f759b1d128b590e7e9419b
67e5974968ed8c4d0d8cc5a63788094985c36685f7e18b2e1643ded31d032088
688d6577ebeea79fd6e9ab9d09f9ac69a2cca4e6f2060776e9326aba482176bd
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6df77d3b54c491827193b069ec9c0da3b3a41eb06d8fdbc08d29f91c07093f73
6fe7e313748ef9c88c8bde3bd65111faf8cc408ae3cf0e32274c06a1145b3243
7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a
74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595
749f69ccbbd831343bc59cacc987b287a4eb26584e0e9e84b4d844cd0342344f
789ee7ec8ddfe397c857cf0799e6bb655608853a54b7bf6642cc4a4e1378fbf0
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9
8078cebf9ab8ba5c0802536ed68317072ca51f1cb5293db16d63f923aad2e011
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
88b4bd1c3c8e9af6516b562e9679955ff48479ee6a5771e97ef425d1c5425e1f
89fb40d3f8ee135b22cd7bb01f732702b537bbd12526aaf82ff53a0f37325c2a
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8dd7a7eeccaaffd8a75ac8a2420ae500376d9f7f652dd8545deebd399bb96cfa
8ea3873a69611e840472b4320bb35a35d9ce9bc51d253b7e57ee3bd8732be817
922ab2b3e5bf7c9aeccd33ed91a30e09c8f8c5dea4f853ce8be17e61becdb971
952f35790a58d6c58cd01db0b7994f8b1e3f2d4328f8dd2ed423c01579d403c6
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
9d9bceae4048b57ba01c25f2fdba932a9936f9ed3e7e43aabc1e463856c00db4
a02215e865c2949ab838df058f262ddc8d5361d613eeb881f97be60f1f1dc4bf
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362
a1b920e479c79dcaa01636fef3b9b80f2005e4f0aefb623e8e312a6cce834ea1
a249bcffb2d8e92a3bdff919def43b14841803ad93b80ffa864db1090e007594
a30bb9458dd13fdc8c80f92b3532fa21dd7b5459a0b48eeea0c3bf71dec1ec93
a36681fe4fd06eb0856952cddb2047065db39f00e819dbf0e9715540083f8198
a8d82e3be2a96b75953a364e418e7bbacf8c55438b4c9bcdaacc72d2e0cfdeca
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ad48841a67a5fe1429379e173147275e4e87794f01df53c9ec53257ebd3b1042
ae17c16afbea216707b2203ea1cf9bdb45b9bfe47d0f4ae3258ddbc6294dd02f
ae4fae929c4bc4e4df1273de5c1a2cccc944b0741850a882711ddbe1c1a74250
b122e173fb310c409d02c56e57eea40f1ea470fed839599c902b085d8fdb0129
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2f4e6e7c111bd008a79fa50a2f95fd41995df4f1995843910ff407c6e805f24
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
b98e0f76f97857fce1b3fbd8e9ed5775988e85fffd71dcc2422f8d012378ea34
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bce8ce0d0f68ceecff66a7d2a6c3dd78fce20c7595f4239a69909d7c5e2c363a
bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027
bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641
c14f6d26fa1f78e846b809a9bd0f2c0f61d5c20bd164a6b9794155d2a26a4286
c1cd0852f3077f1b059e16529d8de16acb490990d6cb796dd74873de0bfd8a91
c5965d5d4043ea8e2514e8d8b488720375088fae0c54a112eb029e83def9c4b5
c725d1f370fda095ffc8e000d4780897eb77b5708e28f8486c7ccbb3b7fc38a6
c7295f0f8c9fbfaeb021c7f80e61b2ebc9c3312995a17fb8ba238ce9068c9734
c927e5e6481bf7a50454e40f52e1d6a0384d68fc8c626778dc9f04273780aebd
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca82fdebe02da89a7878f169d27eda219b2034e7dd55a52acc4b6c47327b64e4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf59b9c3eb9ce46a4fa0a9745ca1ffe227c94acb49dc5bcfc8a582c75c202b26
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d4761d421bbf2f059126b9ce4f5e0a9f7bc83b046a58162780a2b9c3ab8c9a56
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
d999840e4597740dd31ed034dca5776a96d92d556d9b30d442c903725a1dc21d
da70aaab22df021fab995b92d471f3e92495729f3c219f5d676c6cae8239b417
da9ff7b06912466abc8c42b979f84706ce896098ab9ea85e81258426db80fdb0
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de2e29b346da4bc7fc22f9d1f1b548cc29d6fbbb07ec236e795a1a6853c6b1cf
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfc76c674eb8cd322245ee8562bee8ade2d3c6fe5d4f72e51b14c059a88db5bf
dfcf469c7a66c6b348b50f9cd98a103da4c6ba969f80fb88ee7fed530315b302
e3a815612bbd1985cde65c5e4f47ca80ebdb95fb6166c59188d3b26c6df90e85
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b5bb34030760357507f6f487e177477dbb8c7f671d2234ede059914a419a11
e432fc19ff8ba0b3e64243eb3b983293f3727e14899a63f67c12a1a34b9c26c8
e52c838f42938406d65ae685cc53e2d7c5dc09f2c2080f9d6baa6f66acb554c8
e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2
e8a9bf176b6fad2653eec220b27ad2aba42463150c6bfccceb446ef4545c0df7
e8b5fa15cdf049327e2516b875ebfc85c0d40eeb6d9da10ba2397b189d3509a2
e96abb18e70acf14065e3bacb0dbd6942579a85d3d69d9d7551bea9c627ca3a0
ea452041e2a080dde60b253797884b42af24197c86bcb0514d2526908d11f1d5
eee6eaf59f3744b188505112ab4f349b8a7bdb5a460a253042a55ce40373bf2f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef66e9df572ace7075e22087a9df85a85a3fd11f165b4da3d7881813b9684ccf
f4cfd4a5b95dfb31c47cd567d9719fc12a0453f6ff27e2872147a9740e4b9e56
f514531503c88d1dcd2951aa5ed98f3b188fe016f1a47fc2e2ba103c72173101
f5c6d1a4a78814a5c7684cfb348d04091c496cc2e9520d8f41741a3cf2c37e91
f7812c4e95ca8f1f951f6cdc39e851fa8495343245ee2679697ebdc2acbd76b7
fac1feb1a5135b9907789af41fd68ec31edf9912c62409f4aa47f91cef731769
fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe68ada9a3d8295f355417eee75328dc8b09a238e2a2cf2dcbb738d4e5ddc511