www.cyberark.com Open in urlscan Pro
104.16.69.86 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authenticati...
Submission: On October 22 via api (October 22nd 2024, 12:20:57 am UTC) from BY — Scanned from DE

Summary HTTP 238 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 67 IPs in 7 countries across 57 domains to perform 238 HTTP transactions. The main IP is 104.16.69.86, located in and belongs to CLOUDFLARENET, US. The main domain is www.cyberark.com. The Cisco Umbrella rank of the primary domain is 313134.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 28th 2024. Valid for: a year.

This is the only time www.cyberark.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 26	104.16.69.86 104.16.69.86	13335 (CLOUDFLAR...) (CLOUDFLARENET)
30	18.66.102.3 18.66.102.3	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2600:9000:20e... 2600:9000:20eb:6000:12:53a8:95c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE)
8	2a02:26f0:350... 2a02:26f0:3500:58f::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:249... 2600:9000:2490:ae00:18:15b9:5a80:93a1	16509 (AMAZON-02) (AMAZON-02)
17	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	23.197.137.224 23.197.137.224	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	52.48.129.25 52.48.129.25	16509 (AMAZON-02) (AMAZON-02)
7	2600:1f18:e8a... 2600:1f18:e8a:cd08:3437:aff5:50c:d298	14618 (AMAZON-AES) (AMAZON-AES)
4	13.224.189.92 13.224.189.92	16509 (AMAZON-02) (AMAZON-02)
12	95.101.111.184 95.101.111.184	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	104.102.34.125 104.102.34.125	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
6	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	35.174.248.58 35.174.248.58	14618 (AMAZON-AES) (AMAZON-AES)
1	52.17.200.40 52.17.200.40	16509 (AMAZON-02) (AMAZON-02)
1 1	54.77.122.229 54.77.122.229	16509 (AMAZON-02) (AMAZON-02)
1	66.235.152.225 66.235.152.225	16509 (AMAZON-02) (AMAZON-02)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
1	13.224.189.52 13.224.189.52	16509 (AMAZON-02) (AMAZON-02)
1	52.222.236.93 52.222.236.93	16509 (AMAZON-02) (AMAZON-02)
5	192.28.146.116 192.28.146.116	15224 (OMNITURE) (OMNITURE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2 12	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:710... 2a02:26f0:7100::210:172	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 3	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
3 3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3 3	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
3	18.245.86.77 18.245.86.77	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2600:9000:206... 2600:9000:206f:4000:2:8f43:5780:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
4	3.126.222.51 3.126.222.51	16509 (AMAZON-02) (AMAZON-02)
2	35.204.89.238 35.204.89.238	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	18.245.60.41 18.245.60.41	16509 (AMAZON-02) (AMAZON-02)
1	172.217.16.198 172.217.16.198	15169 (GOOGLE) (GOOGLE)
1 2	52.17.118.158 52.17.118.158	16509 (AMAZON-02) (AMAZON-02)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	54.159.177.125 54.159.177.125	14618 (AMAZON-AES) (AMAZON-AES)
17 22	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:211... 2600:9000:211e:b800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:612... 2600:1f18:612b:4200:d0bf:d36:b5ac:b7f8	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	34.250.214.229 34.250.214.229	16509 (AMAZON-02) (AMAZON-02)
1 1	52.57.232.9 52.57.232.9	16509 (AMAZON-02) (AMAZON-02)
2 2	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
1 2	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
1	52.73.21.157 52.73.21.157	14618 (AMAZON-AES) (AMAZON-AES)
1	2.23.197.190 2.23.197.190	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.72.108.116 54.72.108.116	16509 (AMAZON-02) (AMAZON-02)
1	34.242.121.27 34.242.121.27	16509 (AMAZON-02) (AMAZON-02)
2	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	63.140.62.27 63.140.62.27	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	13.225.83.200 13.225.83.200	16509 (AMAZON-02) (AMAZON-02)
2	18.245.86.73 18.245.86.73	16509 (AMAZON-02) (AMAZON-02)
1 1	34.208.53.22 34.208.53.22	16509 (AMAZON-02) (AMAZON-02)
238	67

26 104.16.69.86 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.cyberark.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 18.66.102.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-3.fra56.r.cloudfront.net

content.cdntwrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:20eb:6000:12:53a8:95c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cihost.uberflip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:26f0:3500:58f::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2490:ae00:18:15b9:5a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

ob.segreencolumn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.197.137.224 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-137-224.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.48.129.25 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-129-25.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f18:e8a:cd08:3437:aff5:50c:d298 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.segreencolumn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.189.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-92.fra2.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 95.101.111.184 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-184.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.102.34.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-34-125.deploy.static.akamaitechnologies.com

sjrtp6-cdn.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtp-static.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.174.248.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-248-58.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.200.40 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-200-40.eu-west-1.compute.amazonaws.com

cyberark.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.122.229 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-122-229.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.225 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-66-235-152-225.data.adobedc.net

cyberark.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

316-czp-275.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-52.fra2.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-93.fra56.r.cloudfront.net

consent-pref.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.28.146.116 (United States)

ASN15224 (OMNITURE, US)

sjrtp6.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 37.252.171.85 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::210:172 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.130 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.245.86.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-77.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:206f:4000:2:8f43:5780:93a1 (United States)

ASN16509 (AMAZON-02, US)

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

9920016.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.222.51 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-222-51.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.89.238 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 238.89.204.35.bc.googleusercontent.com

tag.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.60.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-41.fra60.r.cloudfront.net

s.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.118.158 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-118-158.eu-west-1.compute.amazonaws.com

cnv.event.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.159.177.125 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-177-125.compute-1.amazonaws.com

a.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 34.91.62.186 (Groningen, Netherlands) 17 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:b800:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:d0bf:d36:b5ac:b7f8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

simplifi.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.214.229 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-214-229.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.57.232.9 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-232-9.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:8eee:: (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:807::2 (United Kingdom) 1 redirects

ASN203220 (YAHOO-DEB, GB)

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.254.47 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.73.21.157 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-21-157.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.23.197.190 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-23-197-190.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.72.108.116 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-108-116.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.242.121.27 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-121-27.eu-west-1.compute.amazonaws.com

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-27.data.adobedc.net

cyberark.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.83.200 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-83-200.fra2.r.cloudfront.net

d1eoo1tco6rr5e.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.86.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-73.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.208.53.22 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-208-53-22.us-west-2.compute.amazonaws.com

a.usbrowserspeed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	cdntwrk.com content.cdntwrk.com — Cisco Umbrella Rank: 82621	2 MB
26	cyberark.com 1 redirects www.cyberark.com — Cisco Umbrella Rank: 313134	457 KB
24	simpli.fi 17 redirects tag.simpli.fi — Cisco Umbrella Rank: 4957 i.simpli.fi — Cisco Umbrella Rank: 4183 um.simpli.fi — Cisco Umbrella Rank: 913	13 KB
17	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	480 KB
13	6sc.co j.6sc.co — Cisco Umbrella Rank: 5626 c.6sc.co — Cisco Umbrella Rank: 6951 ipv6.6sc.co — Cisco Umbrella Rank: 5794 b.6sc.co — Cisco Umbrella Rank: 3611	22 KB
12	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 479 ib.adnxs.com — Cisco Umbrella Rank: 267	14 KB
10	doubleclick.net 4 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 136 googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 9920016.fls.doubleclick.net — Cisco Umbrella Rank: 744805 ad.doubleclick.net — Cisco Umbrella Rank: 150 cm.g.doubleclick.net — Cisco Umbrella Rank: 283	2 KB
9	marketo.com sjrtp6-cdn.marketo.com — Cisco Umbrella Rank: 112528 rtp-static.marketo.com — Cisco Umbrella Rank: 20384 sjrtp6.marketo.com — Cisco Umbrella Rank: 97420	182 KB
8	segreencolumn.com ob.segreencolumn.com — Cisco Umbrella Rank: 30124 obs.segreencolumn.com — Cisco Umbrella Rank: 24681	42 KB
8	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 430	105 KB
8	uberflip.com cihost.uberflip.com — Cisco Umbrella Rank: 109907	659 KB
7	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	425 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34	22 KB
6	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 3434 consent-pref.trustarc.com — Cisco Umbrella Rank: 15711	34 KB
5	dpmsrv.com s.dpmsrv.com — Cisco Umbrella Rank: 32050 a.dpmsrv.com — Cisco Umbrella Rank: 29811	20 KB
5	driftt.com js.driftt.com — Cisco Umbrella Rank: 6590	71 KB
5	gstatic.com fonts.gstatic.com	157 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	186 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 px4.ads.linkedin.com — Cisco Umbrella Rank: 6828	2 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2579	10 KB
4	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 4670	12 KB
4	google.de www.google.de — Cisco Umbrella Rank: 11271	255 B
4	google.com 3 redirects region1.analytics.google.com — Cisco Umbrella Rank: 4401 www.google.com — Cisco Umbrella Rank: 3	72 B
3	googleadservices.com 2 redirects www.googleadservices.com — Cisco Umbrella Rank: 89	3 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 243 cyberark.demdex.net — Cisco Umbrella Rank: 422256	2 KB
3	ml314.com ml314.com — Cisco Umbrella Rank: 1614 in.ml314.com — Cisco Umbrella Rank: 11277	13 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	3 KB
2	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 462	140 B
2	exelator.com 1 redirects loadm.exelator.com — Cisco Umbrella Rank: 1779	2 KB
2	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 1830 ups.analytics.yahoo.com — Cisco Umbrella Rank: 495	507 B
2	pro-market.net 2 redirects fei.pro-market.net — Cisco Umbrella Rank: 2566	872 B
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 542 d.agkn.com — Cisco Umbrella Rank: 782	1 KB
2	tapad.com 1 redirects pixel.tapad.com — Cisco Umbrella Rank: 446	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 503	730 B
2	bidr.io 1 redirects cnv.event.prod.bidr.io — Cisco Umbrella Rank: 18207	1 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	73 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 1994 alb.reddit.com — Cisco Umbrella Rank: 1330	761 B
2	omtrdc.net cyberark.tt.omtrdc.net — Cisco Umbrella Rank: 758458 cyberark.sc.omtrdc.net — Cisco Umbrella Rank: 347598	1 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1063	13 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3657	6 KB
1	usbrowserspeed.com 1 redirects a.usbrowserspeed.com — Cisco Umbrella Rank: 3106	262 B
1	cloudfront.net d1eoo1tco6rr5e.cloudfront.net
1	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 945	86 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 516	264 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 413	239 B
1	lijit.com ce.lijit.com — Cisco Umbrella Rank: 912	223 B
1	crwdcntrl.net bcp.crwdcntrl.net — Cisco Umbrella Rank: 976	266 B
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 1137	27 B
1	bfmio.com sync.bfmio.com — Cisco Umbrella Rank: 1507	421 B
1	tremorhub.com simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 6710	175 B
1	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 415	140 B
1	unrulymedia.com sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1136	378 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 582	236 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
1	mktoresp.com 316-czp-275.mktoresp.com — Cisco Umbrella Rank: 672915	318 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1371	490 B
0	intentiq.com Failed sync.intentiq.com Failed
238	57

	Domain	Requested by
30	content.cdntwrk.com	www.cyberark.com content.cdntwrk.com
26	www.cyberark.com	1 redirects www.cyberark.com content.cdntwrk.com
22	um.simpli.fi	17 redirects
17	www.googletagmanager.com	www.cyberark.com www.googletagmanager.com www.google-analytics.com
9	b.6sc.co	www.cyberark.com
8	assets.adobedtm.com	www.cyberark.com assets.adobedtm.com
8	cihost.uberflip.com	www.cyberark.com cihost.uberflip.com
7	secure.adnxs.com	j.6sc.co
7	obs.segreencolumn.com	ob.segreencolumn.com www.cyberark.com
7	cdnjs.cloudflare.com	www.cyberark.com cdnjs.cloudflare.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
5	ib.adnxs.com	2 redirects
5	js.driftt.com	www.cyberark.com js.driftt.com
5	sjrtp6.marketo.com	sjrtp6-cdn.marketo.com rtp-static.marketo.com
5	consent.trustarc.com	www.cyberark.com consent.trustarc.com
5	fonts.gstatic.com	fonts.googleapis.com
5	fonts.googleapis.com	www.cyberark.com cihost.uberflip.com
4	tags.srv.stackadapt.com	www.cyberark.com tags.srv.stackadapt.com
4	nexus.ensighten.com	www.googletagmanager.com nexus.ensighten.com
4	www.google.de	www.cyberark.com
3	a.dpmsrv.com	s.dpmsrv.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	www.google.com	3 redirects
3	googleads.g.doubleclick.net	3 redirects
3	www.googleadservices.com	2 redirects www.googletagmanager.com
3	rtp-static.marketo.com	sjrtp6-cdn.marketo.com
2	www.facebook.com
2	cm.g.doubleclick.net	s.dpmsrv.com
2	idsync.rlcdn.com
2	loadm.exelator.com	1 redirects
2	fei.pro-market.net	2 redirects
2	pixel.tapad.com	1 redirects
2	sync.1rx.io	2 redirects
2	cnv.event.prod.bidr.io	1 redirects
2	s.dpmsrv.com	www.cyberark.com
2	9920016.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	connect.facebook.net	www.cyberark.com connect.facebook.net
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	www.redditstatic.com	www.cyberark.com www.redditstatic.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	dpm.demdex.net	assets.adobedtm.com www.cyberark.com
2	munchkin.marketo.net	www.cyberark.com munchkin.marketo.net
2	ml314.com	www.cyberark.com ml314.com
1	a.usbrowserspeed.com	1 redirects
1	d1eoo1tco6rr5e.cloudfront.net	nexus.ensighten.com
1	insight.adsrvr.org	1 redirects
1	cyberark.sc.omtrdc.net	assets.adobedtm.com
1	us-u.openx.net
1	pixel.rubiconproject.com
1	ce.lijit.com
1	bcp.crwdcntrl.net
1	stags.bluekai.com
1	sync.bfmio.com
1	ups.analytics.yahoo.com
1	cms.analytics.yahoo.com	1 redirects
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	simplifi.partners.tremorhub.com
1	eb2.3lift.com
1	sync.targeting.unrulymedia.com
1	s.ad.smaato.net
1	px4.ads.linkedin.com
1	i.simpli.fi	tag.simpli.fi
1	ad.doubleclick.net
1	tag.simpli.fi	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	region1.analytics.google.com	www.googletagmanager.com
1	consent-pref.trustarc.com	consent.trustarc.com
1	alb.reddit.com	www.cyberark.com
1	pixel-config.reddit.com	www.redditstatic.com
1	316-czp-275.mktoresp.com	munchkin.marketo.net
1	cyberark.tt.omtrdc.net	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	cyberark.demdex.net	assets.adobedtm.com
1	in.ml314.com	ml314.com
1	sjrtp6-cdn.marketo.com	www.cyberark.com
1	ob.segreencolumn.com	www.cyberark.com
0	sync.intentiq.com Failed
238	80

This site contains links to these domains. Also see Links.

Domain
developer.cyberark.com
community.cyberark.com
cyberark.com
labs.cyberark.com
careers.cyberark.com
venafi.com
docs.cyberark.com
cyberark-customers.force.com
investors.cyberark.com
www.facebook.com
twitter.com
www.linkedin.com
github.com
docs.microsoft.com
aws.amazon.com
lp.cyberark.com
www.youtube.com

Subject Issuer	Validity	Valid
cyberark.com Cloudflare Inc ECC CA-3	`2024-01-28` - `2024-12-31`	a year	crt.sh
content.cdntwrk.com Amazon RSA 2048 M03	`2024-08-24` - `2025-09-22`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh
*.uberflip.com Amazon RSA 2048 M03	`2024-06-06` - `2025-07-04`	a year	crt.sh
upload.video.google.com WR2	`2024-09-30` - `2024-12-23`	3 months	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
*.segreencolumn.com Amazon RSA 2048 M03	`2024-06-18` - `2025-07-17`	a year	crt.sh
*.google-analytics.com WR2	`2024-09-30` - `2024-12-23`	3 months	crt.sh
event-horizon.gcp.bomm.in WR3	`2024-10-18` - `2025-01-16`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
*.gstatic.com WR2	`2024-09-30` - `2024-12-23`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-25` - `2025-10-26`	a year	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2024-03-16` - `2025-04-14`	a year	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
*.marketo.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-06` - `2025-04-03`	6 months	crt.sh
*.ml314.com Amazon RSA 2048 M02	`2024-09-14` - `2025-10-11`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-03-28`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-15` - `2025-09-15`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-10-13` - `2025-04-11`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-09-30` - `2024-12-23`	3 months	crt.sh
*.google.de WR2	`2024-09-30` - `2024-12-23`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.googleadservices.com WR2	`2024-09-30` - `2024-12-23`	3 months	crt.sh
drift.com Amazon RSA 2048 M03	`2024-07-30` - `2025-08-27`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-31` - `2024-10-29`	3 months	crt.sh
nexus.ensighten.com Amazon RSA 2048 M03	`2024-08-29` - `2025-09-28`	a year	crt.sh
*.doubleclick.net WR2	`2024-09-30` - `2024-12-23`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2024-08-09` - `2025-09-07`	a year	crt.sh
*.simpli.fi DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-12-07`	a year	crt.sh
*.dpmsrv.com Amazon RSA 2048 M02	`2024-02-16` - `2025-03-16`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
*.sc.omtrdc.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-07` - `2025-03-09`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-06` - `2025-03-05`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Frame ID: EF5261DB654C8AC03184ECEF8951ECE6
Requests: 227 HTTP requests in this frame

Frame: https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js
Frame ID: EBDC0C14854B8CAE488F301B06F9128E
Requests: 2 HTTP requests in this frame

Frame: https://cyberark.demdex.net/dest5.html?d_nsid=0
Frame ID: 93D5B0CBDC81F09115E814637EEEBEEF
Requests: 1 HTTP requests in this frame

Frame: https://consent.trustarc.com/get?name=crossdomain.html&domain=cyberark.com
Frame ID: A90BFFCAE2CA820CE808BD1D2DA3567B
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&country=de&action=notice&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=fd5756fa-fd1b-45b4-97bf-c119069b26f3&userType=NEW
Frame ID: 4B76FE0B2A14D8E74167809E845CC9AF
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.cyberark.com
Frame ID: 00999D4F1F60088613B8E50607C3BABD
Requests: 1 HTTP requests in this frame

Frame: https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Frame ID: D9BB821088F103BA944F78603EF4F654
Requests: 1 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
Frame ID: DC6E0D37D0D12B2BEEFAF818C21813D1
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=f6bafa70-4051-428e-bfd3-3a1454b90d46&sessionStarted=1729556452.237&campaignRefreshToken=843b3c86-3638-43d6-96e7-4bf0f959d0b2&hideController=false&pageLoadStartTime=1729556448519&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Frame ID: 22701E1B1B9C316542B7928646D751D0
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1729556448519
Frame ID: 82D1C8E9EA433103DBB3ED35512A3721
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

238
Requests

88 %
HTTPS

34 %
IPv6

57
Domains

80
Subdomains

67
IPs

7
Countries

4634 kB
Transfer

9665 kB
Size

80
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://developer.cyberark.com/
Title: Developer

Search URL Search Domain Scan URL

URL: https://community.cyberark.com/marketplace/s/
Title: Marketplace

Search URL Search Domain Scan URL

URL: https://cyberark.com/partners/
Title: Partners

Search URL Search Domain Scan URL

URL: https://labs.cyberark.com/
Title: CyberArk Labs

Search URL Search Domain Scan URL

URL: https://careers.cyberark.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://venafi.com/
Title: Venafi Machine Identity Management

Search URL Search Domain Scan URL

URL: https://docs.cyberark.com/
Title: Product Documentation

Search URL Search Domain Scan URL

URL: https://cyberark-customers.force.com/s/
Title: Technical Community

Search URL Search Domain Scan URL

URL: https://investors.cyberark.com/home/default.aspx
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Golden%20SAML:%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&url=https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&title=Golden%20SAML:%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&summary=CyberArk%20Labs%20discovered%20a%20new%20attack%20vector,%20dubbed%20%E2%80%9Cgolden%20SAML,%E2%80%9D%20which%20allows%20an%20attacker%20to%20authenticate%20across%20every%20service%20that%20uses%20SAML%202.0%20protocol%20as%20an%20SSO%20mechanism.
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&via=CyberArk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&title=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&summary=CyberArk%20Labs%20discovered%20a%20new%20attack%20vector%2C%20dubbed%20%E2%80%9Cgolden%20SAML%2C%E2%80%9D%20which%20allows%20an%20attacker%20to%20authenticate%20across%20every%20service%20that%20uses%20SAML%202.0%20protocol%20as%20an%20SSO%20mechanism.
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://github.com/cyberark/shimit
Title: new tool that implements this attack – shimit

Search URL Search Domain Scan URL

URL: https://github.com/gentilkiwi/mimikatz/wiki/module-~-kerberos#golden--silver
Title: golden ticket attack

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/server-2008/bb897402(v=msdn.10)
Title: Active Directory Federation Services

Search URL Search Domain Scan URL

URL: https://github.com/gentilkiwi/mimikatz
Title: mimikatz

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/blogs/security/how-to-set-up-federated-api-access-to-aws-by-using-windows-powershell
Title: https://aws.amazon.com/blogs/security/how-to-set-up-federated-api-access-to-aws-by-using-windows-powershell

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/blogs/security/enabling-federation-to-aws-using-windows-active-directory-adfs-and-saml-2-0/
Title: https://aws.amazon.com/blogs/security/enabling-federation-to-aws-using-windows-active-directory-adfs-and-saml-2-0/

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-single-sign-on-protocol-reference
Title: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-single-sign-on-protocol-reference

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.cyberark.com%2Fresources
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Check%20out%20what%27s%20happening%20at%20CyberArk%21&url=https%3A%2F%2Fwww.cyberark.com%2Fresources&via=CyberArk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.cyberark.com%2Fresources&title=English%20%E2%80%93%20CyberArk%20Software%20Inc%27s&summary=Check%20out%20what%27s%20happening%20at%20CyberArk%21
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://lp.cyberark.com/Stay-in-touch.html
Title: Tell Me How

Search URL Search Domain Scan URL

URL: https://community.cyberark.com/partners/s/login/
Title: Partner Community

Search URL Search Domain Scan URL

URL: https://twitter.com/CyberArk

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CyberArk

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyber-ark-software
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/cyberarksoftware
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86

https://www.cyberark.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js

Request Chain 98

https://cm.everesttech.net/cm/dd?d_uuid=17521897870795926943090136164194094885 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6

Request Chain 132

https://www.googleadservices.com/pagead/conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM HTTP 302
https://www.google.com/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSGwDpaXnfxY3mQY95f266y_ZpaVzSL6PHbuS3tw&random=3834910460 HTTP 302
https://www.google.de/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSGwDpaXnfxY3mQY95f266y_ZpaVzSL6PHbuS3tw&random=3834910460&ipr=y

Request Chain 142

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA HTTP 302
https://www.google.com/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA&is_vtc=1&cid=CAQSGwDpaXnfN_ik5DsA7V5F87PCLfN7SBxsUEXEYw&random=3621428707 HTTP 302
https://www.google.de/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA&is_vtc=1&cid=CAQSGwDpaXnfN_ik5DsA7V5F87PCLfN7SBxsUEXEYw&random=3621428707&ipr=y

Request Chain 151

https://9920016.fls.doubleclick.net/activityi;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps HTTP 302
https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Request Chain 156

https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=[ORDER]&ord=[CACHEBUSTER] HTTP 303
https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1

Request Chain 166

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&e_ipv6=AQL-FeYJ_xlFrAAAAZKxmRLIHBkldi8UpRj6oHwo-aTEUM7CMgEd3epqX12NLL2TA8_9v8vS_fUKIL1QDsDJ7ZY3VsRQ0g

Request Chain 167

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&dpmCid%3D%26zn%3D%26sn%3D%26q%3DxImp%26v%3D1.x%26cl%3D62%26pixelIndex%3D0%26r%3D78365%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.cyberark.com%252Fresources%252Fthreat-research-blog%252Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26dpmCid%253D%2526zn%253D%2526sn%253D%2526q%253DxImp%2526v%253D1.x%2526cl%253D62%2526pixelIndex%253D0%2526r%253D78365%2526tzOffset%253D-120%2526url%253Dhttps%25253A%25252F%25252Fwww.cyberark.com%25252Fresources%25252Fthreat-research-blog%25252Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps HTTP 302
https://a.dpmsrv.com/dpmpxl/index.php?id=4084603115321777412&dpmCid=&zn=&sn=&q=xImp&v=1.x&cl=62&pixelIndex=0&r=78365&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Request Chain 170

https://um.simpli.fi/smaato HTTP 302
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 171

https://um.simpli.fi/nexxen HTTP 302
https://sync.1rx.io/usersync/simplifi/7DEEB55C4D1F4B0799E41E7096C9DA73 HTTP 302
https://sync.1rx.io/usersync/simplifi/7DEEB55C4D1F4B0799E41E7096C9DA73?zcc=1&cb=1729556452210 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003

Request Chain 172

https://um.simpli.fi/triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=7969&xuid=7DEEB55C4D1F4B0799E41E7096C9DA73&dongle=yf3

Request Chain 173

https://um.simpli.fi/telaria_p HTTP 302
https://simplifi.partners.tremorhub.com/sync?UISF=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 174

https://um.simpli.fi/tapad HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 175

https://um.simpli.fi/ad_advisor HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=7DEEB55C4D1F4B0799E41E7096C9DA73 HTTP 302
https://d.agkn.com/pixel/10751/?che=1729556452276&ip=217.114.215.131&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219883205043000015856 HTTP 302
https://um.simpli.fi/aa_px?sk=219883205043000015856 HTTP 302
https://um.simpli.fi/empty.gif

Request Chain 176

https://um.simpli.fi/intentiq HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 179

https://um.simpli.fi/dtnx HTTP 302
https://fei.pro-market.net/engine?du=24;csync=7DEEB55C4D1F4B0799E41E7096C9DA73;mimetype=img; HTTP 302
https://fei.pro-market.net/engine?du=24;csync=7DEEB55C4D1F4B0799E41E7096C9DA73;mimetype=img;sr HTTP 302
https://cms.analytics.yahoo.com/cms?partner_id=DATCS HTTP 302
https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS

Request Chain 180

https://um.simpli.fi/exelatem HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0&xl8blockcheck=1

Request Chain 182

https://um.simpli.fi/beachfront HTTP 302
https://sync.bfmio.com/sync?pid=141&uid=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 183

https://um.simpli.fi/bluekai HTTP 302
https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 184

https://um.simpli.fi/crwdcntrl HTTP 302
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 185

https://um.simpli.fi/lj_match HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 186

https://um.simpli.fi/liveramp_match HTTP 302
https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 187

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1729556451902&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM HTTP 302
https://www.google.com/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSKQDpaXnfbF1UqGHHo6kZ5SC7mKISp4x66a-dMMLw3PtLhIpxP8i1s62b&random=2407399201 HTTP 302
https://www.google.de/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSKQDpaXnfbF1UqGHHo6kZ5SC7mKISp4x66a-dMMLw3PtLhIpxP8i1s62b&random=2407399201&ipr=y

Request Chain 189

https://um.simpli.fi/an HTTP 302
https://ib.adnxs.com/setuid?entity=66&code=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 190

https://um.simpli.fi/rb_match HTTP 302
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=7DEEB55C4D1F4B0799E41E7096C9DA73&expires=365

Request Chain 191

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=7DEEB55C4D1F4B0799E41E7096C9DA73

Request Chain 199

https://insight.adsrvr.org/tags/0v1kpom/u9beit9/iframe HTTP 301
https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe

Request Chain 206

https://a.usbrowserspeed.com/cs?pid=d177d942cb8207b52f57818feb9bb79a7b77ce6e0ed688e3af36875661b9be1d&r=https%3A%2F%2Fs.dpmsrv.com%2Fblank.png&puid=62_4084603115321777412 HTTP 302
https://s.dpmsrv.com/blank.png

238 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps Show response
www.cyberark.com/resources/threat-research-blog/ 295 KB
53 KB 476ms
371ms Document
text/html 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fac1feb1a5135b9907789af41fd68ec31edf9912c62409f4aa47f91cef731769

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8d6552d8fd1edba1-FRA
content-encoding: gzip
content-language: en
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/
content-type: text/html; charset=UTF-8
date: Tue, 22 Oct 2024 00:20:48 GMT
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
referrer-policy: unsafe-url
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 lato.css
content.cdntwrk.com/css/google-fonts/ 6 KB
965 B 151ms
44ms Stylesheet
text/css 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/css/google-fonts/lato.css?v=075928935a99
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88b4bd1c3c8e9af6516b562e9679955ff48479ee6a5771e97ef425d1c5425e1f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age: 0
content-encoding: gzip
etag: W/"37291223d8c6a87c6435a8740e28f134"
age: 204281
access-control-allow-methods: GET, HEAD
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: QujJwjB0E-ZjcXO5hfIaot4DIXdcU9eZBbP1el0YhPJg0ZI3B6anJQ==
date: Sat, 19 Oct 2024 15:36:08 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 16:51:46 GMT
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 hubs.d9fdeb361862fc14a04f.css
content.cdntwrk.com/css/hubs/ 267 KB
45 KB 157ms
50ms Stylesheet
text/css 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6fe7e313748ef9c88c8bde3bd65111faf8cc408ae3cf0e32274c06a1145b3243

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age: 0
content-encoding: gzip
etag: W/"3ce909070123f979fd732057f89d472d"
age: 544418
access-control-allow-methods: GET, HEAD
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: pJuu9FAsnaTch52IiAfxy6pk6VEQ2vMhEYCP3FJS6eL09OiT0XrnaQ==
date: Tue, 15 Oct 2024 17:07:10 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 16:51:46 GMT
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/ 101 KB
19 KB 76ms
40ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ceaaba22d75b58e04150311f596306562a3e595e27ed4b1dfa451b82dda9e50

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "660cc074-49fa"
age: 4644
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k7gR3SGP%2FF3hnEH82uIoFzazUS1bo8ASUcWsgxXQ%2BbRlcJAM4m8oER0ukk9voXCZDQ9eSw1A1IJleZPr2ENf1tRXMrMALRON4E8pdJJjYnqE3VmTIFLZlnPFhpIkzmdZojJoAyT%2FYZuldQ1ZfB89OXdF"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 12 Oct 2025 00:20:48 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 03 Apr 2024 02:35:32 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d6552db99dbd350-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18938
server: cloudflare

GET
H2 200 fontawesome.css
www.cyberark.com/wp-content/themes/understrap-child-1.0.1/includes/fontawesome/css/ 185 KB
40 KB 76ms
73ms Stylesheet
text/css 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/wp-content/themes/understrap-child-1.0.1/includes/fontawesome/css/fontawesome.css?ver=6.5.3

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1afb09b056ef890af30cbc33888945853da97fd1fe059d6445d2da33666cdb40

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
cf-bgj: minify
etag: W/"65d769a6-38532"
age: 1794757
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:48 GMT
cf-polished: origSize=230706
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: text/css
last-modified: Thu, 22 Feb 2024 15:35:02 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552db5fa3dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin: *
server: cloudflare

GET
H2 200 en.css
cihost.uberflip.com/cyberArk/master/build/en/ 527 KB
78 KB 136ms
36ms Stylesheet
text/css 2600:9000:20eb:6000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a8d82e3be2a96b75953a364e418e7bbacf8c55438b4c9bcdaacc72d2e0cfdeca

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

vary: Accept-Encoding
content-encoding: gzip
x-amz-meta-s3cmd-attrs: atime:1719209208/ctime:1719209208/gid:127/gname:docker/md5:40f5b02f6e24c823904ef4865208b47f/mode:33188/mtime:1719209208/uid:1001/uname:runner
etag: W/"40f5b02f6e24c823904ef4865208b47f"
age: 67014
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 6gl7izeb3JV-Iv42GhhBWY-NVVyDmDwT9fsOxNeRWqQ4hg6akzDDtQ==
date: Mon, 21 Oct 2024 05:43:55 GMT
content-type: text/css
last-modified: Mon, 24 Jun 2024 06:06:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/ 46 KB
9 KB 102ms
67ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03e60-b752"
age: 9707
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FCx%2FBTgi77239Vcow8ToByi5n2dAfPqVuuTFc7FBLyaso7XWhICffJzhVfz7y3gEQSLcKqvbxmnMtAAsQUHN92SUYZiaVU0IUgZNsHAoQBCP1NhPQkc%2BqPFo0NeQGz9fVZ9fe3PRCH%2F0aKQFmK1YFfj"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 12 Oct 2025 00:20:48 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 04 May 2020 16:10:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d6552db99d6d350-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8281
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 12 KB
2 KB 132ms
54ms Stylesheet
text/css 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400&display=swap

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

67e5974968ed8c4d0d8cc5a63788094985c36685f7e18b2e1643ded31d032088

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 21 Oct 2024 23:29:33 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 enlighterjs.min.css
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/ 78 KB
12 KB 68ms
66ms Stylesheet
text/css 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.css?ver=5.4.2

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"5f4d2349-13634"
age: 1794757
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:48 GMT
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 31 Aug 2020 16:20:25 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552db5fa5dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin: *
server: cloudflare

GET
H2 200 enlighterjs.min.js Show response
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/ 57 KB
20 KB 67ms
66ms Script
application/javascript 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.js?ver=5.4.2

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"5f4d2349-e307"
age: 1794757
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:48 GMT
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 31 Aug 2020 16:20:25 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552db6fa8dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin: *
server: cloudflare

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 132ms
55ms Stylesheet
text/css 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Mono&display=swap

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e52c838f42938406d65ae685cc53e2d7c5dc09f2c2080f9d6baa6f66acb554c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 21 Oct 2024 23:10:06 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 launch-e8e6adf0fe30.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/ 295 KB
87 KB 241ms
59ms Script
application/x-javascript 2a02:26f0:3500:58f::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8ea3873a69611e840472b4320bb35a35d9ce9bc51d253b7e57ee3bd8732be817

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "d8106e7ed0d53251d2398bfb6573cf8d:1726003825.401054"
expires: Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.cyberark.com
content-length: 88822
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/x-javascript
last-modified: Tue, 10 Sep 2024 21:30:25 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 84cf3062f98cbab994d639a975b2798e.js Show response
ob.segreencolumn.com/i/ 108 KB
40 KB 229ms
46ms Script
text/javascript 2600:9000:2490:ae00:18:15b9:5a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:ae00:18:15b9:5a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: 139f0fa0e925b7cfb066a495e136bb92914624aea888e8bbda0594595857af6f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=43200
content-encoding: gzip
etag: "1af88-ZO0JkB78fUqbeuh/eVjoywGTys4"
age: 18977
via: 1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
expires: Tue, 22 Oct 2024 07:04:31 GMT
x-cache: Hit from cloudfront
content-length: 40393
x-amz-cf-id: oMc1YDVW6vd2v3IpZcWbz2sTF066p8w8lywIol3lSPgJ8s3YzN_Tkg==
date: Mon, 21 Oct 2024 19:04:46 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: Caddy
x-amz-cf-pop: FRA56-P6

GET
H2 200 logo.svg
cihost.uberflip.com/cyberArk/OB-8671/build/assets/ 14 KB
5 KB 135ms
36ms Image
image/svg+xml 2600:9000:20eb:6000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cihost.uberflip.com/cyberArk/OB-8671/build/assets/logo.svg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 952f35790a58d6c58cd01db0b7994f8b1e3f2d4328f8dd2ed423c01579d403c6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

vary: Accept-Encoding
content-encoding: gzip
x-amz-meta-s3cmd-attrs: atime:1670855619/ctime:1670855619/gid:123/gname:docker/md5:f86c6ef84b83b048b2a5521fb36ab761/mode:33188/mtime:1670855619/uid:1001/uname:runner
etag: W/"f86c6ef84b83b048b2a5521fb36ab761"
age: 72306
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: ekSo_HGQzKPqLMMWYL8kpoY71y9j4XwM_wvqN3wIfpSDhXHNrRmr_Q==
date: Mon, 21 Oct 2024 04:15:43 GMT
content-type: image/svg+xml
last-modified: Mon, 12 Dec 2022 14:33:49 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256

GET
H2 200 cora-ai-nav.png
www.cyberark.com/wp-content/uploads/2024/05/ 20 KB
23 KB 63ms
62ms Image
image/webp 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2024/05/cora-ai-nav.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

789ee7ec8ddfe397c857cf0799e6bb655608853a54b7bf6642cc4a4e1378fbf0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "6647a196-7a87"
age: 1794671
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:48 GMT
cf-polished: origFmt=png, origSize=31367
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: image/webp
content-disposition: inline; filename="cora-ai-nav.webp"
vary: Accept
last-modified: Fri, 17 May 2024 18:27:34 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552db6fa9dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20100
server: cloudflare

GET
H2 200 Icons-Globe@2x.png
www.cyberark.com/wp-content/uploads/2020/12/ 456 B
4 KB 62ms
62ms Image
image/webp 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/12/Icons-Globe@2x.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45aca110620ac12009925cac1e38aa4e71426a2b83ee7f356010069b45539d56

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5fed076b-47b"
age: 1793855
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:48 GMT
cf-polished: origFmt=png, origSize=1147
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: image/webp
content-disposition: inline; filename="Icons-Globe@2x.webp"
vary: Accept
last-modified: Wed, 30 Dec 2020 23:04:11 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dbd820dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 456
server: cloudflare

GET
H2 200 ajax-loader-white-2x.gif
content.cdntwrk.com/img/hubs/ 3 KB
3 KB 59ms
59ms Image
image/gif 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/ajax-loader-white-2x.gif?v=19a554b579c4
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1cd0852f3077f1b059e16529d8de16acb490990d6cb796dd74873de0bfd8a91

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age: 0
etag: "5217392f882b27d35ec2e72946f2df7e"
age: 589653
access-control-allow-methods: GET, HEAD
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 1bzMv4cCOoynRaR2xipJZwMg08DM5nB4tMomKeoY7VFZOrTwNZ_Cbw==
date: Tue, 15 Oct 2024 04:33:16 GMT
content-type: image/gif
last-modified: Mon, 07 Oct 2024 16:51:53 GMT
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2707
x-amz-cf-pop: FRA56-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 chevron-down-64x64.png
content.cdntwrk.com/img/hubs/ 760 B
1 KB 55ms
51ms Image
image/png 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/chevron-down-64x64.png?v=78668873251b
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age: 0
etag: "26818bdf0706c780af4a52b44ea17fdc"
age: 89108
access-control-allow-methods: GET, HEAD
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: xpYKVJgp_buAq8Ue7dyQxBVA3UMP46CEZ-rL9gyWO5NzOIlUuoCI5w==
date: Sun, 20 Oct 2024 23:35:41 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 16:51:53 GMT
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 760
x-amz-cf-pop: FRA56-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 359 KB
118 KB 248ms
67ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

479dbd7adb24eeca702986de7d7d3f34fe50bba22cad3db36b488d09e2e08582

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 22 Oct 2024 00:20:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 22 Oct 2024 00:05:40 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 119665
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 Golden-SAML-image.png
www.cyberark.com/wp-content/uploads/2017/11/ 68 KB
71 KB 510ms
505ms Image
image/webp 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/Golden-SAML-image.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf59b9c3eb9ce46a4fa0a9745ca1ffe227c94acb49dc5bcfc8a582c75c202b26

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5d72f385-1c8b3"
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
cf-polished: origFmt=png, origSize=116915
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/webp
content-disposition: inline; filename="Golden-SAML-image.webp"
vary: Accept
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dd9a11dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 69266
server: cloudflare

GET
H2 200 Image-1.jpg
www.cyberark.com/wp-content/uploads/2017/11/ 55 KB
59 KB 193ms
188ms Image
image/webp 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/Image-1.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ae1d8ff559d265d54750e40737826960c9948d43edfb72b2d33c7fb2dcd3ebb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5d72f385-1eba9"
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
cf-polished: qual=85, origFmt=jpeg, origSize=125865
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/webp
content-disposition: inline; filename="Image-1.webp"
vary: Accept
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dd9a17dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56394
server: cloudflare

GET
H2 200 SAML-2.jpg
www.cyberark.com/wp-content/uploads/2017/11/ 18 KB
22 KB 206ms
202ms Image
image/jpeg 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/SAML-2.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2f4e6e7c111bd008a79fa50a2f95fd41995df4f1995843910ff407c6e805f24

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5d72f385-6a7a"
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
cf-polished: degrade=85, origSize=27258, status=webp_bigger
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/jpeg
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dd9a19dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18691
server: cloudflare

GET
H2 200 SAML-2-b.jpg
www.cyberark.com/wp-content/uploads/2017/11/ 40 KB
43 KB 216ms
212ms Image
image/jpeg 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/SAML-2-b.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9ff7b06912466abc8c42b979f84706ce896098ab9ea85e81258426db80fdb0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5d72f385-c9d3"
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
cf-polished: degrade=85, origSize=51667, status=webp_bigger
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/jpeg
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dd9a1bdba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 40688
server: cloudflare

GET
H2 200 ADFS-Public-Certificate.jpg
www.cyberark.com/wp-content/uploads/2017/11/ 12 KB
16 KB 286ms
282ms Image
image/jpeg 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/ADFS-Public-Certificate.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0055d15dc97d09fc7eed2789abfe2c3039920d83ee38d86f43d223a84b2d8fba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-cache-status: MISS
etag: "5d72f385-3142"
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/jpeg
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dd9a1cdba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12610
server: cloudflare

GET
H2 200 IdP-Name.jpg
www.cyberark.com/wp-content/uploads/2017/11/ 2 KB
6 KB 186ms
182ms Image
image/webp 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/IdP-Name.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da70aaab22df021fab995b92d471f3e92495729f3c219f5d676c6cae8239b417

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5d72f385-300e"
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
cf-polished: qual=85, origFmt=jpeg, origSize=12302
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/webp
content-disposition: inline; filename="IdP-Name.webp"
vary: Accept
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dd9a1ddba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2434
server: cloudflare

GET
H2 200 Role-name.jpg
www.cyberark.com/wp-content/uploads/2017/11/ 3 KB
6 KB 207ms
204ms Image
image/webp 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/Role-name.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eee6eaf59f3744b188505112ab4f349b8a7bdb5a460a253042a55ce40373bf2f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5d72f385-31b3"
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
cf-polished: qual=85, origFmt=jpeg, origSize=12723
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/webp
content-disposition: inline; filename="Role-name.webp"
vary: Accept
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dd9a1edba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2974
server: cloudflare

GET
H2 200 PS-aws.jpg
www.cyberark.com/wp-content/uploads/2017/11/ 4 KB
8 KB 196ms
192ms Image
image/webp 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/PS-aws.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59a7a179044a073f8724448ebb09aef58d8874ffcbb4138c3f89482c3ea5db63

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5d72f385-366a"
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
cf-polished: qual=85, origFmt=jpeg, origSize=13930
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/webp
content-disposition: inline; filename="PS-aws.webp"
vary: Accept
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dd9a1fdba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4146
server: cloudflare

GET
H2 200 PS-python.jpg
www.cyberark.com/wp-content/uploads/2017/11/ 20 KB
24 KB 210ms
206ms Image
image/webp 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/PS-python.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19bb468ba17ea560dc3b738083bfdfbe55dea24abc35be5d6889d1bc2fd31182

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5d72f385-7d2d"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=6G_cjHNfaL74vA05_z1_fBxhwrzO1DobMuEhD4lJQRw-1729556449-1.0.1.1-kEvbShSxxPrE9_BbKOylndFbv__8zehqQ2Xih6VPJRUgV6eH2tVtf4c8yXes2gX2u0B5qL_PXwH8AnUQznsn9yqsB2oauiWtmdzDLub3oQCXxUGDCn1.ZVmqolRPFatxahJPKed_uZJAxBY34L66R0IHAhArNFZczCv.z6nAVEo"}],"group":"cf-csp-endpoint","max_age":86400}
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
cf-polished: qual=85, origFmt=jpeg, origSize=32045
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/webp
content-disposition: inline; filename="PS-python.webp"
vary: Accept
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=6G_cjHNfaL74vA05_z1_fBxhwrzO1DobMuEhD4lJQRw-1729556449-1.0.1.1-kEvbShSxxPrE9_BbKOylndFbv__8zehqQ2Xih6VPJRUgV6eH2tVtf4c8yXes2gX2u0B5qL_PXwH8AnUQznsn9yqsB2oauiWtmdzDLub3oQCXxUGDCn1.ZVmqolRPFatxahJPKed_uZJAxBY34L66R0IHAhArNFZczCv.z6nAVEo; report-to cf-csp-endpoint
cf-ray: 8d6552dd9a20dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20136
server: cloudflare

GET
H2 200 operation-of-tool.jpg
www.cyberark.com/wp-content/uploads/2017/11/ 32 KB
36 KB 198ms
194ms Image
image/webp 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/11/operation-of-tool.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfcf469c7a66c6b348b50f9cd98a103da4c6ba969f80fb88ee7fed530315b302

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-bgj: imgq:85,h2pri
etag: "5d72f385-142b2"
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
cf-polished: qual=85, origFmt=jpeg, origSize=82610
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/webp
content-disposition: inline; filename="operation-of-tool.webp"
vary: Accept
last-modified: Sat, 07 Sep 2019 00:02:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552dd9a21dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33204
server: cloudflare

GET
H2 200 mediaproxy
content.cdntwrk.com/ 7 KB
7 KB 97ms
93ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2017%2F12%2FPredictions-e1513000344330.jpg&size=1&version=1718922359&sig=25183725287a8f589d78c190845ce651&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 0250e8c55348f0165caec330ed0138ccbb65cfe6535abc96fabea630163b3df1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 10605041
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 6908
x-amz-cf-id: EKzIuuYg_pPXeiAbuhAq38yV1_5lNeRyCMl6vTATzhrtgWvs9MwFEQ==
date: Fri, 21 Jun 2024 06:30:06 GMT
content-type: image/webp
content-disposition: inline; filename="Predictions-e1513000344330.webp"
last-modified: Fri, 21 Jun 2024 06:29:57 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 6 KB
6 KB 98ms
95ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2017%2F10%2Fplugin-e1508789670134.jpg&size=1&version=1718922359&sig=3d7223731d2f233e7c32519e60e21179&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: f7812c4e95ca8f1f951f6cdc39e851fa8495343245ee2679697ebdc2acbd76b7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 3079451
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 5812
x-amz-cf-id: _LQJP7lIkOHiagtqsReVvozXA5dI_utj8yUm1cuNW8ZeF0XCnSozOQ==
date: Mon, 16 Sep 2024 08:56:36 GMT
content-type: image/webp
content-disposition: inline; filename="plugin-e1508789670134.webp"
last-modified: Mon, 16 Sep 2024 08:56:27 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 30 KB
31 KB 100ms
97ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F08%2Fsecurity-analysis-of-azure.jpg&size=1&version=1724836584&sig=ce2a27c97cc205784185538023cbafcb&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 56a4c695b3c177ae27175aebb8c2a661ba15e626d4d9fcca1fd610e21947f8fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 4719764
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 30906
x-amz-cf-id: yq04VVCboUnbfTk6ZZ4pMYzqm5H1Ytr4gmRCofiPgFKeaTFIIsfqjw==
date: Wed, 28 Aug 2024 09:18:04 GMT
content-type: image/webp
content-disposition: inline; filename="security-analysis-of-azure.webp"
last-modified: Wed, 28 Aug 2024 09:17:54 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 103 KB
104 KB 105ms
101ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F08%2Fai-treason.png&size=1&version=1724832176&sig=854985ddfaae3088b2e719f656c503dd&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: c927e5e6481bf7a50454e40f52e1d6a0384d68fc8c626778dc9f04273780aebd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 4724164
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 105636
x-amz-cf-id: E_t8MsJ5Vh8q92Vf0u8M43iT0pPgD0By8jaVoVahxfPQq-W3_flKTQ==
date: Wed, 28 Aug 2024 08:04:43 GMT
content-type: image/webp
content-disposition: inline; filename="ai-treason.webp"
last-modified: Wed, 28 Aug 2024 08:04:34 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 18 KB
18 KB 102ms
99ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Fbrief-history.jpg&size=1&version=1724832176&sig=ed4175d6fc08019d967e03d8edae399a&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: c5965d5d4043ea8e2514e8d8b488720375088fae0c54a112eb029e83def9c4b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 4724082
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 18542
x-amz-cf-id: zy-1QU-282RWJ_blI_cyQsSd0S1j68dpv8yuHgN4WDHBzhKz06VB8A==
date: Wed, 28 Aug 2024 08:06:05 GMT
content-type: image/webp
content-disposition: inline; filename="brief-history.webp"
last-modified: Wed, 28 Aug 2024 08:05:55 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 18 KB
18 KB 107ms
104ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Fdouble-dipping-hero.jpg&size=1&version=1721914638&sig=3cdd00ffc171c6df7bbb7f6a3f9e756f&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 1055046717fb33ae9b9d0205f0c5242d99138168002d54ace053c07e49c97b27

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 7641600
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 18346
x-amz-cf-id: d2hIqYv77E4m-X2hyrl8WazwjZ3-sAPbgzrq3HaVUUBTuHgFRmj8lQ==
date: Thu, 25 Jul 2024 13:40:47 GMT
content-type: image/webp
content-disposition: inline; filename="double-dipping-hero.webp"
last-modified: Thu, 25 Jul 2024 13:40:38 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 155 KB
155 KB 106ms
103ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Flocal-privilege-escalation-vulnerability.png&size=1&version=1723021942&sig=4fae45bfb4adf70489250e22793e701c&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 2a3715832a93638fea5b7278a3ec48a129918aa31fc99603f0b7630e565edf6f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 6534347
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 158490
x-amz-cf-id: Ha-ZZvKlsBpD2l-MxMbrcNPYSxF9j-DaoU5Ql62GXraGRDnMHkHe-g==
date: Wed, 07 Aug 2024 09:15:00 GMT
content-type: image/webp
content-disposition: inline; filename="local-privilege-escalation-vulnerability.webp"
last-modified: Wed, 07 Aug 2024 09:14:50 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 15 KB
15 KB 103ms
100ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Fbypass-golang.jpg&size=1&version=1723019318&sig=5a3e1e48bbdb35e5985dfd5119f8eb85&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b5bb34030760357507f6f487e177477dbb8c7f671d2234ede059914a419a11

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 6536975
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 14880
x-amz-cf-id: 5g6UsIbtJnTYttZwPvE3PJL_LNgIOVRtF_FN4mDB735uuCBqNlkeBg==
date: Wed, 07 Aug 2024 08:31:13 GMT
content-type: image/webp
content-disposition: inline; filename="bypass-golang.webp"
last-modified: Wed, 07 Aug 2024 08:31:03 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 20 KB
20 KB 109ms
106ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F07%2Fcurrentstate-ofobrowser-cookies.jpg&size=1&version=1724348512&sig=7e1b942a6fca792d513a415d1c7569e2&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 2023d576439d0a3c2f727055923e314484ca21b0790ac1bdfe2e8727723c39eb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 5207888
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 20556
x-amz-cf-id: I8lI0WJmKW5Bdy_sAWwIBHQr4ebopCI-fcKctH5jBtMFLxU3MQ9nKw==
date: Thu, 22 Aug 2024 17:42:39 GMT
content-type: image/webp
content-disposition: inline; filename="currentstate-ofobrowser-cookies.webp"
last-modified: Thu, 22 Aug 2024 17:42:29 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 22 KB
22 KB 117ms
114ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F06%2Fkeycloak-blog-hero.jpg&size=1&version=1720633182&sig=446bfb24fb8e212122fde96e0d8b7af6&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 524281b4e193562aa90fbd5101733e2738dd88d2171d4361f1b73b2e06a59bfe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 8923191
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 22218
x-amz-cf-id: qMwwk8hweOzsycsEyHjvh4cNlbwoz8Vc4JvYsiNg9ohfB73R-wsSlQ==
date: Wed, 10 Jul 2024 17:40:57 GMT
content-type: image/webp
content-disposition: inline; filename="keycloak-blog-hero.webp"
last-modified: Wed, 10 Jul 2024 17:40:47 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 116 KB
116 KB 113ms
111ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F05%2Fcreepy-bed.png&size=1&version=1719845022&sig=6530dded9453b2f389f8885cf04d80a0&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: e3a815612bbd1985cde65c5e4f47ca80ebdb95fb6166c59188d3b26c6df90e85

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 9710898
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 118588
x-amz-cf-id: Ip15vPiGYOcUuUpFRB-jLtEYvQN1OB8sHtStYOGvJvXKtIyKU88GQg==
date: Mon, 01 Jul 2024 14:52:29 GMT
content-type: image/webp
content-disposition: inline; filename="creepy-bed.webp"
last-modified: Mon, 01 Jul 2024 14:52:20 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 122 KB
122 KB 114ms
111ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F04%2Flinux-with-syzkaller.png&size=1&version=1723019440&sig=fc031b634965a4a77cea69f70ff2c5f4&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: ef66e9df572ace7075e22087a9df85a85a3fd11f165b4da3d7881813b9684ccf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 6536975
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 124726
x-amz-cf-id: 1kd83bKVfciWGyeJuSrdbZMMZuWYhZw5tEbmzdCiBLBQWIokmXDltQ==
date: Wed, 07 Aug 2024 08:31:13 GMT
content-type: image/webp
content-disposition: inline; filename="linux-with-syzkaller.webp"
last-modified: Wed, 07 Aug 2024 08:31:03 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 24 KB
24 KB 114ms
111ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F03%2Fhero-labs-crumbled-security.jpg&size=1&version=1719543178&sig=eab423d3606b6a46f247e40b15bc3bc0&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 0623e10825f73d9189d396ac17783eccc55e05af0f92dd84422d2bb8522680ec

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 10012261
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 24254
x-amz-cf-id: H9ptqUWLFG38YVb3LYdEeY3fJ8El9H77MxAd1BMvDx3ENdWAyXXXQw==
date: Fri, 28 Jun 2024 03:09:46 GMT
content-type: image/webp
content-disposition: inline; filename="hero-labs-crumbled-security.webp"
last-modified: Fri, 28 Jun 2024 03:09:37 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 234 KB
235 KB 115ms
112ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F02%2Fcosmos-millions-from-the-blockchain.png&size=1&version=1718922360&sig=f935bb8b13cf3c88fd05cea3350b8e96&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 67916d020980b0b2146bf72b94ac76ba8f60b7258a0c5613ee1b0fe8379ba24c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 10633495
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 239536
x-amz-cf-id: -lAmvh3XRNIkXd6S0Iq4MloewC8HplIG7bdjAjglnYUlpKyMdCcqUg==
date: Thu, 20 Jun 2024 22:35:52 GMT
content-type: image/webp
content-disposition: inline; filename="cosmos-millions-from-the-blockchain.webp"
last-modified: Thu, 20 Jun 2024 22:35:43 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 6 KB
7 KB 117ms
115ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F07%2Fdeep-dive-into-penetration-testing.jpg&size=1&version=1719516434&sig=570c075b3b5f08e0cf019cb834b95c03&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 8dd7a7eeccaaffd8a75ac8a2420ae500376d9f7f652dd8545deebd399bb96cfa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 10039908
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 6536
x-amz-cf-id: EvqfRXMI2S6leO7h2jHBBrWDgywvvh0uQnZD1zZCxlJ8sS1vx9sdfw==
date: Thu, 27 Jun 2024 19:28:59 GMT
content-type: image/webp
content-disposition: inline; filename="deep-dive-into-penetration-testing.webp"
last-modified: Thu, 27 Jun 2024 19:28:50 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 142 KB
143 KB 115ms
113ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2024%2F01%2Fransomware-playing-a-broken-game.png&size=1&version=1724348911&sig=fe7d371eff9e4e05df01e80c10b6fe45&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: d999840e4597740dd31ed034dca5776a96d92d556d9b30d442c903725a1dc21d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 5206019
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 145488
x-amz-cf-id: JcXKDvc_7WStJ_tEPwNv28Bwz3JIcmopqPEkNWN7T5lFgvArLdHS8A==
date: Thu, 22 Aug 2024 18:13:48 GMT
content-type: image/webp
content-disposition: inline; filename="ransomware-playing-a-broken-game.webp"
last-modified: Thu, 22 Aug 2024 18:13:39 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 7 KB
7 KB 115ms
113ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F12%2Fsafenet-banner.jpg&size=1&version=1718922360&sig=35b3e26671c9eb0ae5c3789bac60eac1&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: bce8ce0d0f68ceecff66a7d2a6c3dd78fce20c7595f4239a69909d7c5e2c363a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 10633489
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 7054
x-amz-cf-id: Ek6zcZFUCBFnVld-3Pt6X0bhcL9ylNLM33yRjaG7qe_qrY-PUZTXXQ==
date: Thu, 20 Jun 2024 22:35:59 GMT
content-type: image/webp
content-disposition: inline; filename="safenet-banner.webp"
last-modified: Thu, 20 Jun 2024 22:35:49 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 142 KB
143 KB 115ms
113ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F10%2Ffuzzer_v.png&size=1&version=1718922360&sig=1c809e82f72d641941ffd6b01d025980&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: ae4fae929c4bc4e4df1273de5c1a2cccc944b0741850a882711ddbe1c1a74250

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 10633488
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 145452
x-amz-cf-id: i9FmLW7anPTp5hckWDl5fuyzLtdppp3FlpR7hEZ2xozDvbMx1qmZZg==
date: Thu, 20 Jun 2024 22:35:59 GMT
content-type: image/webp
content-disposition: inline; filename="fuzzer_v.webp"
last-modified: Thu, 20 Jun 2024 22:35:49 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 7 KB
8 KB 115ms
113ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Fnvme.jpg&size=1&version=1718922360&sig=9c537939ec4791ea60bcda14e758b8b2&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: fe68ada9a3d8295f355417eee75328dc8b09a238e2a2cf2dcbb738d4e5ddc511

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 10633486
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 7518
x-amz-cf-id: UyJpyUErCXNEAljyecOyUy1ReLe89CV9FDDi_He6BLt88HLWJIaFVw==
date: Thu, 20 Jun 2024 22:36:02 GMT
content-type: image/webp
content-disposition: inline; filename="nvme.webp"
last-modified: Thu, 20 Jun 2024 22:35:52 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 12 KB
12 KB 115ms
114ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Ffantastic-rootkits.jpg&size=1&version=1718922360&sig=775691fe9dbc60caf5bfad4fd64a4086&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: ad48841a67a5fe1429379e173147275e4e87794f01df53c9ec53257ebd3b1042

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 10633486
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 12384
x-amz-cf-id: lR0hXd7AlpXCe9m-h561pSJSQiYE-g8Tlb14r6H9Q7SlkvC_ZNkL3Q==
date: Thu, 20 Jun 2024 22:36:02 GMT
content-type: image/webp
content-disposition: inline; filename="fantastic-rootkits.webp"
last-modified: Thu, 20 Jun 2024 22:35:52 GMT

GET
H2 200 mediaproxy
content.cdntwrk.com/ 6 KB
7 KB 117ms
115ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F07%2Fdeep-dive-into-penetration-testing.jpg&size=1&version=1718922360&sig=38e5c710cb733305b6971d990596056f&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 8dd7a7eeccaaffd8a75ac8a2420ae500376d9f7f652dd8545deebd399bb96cfa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=1234567890
age: 10633493
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 6536
x-amz-cf-id: zae60gqYQSMfhxxVYf6XbbWsMELIjGEVQ2xWWDO5TYHxSUy3fe0oGg==
date: Thu, 20 Jun 2024 22:35:54 GMT
content-type: image/webp
content-disposition: inline; filename="deep-dive-into-penetration-testing.webp"
last-modified: Thu, 20 Jun 2024 22:35:45 GMT

GET
H2 200 email-decode.min.js Show response
www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
791 B 49ms
48ms Script
application/javascript 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"670fb497-4d7"
x-content-type-options: nosniff
cf-ray: 8d6552dc489cdba1-FRA
expires: Thu, 24 Oct 2024 00:20:48 GMT
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 12:41:59 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 hubs_app.d9fdeb361862fc14a04f.js Show response
content.cdntwrk.com/js/hubs/ 817 KB
245 KB 46ms
45ms Script
application/javascript 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/js/hubs/hubs_app.d9fdeb361862fc14a04f.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37e95127d694d4e83ae2a63427d36108b85d8f116879c790c506a4f9dee75199

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age: 0
content-encoding: gzip
etag: W/"76f576d4a665a073e2c3aa2714058e8e"
age: 589718
access-control-allow-methods: GET, HEAD
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: XzyRWFc3_eSQ0_KaMSBBCYXiGKG8XCXwkNXylpCp4mZH1IQczjojBw==
date: Tue, 15 Oct 2024 04:32:11 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 16:51:56 GMT
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 en.bundle.js Show response
cihost.uberflip.com/cyberArk/master/build/en/ 297 KB
86 KB 38ms
38ms Script
text/javascript 2600:9000:20eb:6000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.bundle.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca82fdebe02da89a7878f169d27eda219b2034e7dd55a52acc4b6c47327b64e4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

vary: Accept-Encoding
content-encoding: gzip
x-amz-meta-s3cmd-attrs: atime:1719348515/ctime:1719348515/gid:127/gname:docker/md5:afa69e89aefa16fe8d5c324f36a2a613/mode:33188/mtime:1719348515/uid:1001/uname:runner
etag: W/"afa69e89aefa16fe8d5c324f36a2a613"
age: 81137
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: ueBM5OkUCsob1oV9Xbbr5y71U2TqOPjfi2XAvnThusdK-CYeojD9bQ==
date: Mon, 21 Oct 2024 01:48:31 GMT
content-type: text/javascript
last-modified: Tue, 25 Jun 2024 20:48:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256

GET
H3 200 sha256.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/ 9 KB
4 KB 77ms
42ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/sha256.min.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03ec6-2339"
age: 439047
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RmF31bV9cmed3uDXsUSGcwYSCsF%2FraZsmsOFFIOeu%2FPjDx2O9K4RiQweSQPzegHG6FnCqwPDzphx0zVmh%2FgQbE4ST4aMFj7UB9WPs4NU1WzjI11VxpQOLjr6S9lCfYvrgTrclX%2BrhmEhpTwXg3scWKWb"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 12 Oct 2025 00:20:48 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:11:50 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d6552ddca7d9f40-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2977
server: cloudflare

GET
H2 200 External-darkblue.svg
www.cyberark.com/wp-content/uploads/2021/01/ 952 B
4 KB 186ms
185ms Image
image/svg+xml 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/01/External-darkblue.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f150486021d4182821249f13273a7a87862756e2b021e3d19121aaae6a2e09d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com .mktoutil.com mktoutil.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com .cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"60072571-3b8"
age: 1794672
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 19 Jan 2021 18:31:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552de5ac8dba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin: *
server: cloudflare

GET
H2 200 cyberark-logo-dark.svg
www.cyberark.com/wp-content/uploads/2021/01/ 4 KB
5 KB 179ms
178ms Image
image/svg+xml 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/01/cyberark-logo-dark.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67e2f25233ffe02ea0a70301e7440e6371d8943ca3f759b1d128b590e7e9419b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi dpmsrv.com .dpmsrv.com adnxs.com .adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"60d5d6b4-f6a"
age: 1793855
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 00:20:49 GMT
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 25 Jun 2021 13:14:28 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests;
cache-control: public, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d6552de5acadba1-FRA
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
access-control-allow-origin: *
server: cloudflare

GET
H2 200 css2
fonts.googleapis.com/ 11 KB
802 B 44ms
43ms Stylesheet
text/css 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans:ital,opsz,wght@0,9..40,100..1000;1,9..40,100..1000&family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700&display=swap

Requested by

Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5b637e98e4790e5e42030aacdedaefcfdfaaa725e6d3caa64c8670045517a35a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 22 Oct 2024 00:20:48 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 29 KB
2 KB 42ms
42ms Stylesheet
text/css 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap

Requested by

Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

688d6577ebeea79fd6e9ab9d09f9ac69a2cca4e6f2060776e9326aba482176bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 21 Oct 2024 23:02:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 676 KB
180 KB 45ms
45ms Stylesheet
text/css 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@100;300;400;500;700;900&display=swap

Requested by

Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

27983c8670fbfe01d17c2a0fdd22394e69589bc13e249015da683900010d8b92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:48 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 22 Oct 2024 00:07:18 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 ajax_ping Show response
www.cyberark.com/resources/hubsFront/ 49 B
342 B 187ms
186ms XHR
application/json 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_ping

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.d9fdeb361862fc14a04f.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: unsafe-url
cf-ray: 8d6552df6c47dba1-FRA
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date: Tue, 22 Oct 2024 00:20:49 GMT
x-xss-protection: 1; mode=block
content-type: application/json
content-language: en
server: cloudflare
x-frame-options: DENY

GET
H2 200 stats_temp_item_609327918x82031fb193d58aa563c3e0ede71ad00183b5b096fd533ba5f0c0edf0dc4e94061729556448946841d422cabd28ade3e68ef4888b4cbc525720a5ccf930b26da1879712ceae
www.cyberark.com/resources/hubsFront/signalMetricsTemp/ 0
178 B 204ms
203ms Image
text/html 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/resources/hubsFront/signalMetricsTemp/stats_temp_item_609327918x82031fb193d58aa563c3e0ede71ad00183b5b096fd533ba5f0c0edf0dc4e94061729556448946841d422cabd28ade3e68ef4888b4cbc525720a5ccf930b26da1879712ceae?t=1729556449169

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: unsafe-url
cf-ray: 8d6552df7c5ddba1-FRA
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date: Tue, 22 Oct 2024 00:20:49 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
content-language: en
server: cloudflare
x-frame-options: DENY

GET
H2 200 tag.aspx Show response
ml314.com/ 38 KB
13 KB 192ms
53ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?229
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=6sDw2Q==, md5=YyYW/xWCXwMKqzORpY7wQg==
content-encoding: br
age: 1878
x-goog-stored-content-encoding: identity
x-cache-hit: hit
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 39162
date: Mon, 21 Oct 2024 23:49:31 GMT
last-modified: Wed, 24 Jul 2024 19:30:50 GMT
content-type: application/javascript
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY3b4bR57eDeUsQGL9JOa_eBpdoEcGAALfIdbwz-hdWn0ySKRfGkJvo91vw3hDaJV4jHEIg
cache-control: public,max-age=3600
x-goog-storage-class: STANDARD
via: 1.1 google
cache-id: FRA
accept-ranges: bytes
x-goog-generation: 1721849450340665
content-length: 12522
server: UploadServer

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 185ms
55ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Content-Encoding: gzip
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Tue, 22 Oct 2024 00:20:49 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H3 200 sprite-1x.png
content.cdntwrk.com/img/hubs/ 59 KB
59 KB 56ms
55ms Image
image/png 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/sprite-1x.png
Requested by: Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a249bcffb2d8e92a3bdff919def43b14841803ad93b80ffa864db1090e007594

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css

Response headers

access-control-max-age: 0
etag: "9e7227669aa01cd19bcc27e802668929"
age: 241828
access-control-allow-methods: GET, HEAD
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: VQD_9XxRPS2QcND49R1nTPd5Xp5zTOyg3-u31LJP0VsEjWC-9D8slw==
date: Sat, 19 Oct 2024 05:10:22 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 16:51:54 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 60511
x-amz-cf-pop: FRA56-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
H3 200 uparrow.png
content.cdntwrk.com/img/hubs/ 194 B
545 B 58ms
56ms Image
image/png 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/uparrow.png
Requested by: Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1fb7ee27fdfb34869f89aa51d9af1cf86ecc6800ab591ec3ca78f155742200b2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://content.cdntwrk.com/css/hubs/hubs.d9fdeb361862fc14a04f.css

Response headers

access-control-max-age: 0
etag: "e5bbd7205c8f2ff1cd6c9f777f31da64"
age: 257610
access-control-allow-methods: GET, HEAD
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: yKTx_PfCJvgYz0EMWjFZakYj-3hLgVvZEzeDy_20HsjCxj6AzeZTCQ==
date: Sat, 19 Oct 2024 01:16:52 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Mon, 07 Oct 2024 16:51:54 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 194
x-amz-cf-pop: FRA56-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v17/ 12 KB
12 KB 113ms
65ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v17/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:ital,opsz,wght@0,9..40,100..1000;1,9..40,100..1000&family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://fonts.googleapis.com/

Response headers

age: 13382
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 21 Oct 2025 20:37:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 21 Oct 2024 20:37:47 GMT
last-modified: Thu, 24 Aug 2023 20:30:13 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12372
x-xss-protection: 0
server: sffe

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/webfonts/ 153 KB
153 KB 43ms
41ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae17c16afbea216707b2203ea1cf9bdb45b9bfe47d0f4ae3258ddbc6294dd02f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css

Response headers

cf-cdnjs-via: cfworker/kv
cf-cache-status: HIT
etag: "660cc074-262f0"
age: 9610
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFQsWErI2cMoArUHXkywx7zc9rQkoccfrWxk5qFwtiYbyvjURIzBq%2FgT9gj%2FJXNbqhjp0daiAheXAILd%2B8lXWsfNKDlcr9Rl5wIdThN11ix%2Frg4rlcfeaeq9cA0KkX0asZZodu9SFEfA4qbFJjHlNfav"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 12 Oct 2025 00:20:49 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/octet-stream; charset=utf-8
last-modified: Wed, 03 Apr 2024 02:35:32 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d6552e01825d350-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 156400
server: cloudflare

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 87ms
40ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://fonts.googleapis.com/

Response headers

age: 8486
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 21 Oct 2025 21:59:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 21 Oct 2024 21:59:23 GMT
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48236
x-xss-protection: 0
server: sffe

GET
H3 200 rP2Hp2ywxg089UriCZOIHQ.woff2
fonts.gstatic.com/s/dmsans/v15/ 61 KB
61 KB 85ms
38ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v15/rP2Hp2ywxg089UriCZOIHQ.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

177628e7287755e9c42cb9adcee0d7b59183e2c1c9480a047005b39d806089c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://fonts.googleapis.com/

Response headers

age: 563055
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 15 Oct 2025 11:56:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 15 Oct 2024 11:56:34 GMT
last-modified: Thu, 21 Mar 2024 23:58:50 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 62792
x-xss-protection: 0
server: sffe

GET
H2 200 FontAwesome6Pro-Light.woff2
cihost.uberflip.com/cyberArk/master/build/fonts/ 335 KB
336 KB 119ms
45ms Font
font/woff2 2600:9000:20eb:6000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/fonts/FontAwesome6Pro-Light.woff2
Requested by: Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 33bfff284b4455e2dd459c4bf0e6076a5fe5f8632b42b8ccd2dd5a0d55dbcfbb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

etag: "c20e0f2006126b2025f47c77e1d5ee51"
age: 67710
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: eziLHvj9d-7gFCva0F9-oMBWi0gG8gAG-ds6Wm6BPfwi2X1xzMYNfg==
date: Mon, 21 Oct 2024 05:32:20 GMT
content-type: font/woff2
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Mon, 24 Jun 2024 06:06:57 GMT
x-amz-meta-s3cmd-attrs: atime:1719209208/ctime:1719209208/gid:127/gname:docker/md5:c20e0f2006126b2025f47c77e1d5ee51/mode:33188/mtime:1719209208/uid:1001/uname:runner
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 343492
x-amz-cf-pop: FRA2-C1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 fontawesome-webfont.woff2
cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/fonts/ 75 KB
76 KB 218ms
144ms Font
binary/octet-stream 2600:9000:20eb:6000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Response headers

etag: "af7ae505a9eed503f8b8e6982036873e"
age: 83446
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: IVNPx3k1s3NDyK5xVBfwmBEdfZg6ofERCp1Ngb2a2YDYy3xjk2SWtw==
date: Mon, 21 Oct 2024 01:10:04 GMT
content-type: binary/octet-stream
last-modified: Wed, 27 Jan 2021 17:56:57 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-meta-s3cmd-attrs: atime:1611770160/ctime:1611770160/gid:117/gname:docker/md5:af7ae505a9eed503f8b8e6982036873e/mode:33188/mtime:1611770160/uid:1001/uname:runner
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 77160
x-amz-cf-pop: FRA2-C1
server: AmazonS3

GET
H2 200 372722_2_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
26 KB 208ms
134ms Font
binary/octet-stream 2600:9000:20eb:6000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_2_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/

Response headers

etag: "83914a011477cb60998949144e2ac5aa"
age: 83446
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: KEJcwZzmPfh8lRpcBueq5R2Ta7QiaLimQ71fFVHeBi_UX4kENQkOEQ==
date: Mon, 21 Oct 2024 01:10:04 GMT
content-type: binary/octet-stream
last-modified: Wed, 27 May 2020 16:17:01 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:83914a011477cb60998949144e2ac5aa/mode:33188/mtime:1590596208/uid:1001/uname:runner
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26033
x-amz-cf-pop: FRA2-C1
server: AmazonS3

GET
H2 200 372722_4_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
25 KB 201ms
127ms Font
binary/octet-stream 2600:9000:20eb:6000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_4_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/

Response headers

etag: "da77e86db861301f9320c467d834e649"
age: 83446
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: PQ9UzTiv0ErOFXPslHxjJ2Zb5MYt5mr1oy2SkUeqPFKJ4Gwnn-XFAA==
date: Mon, 21 Oct 2024 01:10:04 GMT
content-type: binary/octet-stream
last-modified: Wed, 27 May 2020 16:17:01 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:da77e86db861301f9320c467d834e649/mode:33188/mtime:1590596208/uid:1001/uname:runner
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25237
x-amz-cf-pop: FRA2-C1
server: AmazonS3

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/ 63 KB
63 KB 77ms
76ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Response headers

cf-cdnjs-via: cfworker/kv
cf-cache-status: HIT
etag: "5eb03e60-fa90"
age: 437708
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1zNVKxkJw3P%2BDStKFQeExHS1d9rSw6ojjSlqcTUS9Kz6V%2F475%2BK%2BQyNGyd2TKSJKywEFEdGhU1v1xEfogSsXDW1thb7iZfiK8rh0vbmLAV3sXVv4KYSTAE4bAB3q3fmHMMcCmsQSm6MPzgusI%2ByfyLsR"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 12 Oct 2025 00:20:49 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/octet-stream; charset=utf-8
last-modified: Mon, 04 May 2020 16:10:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d6552e01827d350-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 64144
server: cloudflare

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/ 61 KB
62 KB 79ms
78ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Response headers

cf-cdnjs-via: cfworker/kv
cf-cache-status: HIT
etag: "5eb03e60-f408"
age: 1102570
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8VQjwu5Fe7JIql8Lo88X74dEL4TxY7gV7438MVbFbkus6KbsAJXipY3EZR1u1Nmc5kp1wJSg9IubP%2FwHHc8eRJLIFTFu7e8b7dJ2WxL4EmjfacZPwwCUuBmKdYQNqClvHeZyuce2v5SrWRQpxVB4UKmo"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 12 Oct 2025 00:20:49 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/octet-stream; charset=utf-8
last-modified: Mon, 04 May 2020 16:10:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d6552e01828d350-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 62472
server: cloudflare

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/ 24 KB
24 KB 98ms
52ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://fonts.googleapis.com/

Response headers

age: 6013
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 21 Oct 2025 22:40:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 21 Oct 2024 22:40:36 GMT
last-modified: Thu, 14 Dec 2023 02:04:54 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 24984
x-xss-protection: 0
server: sffe

GET
H3 200 aHViPTEwODU0MCZjbWQ9YmFja2dyb3VuZF9pbWFnZSZ2ZXJzaW9uPTE3MTg3NzAxMDMmc2lnPTZiMjEwNzkxYWUwNDc5NGRjMjRkYmM3YjBhOTVkNzM1
content.cdntwrk.com/files/ 20 KB
21 KB 52ms
52ms Image
image/webp 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9YmFja2dyb3VuZF9pbWFnZSZ2ZXJzaW9uPTE3MTg3NzAxMDMmc2lnPTZiMjEwNzkxYWUwNDc5NGRjMjRkYmM3YjBhOTVkNzM1
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: a36681fe4fd06eb0856952cddb2047065db39f00e819dbf0e9715540083f8198

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=15552000
etag: "1613686879-be99bf6a6e12dc968d17e108eb199e37"
age: 10785219
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: TMv5DZ6KdqnAO95RoQG2IEnqOfzJ5Z73_Im0WsZNwqIWzZ05X2QA3Q==
date: Wed, 19 Jun 2024 04:27:10 GMT
content-type: image/webp
content-disposition: inline; filename="background_image.webp"
last-modified: Thu, 18 Feb 2021 22:21:19 GMT

GET
H2 200 372722_1_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
26 KB 181ms
143ms Font
binary/octet-stream 2600:9000:20eb:6000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_1_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d4761d421bbf2f059126b9ce4f5e0a9f7bc83b046a58162780a2b9c3ab8c9a56

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/

Response headers

etag: "0601eae673330329b340003d42fc1c36"
age: 67094
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: vz2J4PA84WEFB6tYeu7yB9rt8Gv6-iXYrRafntlQ3csrDNZ2N7nJsA==
date: Mon, 21 Oct 2024 05:42:36 GMT
content-type: binary/octet-stream
last-modified: Wed, 27 May 2020 16:17:01 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:0601eae673330329b340003d42fc1c36/mode:33188/mtime:1590596208/uid:1001/uname:runner
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26041
x-amz-cf-pop: FRA2-C1
server: AmazonS3

POST
H2 200 ajax_updateMAPUsers Show response
www.cyberark.com/resources/hubsFront/ 126 B
188 B 182ms
182ms XHR
application/json 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_updateMAPUsers

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.d9fdeb361862fc14a04f.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b98e0f76f97857fce1b3fbd8e9ed5775988e85fffd71dcc2422f8d012378ea34

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: unsafe-url
cf-ray: 8d6552e04d4ddba1-FRA
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date: Tue, 22 Oct 2024 00:20:49 GMT
x-xss-protection: 1; mode=block
content-type: application/json
content-language: en
server: cloudflare
x-frame-options: DENY

GET
H3 200 NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v17/ 12 KB
12 KB 79ms
78ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://fonts.googleapis.com/

Response headers

age: 548239
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 15 Oct 2025 16:03:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 15 Oct 2024 16:03:30 GMT
last-modified: Thu, 24 Aug 2023 20:48:16 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11796
x-xss-protection: 0
server: sffe

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/webfonts/ 115 KB
116 KB 118ms
118ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

232c6f6a7678304f9efaa26f30b1610debc2ba9f4cd636b5e6751c8d73761b92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css

Response headers

cf-cdnjs-via: cfworker/kv
cf-cache-status: HIT
etag: "660cc074-1cc5c"
age: 441844
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2FXNuG%2FfVM9wB4%2FFJIBxn2UUP%2FviA8KjEhhHLnas4IK480KHmbrBuLN2RW3kiCzZuNRS82vr2pHMP8WiZkjpRl%2Bl0WWFQXpueH2FQBTY5V%2BBiklPlRudH6gDVMd3p9OvwB06Q3g5FM9tNrZiijvjmU2o"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 12 Oct 2025 00:20:49 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/octet-stream; charset=utf-8
last-modified: Wed, 03 Apr 2024 02:35:32 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d6552e078b3d350-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 117852
server: cloudflare

GET
H2 200 id Show response
dpm.demdex.net/ 367 B
916 B 246ms
69ms XHR
application/json 52.48.129.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=9AB97041603F3EDB0A495C66%40AdobeOrg&d_nsid=0&ts=1729556449421

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.48.129.25 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-48-129-25.eu-west-1.compute.amazonaws.com

Software

Resource Hash

f5c6d1a4a78814a5c7684cfb348d04091c496cc2e9520d8f41741a3cf2c37e91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-1-v067-01b150888.edge-irl1.demdex.com 2 ms
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
x-tid: Wf2h5wkzSi8=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.cyberark.com
content-length: 310
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/json;charset=utf-8
vary: Origin

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 35 KB
13 KB 56ms
55ms Script
application/x-javascript 2a02:26f0:3500:58f::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache
timing-allow-origin: *
content-encoding: gzip
etag: "d8232f86c8016a8e0acaa7ecfdf72b3e:1722493571.189276"
expires: Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.cyberark.com
content-length: 13012
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/x-javascript
last-modified: Thu, 01 Aug 2024 06:26:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 3 KB
2 KB 51ms
51ms Script
application/x-javascript 2a02:26f0:3500:58f::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache
timing-allow-origin: *
content-encoding: gzip
etag: "bb4b6453e3ab80111a2b227318d22efb:1722493571.614634"
expires: Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.cyberark.com
content-length: 1597
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/x-javascript
last-modified: Thu, 01 Aug 2024 06:26:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 ct Show response
obs.segreencolumn.com/ 4 KB
2 KB 1799ms
1524ms Script
text/javascript 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.segreencolumn.com/ct?id=45375&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1729556449519&hl=2&op=0&ag=566412661&rand=5386097295211887951718710607811673526831611289046122028058081372299600061500226188700&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDY3MzZdLFsiYWJuY2giLDE3XSxbLTE0LCItIl0sWy0xNiwiMCJdLFstNjcsIi0iXSxbLTcxLCJhMDExMDAxMDEwMDEwMDEwMTAwMDEwMTAwMTExMTEwMTAwMDAxMCJdLFstMTAsIi0iXSxbLTEyLCJudWxsIl0sWy0zNiwiW1wiNC8zXCIsXCI0LzNcIl0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsNSx0cnVlLHRydWUsbnVsbCwwLHRydWUsdHJ1ZV0iXSxbLTQ0LCIwLDAsMCw1Il0sWy02NiwiZ2VvbG9jYXRpb24sY2h1YWZ1bGx2ZXJzaW9ubGlzdCxjcm9zc29yaWdpbmlzb2xhdGVkLHNjcmVlbndha2Vsb2NrLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LHNoYXJlZHN0b3JhZ2VzZWxlY3R1cmwsY2h1YWFyY2gsY29tcHV0ZXByZXNzdXJlLGNocHJlZmVyc3JlZHVjZWR0cmFuc3BhcmVuY3ksdXNiLGNoc2F2ZWRhdGEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUsc2hhcmVkc3RvcmFnZSxydW5hZGF1Y3Rpb24sY2h1YWZvcm1mYWN0b3JzLGNoZG93bmxpbmssb3RwY3JlZGVudGlhbHMscGF5bWVudCxjaHVhLGNodWFtb2RlbCxjaGVjdCxhdXRvcGxheSxjYW1lcmEscHJpdmF0ZXN0YXRldG9rZW5pc3N1YW5jZSxhY2NlbGVyb21ldGVyLGNodWFwbGF0Zm9ybXZlcnNpb24saWRsZWRldGVjdGlvbixwcml2YXRlYWdncmVnYXRpb24saW50ZXJlc3Rjb2hvcnQsY2h2aWV3cG9ydGhlaWdodCxsb2NhbGZvbnRzLGNodWFwbGF0Zm9ybSxtaWRpLGNodWFmdWxsdmVyc2lvbix4cnNwYXRpYWx0cmFja2luZyxjbGlwYm9hcmRyZWFkLGdhbWVwYWQsZGlzcGxheWNhcHR1cmUsa2V5Ym9hcmRtYXAsam9pbmFkaW50ZXJlc3Rncm91cCxjaHdpZHRoLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24sYnJvd3Npbmd0b3BpY3MsZW5jcnlwdGVkbWVkaWEsZ3lyb3Njb3BlLHNlcmlhbCxjaHJ0dCxjaHVhbW9iaWxlLHdpbmRvd21hbmFnZW1lbnQsdW5sb2FkLGNoZHByLGNocHJlZmVyc2NvbG9yc2NoZW1lLGNodWF3b3c2NCxhdHRyaWJ1dGlvbnJlcG9ydGluZyxmdWxsc2NyZWVuLGlkZW50aXR5Y3JlZGVudGlhbHNnZXQscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGhpZCxjaHVhYml0bmVzcyxzdG9yYWdlYWNjZXNzLHN5bmN4aHIsY2hkZXZpY2VtZW1vcnksY2h2aWV3cG9ydHdpZHRoLHBpY3R1cmVpbnBpY3R1cmUsbWFnbmV0b21ldGVyLGNsaXBib2FyZHdyaXRlLG1pY3JvcGhvbmUiXSxbLTgsIi0iXSxbLTEzLCItIl0sWy0zMywiLSJdLFstNDAsIjMzIl0sWy00MywiMDAwMDAwMDEwMTAwMDAwMTAwMTExMDExMDAxMDExMDEwMDAwMDEwIl0sWy01MiwiLSJdLFstNTMsIjEwMCJdLFstNjIsIjgwIl0sWy02NCwiWzAsXCJcIixbXV0iXSxbLTUsIi0iXSxbLTYsIntcIndcIjpbXCIxXCIsXCIyXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMzAsIltcInZcIiwwXSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy01NywiV0UwWlYxeE9jVmhYWFZWY1N4Y0ZXbFpVU1V4TlhGMEhHV0pZU2hsWVNVbFZRR1FaRVZ4UFdGVVpXRTBaQlZoWFZsZEFWRlpNU2djWkVRTU9Bd2dNQ1FvSkFSQVZHUVZZVjFaWFFGUldURW9IQXdnQkF3b0pFQlZZVFJsNFMwdFlRQmRLWEJrUlVVMU5TVW9ERmhaV1d4ZEtYRjVMWEZ4WFdsWlZURlJYRjFwV1ZCWlFGZ0VOV2w4S0NROExYd0FCV2x0WVd3QUFEVjBQQ2dCWUFBNE1Xd3NPQUFGY0YxTktBd2dERHdFSUNna1FGVmhOR1VzWkVWRk5UVWxLQXhZV1Zsc1hTbHhlUzF4Y1YxcFdWVXhVVnhkYVZsUVdVQllCRFZwZkNna1BDMThBQVZwYldGc0FBQTFkRHdvQVdBQU9ERnNMRGdBQlhCZFRTZ01JQXc0TERnPT0iXSxbLTIxLCItIl0sWy0yOCwiZW4tVVMsZW4iXSxbLTQxLCItIl0sWy00NywiRXVyb3BlL0JlcmxpbixkZSxsYXRuLGdyZWdvcnkiXSxbLTU0LCJ7XCJoXCI6W1wiMzU3NDQwNzAwN1wiLFwiMjc4ODU0MDQ1NVwiLFwiXzNcIixcIjI4NzI4OTkzMjBcIixcIjM2ODAzNzc5OTJcIixcIjc1MDU2Mjc0MlwiXSxcImRcIjpbXSxcImJcIjpbXSxcInNcIjoxfSJdLFstNjEsIntcIndnc2xcIjpcIjQ7cGFja2VkXzR4OF9pbnRlZ2VyX2RvdF9wcm9kdWN0O3VucmVzdHJpY3RlZF9wb2ludGVyX3BhcmFtZXRlcnM7cG9pbnRlcl9jb21wb3NpdGVfYWNjZXNzO3JlYWRvbmx5X2FuZF9yZWFkd3JpdGVfc3RvcmFnZV90ZXh0dXJlcztcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiaW50ZWwgaW5jLlwiLFwiclwiOlwiaW50ZWwgaXJpcyBvcGVuZ2wgZW5naW5lXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjUsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjoxOTMwODIwMjc5LFwic2VjXCI6XCJcIn0iXSxbMzcsIlszMzE2MjI0MDQ5LGZ1bmN0aW9uKG5ld1ZhbHVlKSB7XG4gICAgICAgICAgICAgIGFkZENvbnRlbnRXaW5kb3dQcm94eSh0aGlzKVxuICAgICAgICAgICAgICAvLyBSZXNldCBwcm9wZXJ0eSwgdGhlIGhvb2sgaXMgb25seSBuZWVkZWQgb25jZVxuICAgICAgICAgICAgICBPYmplY3QuZGVmaW5lUHJvcGVydHkoaWZyYW1lLCAnc3JjZG9jJywge1xuICAgICAgICAgICAgICAgIGNvbmZpZ3VyYWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgd3JpdGFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHZhbHVlOiBfc3JjZG9jXG4gICAgICAgICAgICAgIH0pXG4gICAgICAgICAgICAgIF9pZnJhbWUuc3JjZG9jID0gbmV3VmFsdWVcbiAgICAgICAgICAgIH1dIl0sWy00LCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W1widGl0bGVcIixcImRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwib2c6ZGVzY3JpcHRpb25cIixcInR3aXR0ZXI6dGl0bGVcIixcInR3aXR0ZXI6ZGVzY3JpcHRpb25cIl19Il0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMzEsImZhbHNlIl0sWy0zMiwiLSJdLFstNDUsIjYyMCw2NzcsMCwwLDAsNTYyLDAsMCw2NDgsMCwwLDAsMCwwLDAsMCwwLDAsMCw2ODQsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTUwLCItIl0sWy01NSwiMSJdLFstNTksImRlZmF1bHQiXSxbLTYwLDIwN10sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy03LCItIl0sWy0yMywiKyJdLFstMjksIi0iXSxbLTM4LCJsLC0xLC0xLDEsMCwwLDAsOCw5NywzODQsLTEsMCwxMjk3LjUsMTI5Ny41LDE0NDgsMTQ0OCJdLFstMiwiNyxlQUhXWDEvZjNxekN2Ymt1eW1Rd2dsSWFGM3BJc2dJSWpTUSs4aUtncUkwb3NJQWlwRkVFUVJJa1VnZEVRUXBVb0pTQXRDQXFTSDlHeXk3WldaK2VyL2QrZTkyYndzQ1NELzFlIl0sWy0xNSwiLSJdLFstNDgsIjAsMCJdLFstNTEsIi0iXSxbLTYzLCIwIl0sWy05LCIrIl0sWy0xNywiMjQiXSxbLTE5LCJbMTE3MCwxNTcwLDExNzAsMTU3MCwwLDAsMSwyNCwyNCxcIi1cIiwxNjAwLDEyMDAsMTYwMCwxMjAwLDE2MDAsMTI4NSwxNjAwLDEyMDAsMCwwLDAsMCxcIi1cIixcIi1cIiwxNjAwLDEyMDBdIl0sWy0yNSwiLSJdLFstMjcsIls1MCwxMCwwLFwiNGdcIixudWxsXSJdLFstMzQsIi0iXSxbLTM1LCJbMTcyOTU1NjQ0OTQ5OCwtMl0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy00NiwiMCJdLFstNzAsIi0iXSxbLTE4LCJbMCwwLDAsMV0iXSxbLTU4LCItIl0sWy02NSwiLSJdLFstNjksIkxpbnV4IHg4Nl82NHxHb29nbGUgSW5jLnw4fDI0fHwwIl0sWyJibmNoIiwyNTBdLFstMSwiLSJdLFstMjAsIi0iXSxbLTI0LCJbXSJdLFstMjYsIntcInRqaHNcIjoxOTY0MzI5NyxcInVqaHNcIjoxNjQ4MTE2MSxcImpoc2xcIjo0Mjk0NzA1MTUyfSJdLFstNDksIi0iXSxbLTY4LCItIl0sWyJkZGIiLCIwLDcsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCw5LDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDIsNiwwLDAsMCwxLDEsMCwxLDAsMSwwLDAsMCwxLDAsNSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbImNiIiwiMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsNSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCw4LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMSwwLDMsMSwwLDAsMCwwLDAsMCwxLDAsMSJdXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=S3suAbMrUU&pto=1490&ver=62&gac=-&mei=&ap=&fe=1&duid=1.1729556449.oyQePtFo1CuwwOkR&suid=1.1729556449.oRaS1qqnwi1C7ier&tuid=1.1729556449.kRHq2V0CaTHVjFND&fbc=-&gtm=W10%3D&it=72%2C484%2C619&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by: Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 9d9bceae4048b57ba01c25f2fdba932a9936f9ed3e7e43aabc1e463856c00db4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: https://www.cyberark.com
content-encoding: gzip
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-length: 1445
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: text/javascript

GET
H2 200 RCaadfaa88901e4f0e8cbb8050b0941051-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/ 538 B
583 B 53ms
52ms Script
application/x-javascript 2a02:26f0:3500:58f::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RCaadfaa88901e4f0e8cbb8050b0941051-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0f73a273925d016886f0d993c95bd14be555b826b82afca044a9111ff0d9f2a9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires: Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.cyberark.com
content-length: 327
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/x-javascript
last-modified: Tue, 10 Sep 2024 21:30:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2

200

main.js Show response
www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/ Frame EBDC
Redirect Chain

https://www.cyberark.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

8 KB
4 KB

58ms
39ms

Script
application/javascript

104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33af9b233d5770f84d5a7235aebfce12c8c8aae4a7afe780a0d9b87b56c1dbf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding: gzip
x-content-type-options: nosniff
cf-ray: 8d6552e29ff1dba1-FRA
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/62ec4f065604/main.js?
x-content-type-options: nosniff
cf-ray: 8d6552e1af02dba1-FRA
access-control-allow-origin: *
content-length: 0
date: Tue, 22 Oct 2024 00:20:49 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 notice Show response
consent.trustarc.com/ 15 KB
6 KB 200ms
74ms Script
text/javascript 13.224.189.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-92.fra2.r.cloudfront.net

Software

Resource Hash

4bfc478aed04b437be702f1cf6622778ac8bb9609bdd9ad2ef61f8e43ef41512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=3600
content-encoding: gzip
via: 1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
content-length: 5525
x-amz-cf-id: IgsWXAsylIgz92ZLgd9_LeQDYDTZSdyTMQg_dtqQz7OlYrmgoI6qDQ==
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA2-C1

GET
H2 200 d24194f2-6101-4c07-b071-d2eb5d40f5e6.js Show response
j.6sc.co/j/ 1 KB
908 B 555ms
429ms Script
application/javascript 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/d24194f2-6101-4c07-b071-d2eb5d40f5e6.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-184.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e8b5fa15cdf049327e2516b875ebfc85c0d40eeb6d9da10ba2397b189d3509a2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
etag: "cad1056fc6c74d93f72dff6dcdb96f6f"
x-amz-version-id: t4QDDVseVEU1.3_MbYjAtic.rctf1GXv
expires: Tue, 22 Oct 2024 00:50:50 GMT
x-amz-cf-id: YRxa2C694pcFlyJHea3tU2mJLPP0GPyibv0Klbclv3pnuMNPDZfSWA==
date: Tue, 22 Oct 2024 00:20:50 GMT
last-modified: Wed, 31 Jul 2024 16:07:58 GMT
vary: Accept-Encoding
content-type: application/javascript
x-amz-meta-content-type: application/json
cache-control: private, max-age=1800
accept-ranges: bytes
content-length: 529
x-amz-cf-pop: FRA60-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK rtp.js Show response
sjrtp6-cdn.marketo.com/rtp-api/v1/ 152 KB
42 KB 401ms
159ms Script
application/x-javascript 104.102.34.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.34.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-34-125.deploy.static.akamaitechnologies.com

Software

Jetty(9.4.45.v20220203) /

Resource Hash

4beb123e00f4bef8edecb3c7ddda6eb703d9fac9a91c24ddde2aef8a1cd49bc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security: max-age=63113904
Cache-Control: public, max-age=300
Content-Encoding: gzip
Connection: keep-alive
Content-Length: 42512
Date: Tue, 22 Oct 2024 00:20:49 GMT
Content-Type: application/x-javascript; charset=UTF-8
Last-Modified: Thu, 17 Oct 2024 14:20:51 GMT
Server: Jetty(9.4.45.v20220203)
Vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
78 KB 57ms
55ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9920016

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a1b920e479c79dcaa01636fef3b9b80f2005e4f0aefb623e8e312a6cce834ea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 22 Oct 2024 00:20:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 22 Oct 2024 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 80024
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 137ms
34ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 1f120dbe60c10831180babf37afc0edb7c01e9f4e7b135cfedc58b3523c887fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "5e9ac3a42b557bf8ca38cf2e8baba70b"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12126
date: Tue, 22 Oct 2024 00:20:49 GMT
last-modified: Tue, 15 Oct 2024 19:34:59 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 116ms
33ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
age: 3274
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 01:26:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 21 Oct 2024 23:26:15 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 54ms
48ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Cache-Control: max-age=8640000
Content-Encoding: gzip
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Connection: keep-alive
Expires: Thu, 30 Jan 2025 00:20:49 GMT
Accept-Ranges: bytes
Content-Length: 4741
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Tue, 22 Oct 2024 00:20:49 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 utsync.ashx Show response
ml314.com/ 62 B
237 B 107ms
93ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=52079&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pv=1729556449661_rre7tcc68&bl=de-de&cb=3963861&return=&ht=&d=&dc=&si=1729556449661_rre7tcc68&cid=production%7C%7C108540%7C%7C6824673%7C%7C609327918&s=1600x1200&rp=&v=2.7.4.212
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?229
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
via: 1.1 google
expires: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/javascript
server: Google Frontend

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 20 B
482 B 604ms
194ms Script
application/javascript 35.174.248.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=2292024&v=2.7.4.212
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?229
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.248.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-174-248-58.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Cache-Control: public
X-AspNet-Version: 4.0.30319
Content-Encoding: gzip
Connection: keep-alive
Expires: Wed, 23 Oct 2024 00:20:50 GMT
Content-Length: 138
Date: Tue, 22 Oct 2024 00:20:49 GMT
Content-Type: application/javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET

GET
H2 200 RC215bf8f3db2048f5a863a53bd773832d-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/ 429 B
533 B 50ms
44ms Script
application/x-javascript 2a02:26f0:3500:58f::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RC215bf8f3db2048f5a863a53bd773832d-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c725d1f370fda095ffc8e000d4780897eb77b5708e28f8486c7ccbb3b7fc38a6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires: Tue, 22 Oct 2024 01:20:49 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.cyberark.com
content-length: 277
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/x-javascript
last-modified: Tue, 10 Sep 2024 21:30:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 dest5.html
cyberark.demdex.net/ Frame 93D5 0
0 213ms
56ms Document
text/html 52.17.200.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cyberark.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.17.200.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-200-40.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Tue, 22 Oct 2024 00:20:49 GMT
dcs: dcs-prod-irl1-1-v067-009db42c9.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 16 Oct 2024 08:54:26 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: LQAerbU4SQ0=

GET
H2

200

ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=17521897870795926943090136164194094885
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6

42 B
717 B

490ms
487ms

Image
image/gif

52.48.129.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Server

52.48.129.25 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-48-129-25.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-2-v067-0d832b281.edge-irl1.demdex.com 2 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: I0yO9uX3RgI=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: image/gif

Redirect headers

Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zxbv4QAAALuRyAN6
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length: 0
Date: Tue, 22 Oct 2024 00:20:49 GMT
Connection: keep-alive
Server: AMO-cookiemap/1.1

POST
H2 200 delivery Show response
cyberark.tt.omtrdc.net/rest/v1/ 351 B
838 B 233ms
72ms XHR
application/json 66.235.152.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cyberark.tt.omtrdc.net/rest/v1/delivery?client=cyberark&sessionId=a9db798c9972494f99961f3a433e9161&version=2.11.4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.225 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-66-235-152-225.data.adobedc.net

Software

jag /

Resource Hash

de2e29b346da4bc7fc22f9d1f1b548cc29d6fbbb07ec236e795a1a6853c6b1cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: e73d4483-23a8-4e46-8fd1-19e977261960
cache-control: no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin: *
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.cyberark.com
date: Tue, 22 Oct 2024 00:20:49 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: jag

POST
H/1.1 200
OK visitWebPage
316-czp-275.mktoresp.com/webevents/ 2 B
318 B 1212ms
190ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://316-czp-275.mktoresp.com/webevents/visitWebPage?_mchNc=1729556449737&_mchCn=&_mchId=316-CZP-275&_mchTk=_mch-cyberark.com-1729556449735-82067&_mchHo=www.cyberark.com&_mchPo=&_mchRu=%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&_mchPc=https%3A&_mchVr=163&_mchEcid=9AB97041603F3EDB0A495C66%40AdobeOrg%3A6%3A13433950944575235472312575952379861128&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Transfer-Encoding: chunked
X-Request-Id: 7fc32e5a-cc17-4a35-b556-e16c7fe4c957
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Tue, 22 Oct 2024 00:20:50 GMT
Content-Type: text/plain; charset=UTF-8
Server: nginx/1.20.1

POST
H2 200 8d6552d8fd1edba1 Show response
www.cyberark.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame EBDC 0
615 B 60ms
49ms XHR
text/plain 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/cdn-cgi/challenge-platform/h/b/jsd/r/8d6552d8fd1edba1

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 8d6552e35910dba1-FRA
content-length: 0
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
x-content-type-options: nosniff

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_o2i62ves/ 3 B
124 B 116ms
34ms XHR
application/json 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_o2i62ves/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/json

GET
H2 200 t2_o2i62ves_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 93ms
32ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_o2i62ves_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 113ms
32ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1729556449794&id=t2_o2i62ves&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=9844c189-b22f-4d1d-83cc-d8043497f49e&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_49267bce&dpm=&dpcc=&dprc=
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/gif
server: Varnish

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
435 B 39ms
37ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1202403874&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABAAAAACAEK~&jid=1850960514&gjid=962583278&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&_slc=1&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&npa=1&z=437074547

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5cbd2c4ce1325baae0fa325bdd95a25a925b094d7e88fc6fcebb834a6906c5b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:49 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.cyberark.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 15
server: Golfe2

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
647 B 123ms
41ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-44168172-9&cid=146266419.1729556450&jid=1850960514&gjid=962583278&_gid=1583040074.1729556450&npa=1&_u=YGBAgEABAAAAAGAEK~&z=656788960

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgdc:149:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:49 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgdc:149:0
access-control-allow-origin: https://www.cyberark.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H2 200 v1.7-504 Show response
consent.trustarc.com/asset/notice.js/v/ 94 KB
28 KB 120ms
39ms Script
text/javascript 13.224.189.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-504

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-92.fra2.r.cloudfront.net

Software

Resource Hash

ea452041e2a080dde60b253797884b42af24197c86bcb0514d2526908d11f1d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=2592000
access-control-expose-headers: *
content-encoding: gzip
pragma: public
age: 587
via: 1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-id: uLuMxGaadLoW3GRGM31DA3AftTnfrxAKvC05MXjh84bZkuRBMeHxnA==
date: Tue, 22 Oct 2024 00:11:02 GMT
content-type: text/javascript
last-modified: Wed, 9 Oct 2024 01:59:13 GMT
vary: Accept-Encoding
x-amz-cf-pop: FRA2-C1

GET
H2 200 get
consent.trustarc.com/ Frame A90B 0
0 105ms
31ms Document
text/html 13.224.189.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=crossdomain.html&domain=cyberark.com

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-52.fra2.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

age: 583
cache-control: max-age=2592000
content-encoding: gzip
content-type: text/html
date: Tue, 22 Oct 2024 00:11:06 GMT
pragma: public
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 c3b74c81fdcb7942211a6c721efa13fc.cloudfront.net (CloudFront)
x-amz-cf-id: CkVfTPARTTvmE-jxhgwB4HDLIhTrae5ikjyglWUkY4ReD48DAxr22Q==
x-amz-cf-pop: FRA2-C1
x-cache: Hit from cloudfront

GET
H2 200 log
consent.trustarc.com/ 43 B
428 B 66ms
66ms Image
image/gif 13.224.189.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/log?domain=cyberark.com&country=de&state=&behavior=expressed&session=fd5756fa-fd1b-45b4-97bf-c119069b26f3&userType=NEW&c=5ec2&referer=https://www.cyberark.com&language=en

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-92.fra2.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
via: 1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
expires: Mon, 26 Jul 1997 05:00:00 GMT
x-cache: Miss from cloudfront
content-length: 43
x-amz-cf-id: vUKoypM3moab2bfcW68ssW3HzyzdluAJWIhlTPZAszvZ4LIz7lA7mg==
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: image/gif
x-amz-cf-pop: FRA2-C1
vary: Origin

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 312 KB
102 KB 60ms
60ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XTLTD7RKN5&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e8a9bf176b6fad2653eec220b27ad2aba42463150c6bfccceb446ef4545c0df7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 22 Oct 2024 00:20:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:49 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 104737
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 /
consent-pref.trustarc.com/ Frame 4B76 0
0 572ms
65ms Document
text/html 52.222.236.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&country=de&action=notice&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=fd5756fa-fd1b-45b4-97bf-c119069b26f3&userType=NEW

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-504

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-93.fra56.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-type: text/html
date: Tue, 22 Oct 2024 00:20:50 GMT
expect-ct: max-age=86400; enforce;
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 34fdfb7c7c11559df7e622af2b62f5ca.cloudfront.net (CloudFront)
x-amz-cf-id: EkbtLJO9gmG6Vu67R6RlCsRYuLA6hlC2Dpirh1AV1wdSDZ_bYcCsNw==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H2 200 noticemsg
consent.trustarc.com/ 43 B
428 B 72ms
57ms Image
image/gif 13.224.189.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/noticemsg?action=consent&domain=cyberark.com&behavior=expressed&country=de&language=en&rand=0.5164205622347444&session=fd5756fa-fd1b-45b4-97bf-c119069b26f3&userType=NEW&referer=https://www.cyberark.com

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-92.fra2.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
via: 1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
expires: Mon, 26 Jul 1997 05:00:00 GMT
x-cache: Miss from cloudfront
content-length: 43
x-amz-cf-id: BM1Wf1ViJ6AtDREuw9JuoJn_4Apf6SsgbydxQiRvIOtyISmjtCLbBw==
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: image/gif
x-amz-cf-pop: FRA2-C1
vary: Origin

GET
H/1.1 200
OK jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/ 23 KB
4 KB 264ms
33ms Stylesheet
text/css 104.102.34.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.34.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-34-125.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 143a1ee63c9fe87791cde6209d3716bf432ede02fc23ecbd064edfe1cc02bca9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Allow-Headers: *
Access-Control-Max-Age: 86400
Content-Encoding: gzip
ETag: "c89c0f4cc3c0f0f2bd846508a3cd504c:1715749730.923559"
Connection: keep-alive
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 3762
Date: Tue, 22 Oct 2024 00:20:50 GMT
Content-Type: text/css
Last-Modified: Wed, 15 May 2024 05:08:51 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H/1.1 200
OK trw Show response
sjrtp6.marketo.com/gw1/ 202 B
639 B 1082ms
186ms Script
application/x-javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/trw?aid=cyberarksoftware&trwv.uid=cyberarksoftware-1729556450086-440833af&trwv.vc=1&trwsa.sid=cyberarksoftware-1729556450086-624e3f6e&trwsb.cpv=1&ctzo=+02:00&uri=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1729556449735-82067&pm=&viewedTypes=&rts=1729556450088

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

a02215e865c2949ab838df058f262ddc8d5361d613eeb881f97be60f1f1dc4bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security: max-age=63113904
Cache-Control: no-cache
Content-Length: 202
Date: Tue, 22 Oct 2024 00:20:51 GMT
Content-Type: application/x-javascript;charset=utf-8
Server: Jetty(9.4.45.v20220203)
Connection: close

GET
H/1.1 200
OK ga-integration-2.0.5.js Show response
rtp-static.marketo.com/rtp/libs/ 18 KB
6 KB 263ms
35ms Script
application/x-javascript 104.102.34.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.34.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-34-125.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Allow-Headers: *
Access-Control-Max-Age: 86400
Content-Encoding: gzip
ETag: "18a7b0f60655900c0010a35d07b9da0f:1686816053.163727"
Connection: keep-alive
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 5654
Date: Tue, 22 Oct 2024 00:20:50 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 15 Jun 2023 08:00:53 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 166ms
31ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-XTLTD7RKN5&gtm=45je4ah0v9135218693za200&_p=1729556448528&_gaz=1&gcd=13l3l3l2l3l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101686685~101823848~101836706&ul=de-de&sr=1600x1200&cid=146266419.1729556450&_ng=1&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sid=1729556450&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&tfd=2111
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XTLTD7RKN5&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.cyberark.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
269 B 34ms
33ms Ping
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-XTLTD7RKN5&cid=146266419.1729556450&gtm=45je4ah0v9135218693za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3l1&npa=1&frm=0&tag_exp=101686685~101823848~101836706
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XTLTD7RKN5&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.cyberark.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 160ms
35ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-XTLTD7RKN5&cid=146266419.1729556450&gtm=45je4ah0v9135218693za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3l1&npa=1&frm=0&tag_exp=101686685~101823848~101836706&tag_exp=101686685~101823848~101836706&z=1600032596

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 22 Oct 2024 00:20:50 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H/1.1 200
OK msg Show response
sjrtp6.marketo.com/gw1/ 0
426 B 1021ms
185ms Script
text/javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/msg?a=2&sid=cyberarksoftware-1729556450086-624e3f6e&aid=cyberarksoftware&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1729556449735-82067&viewedTypes=&0.4418614891279915&rts=1729556450146

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security: max-age=63113904
Cache-Control: no-cache
Content-Length: 0
Date: Tue, 22 Oct 2024 00:20:51 GMT
Content-Type: text/javascript;charset=utf-8
Server: Jetty(9.4.45.v20220203)
Connection: close

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 37ms
34ms Script
application/javascript 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/d24194f2-6101-4c07-b071-d2eb5d40f5e6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66fb91ae-111bb"
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 03:20:50 GMT
accept-ranges: bytes
content-length: 18819
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Tue, 01 Oct 2024 06:07:42 GMT

GET
H2 200 ajax_ping Show response
www.cyberark.com/resources/hubsFront/ 49 B
155 B 167ms
166ms XHR
application/json 104.16.69.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_ping

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.d9fdeb361862fc14a04f.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.69.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: unsafe-url
cf-ray: 8d6552e5ac57dba1-FRA
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date: Tue, 22 Oct 2024 00:20:50 GMT
x-xss-protection: 1; mode=block
content-type: application/json
content-language: en
server: cloudflare
x-frame-options: DENY

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
704 B 111ms
31ms XHR
application/json 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.cyberark.com
an-x-request-uuid: df13088e-1d37-4218-9cf7-565aa028355a
content-length: 11
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:50 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 44ms
36ms XHR
text/html 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-184.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.cyberark.com
content-length: 7
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
338 B 120ms
32ms XHR
text/html 2a02:26f0:7100::210:172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f514531503c88d1dcd2951aa5ed98f3b188fe016f1a47fc2e2ba103c72173101

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2001:1b60:1010:3:1012:252e:2f84:bc77
expires: Tue, 22 Oct 2024 00:20:50 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1729556450280_34603374_1100017004_22_932_23_34_219";dur=1
access-control-allow-origin: https://www.cyberark.com
content-length: 36
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: text/html
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 166ms
132ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&v=1.1.29

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:50 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 168ms
135ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22059bf2ba2b88e39bb3200769d2e411fc%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%7B%5C%5C%5C%22name%5C%5C%5C%22%3A%5C%5C%5C%22prod-cat%5C%5C%5C%22%7D%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22d24194f2-6101-4c07-b071-d2eb5d40f5e6%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&v=1.1.29

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:50 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 160ms
130ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:50 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 22 Oct 2024 00:20:50 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H/1.1 200
OK msg Show response
sjrtp6.marketo.com/gw1/ 0
426 B 546ms
185ms Script
text/javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security: max-age=63113904
Cache-Control: no-cache
Content-Length: 0
Date: Tue, 22 Oct 2024 00:20:51 GMT
Content-Type: text/javascript;charset=utf-8
Server: Jetty(9.4.45.v20220203)
Connection: close

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 134ms
134ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A50%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:51 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 257 KB
91 KB 44ms
44ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1071691665&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c14f6d26fa1f78e846b809a9bd0f2c0f61d5c20bd164a6b9794155d2a26a4286

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 22 Oct 2024 00:20:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 22 Oct 2024 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 92767
x-xss-protection: 0
server: Google Tag Manager

GET 9ea938e4-65fc-409a-9bd3-00e6a7fb2552
https://www.cyberark.com/ Frame 0
0

GET
H3

200

/
www.google.de/pagead/1p-conversion/1071691665/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisW...
https://www.google.com/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMIm...
https://www.google.de/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImM...

42 B
64 B

40ms
40ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSGwDpaXnfxY3mQY95f266y_ZpaVzSL6PHbuS3tw&random=3834910460&ipr=y

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/1071691665/?label=H8zfCNSYxvwYEJHvgv8D&guid=ON&script=0&ct_cookie_present=false&random=660276205&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybEC&pscrd=IhMImMaf79ugiQMVaucRCB0dVxZQMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSGwDpaXnfxY3mQY95f266y_ZpaVzSL6PHbuS3tw&random=3834910460&ipr=y
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 tc_imp.gif
obs.segreencolumn.com/tracker/ 43 B
79 B 123ms
122ms Image
image/gif 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.segreencolumn.com/tracker/tc_imp.gif?e=37dfbd8ee84e001268e7c230ec438f9c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5a148e6a2217071a10acf9f29f674c8185dd0028381caa797e568e3fd865940d32052593545558310c09c7be394f77be26bb25cb43e2913bf05365ad5f2b7a1bdb53ed46f497d7df3ebb2907fe7ccaaa506fdb0e3315794093845163f260b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf7278ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e82dae36a95655dd7abce2c4940a2323afcc51164ecdcfa718602aa41b18349971ed9d36d9a6d279c9022db668cc0adb1d3fde90b72b26bf6f8f0364e73fb947dc3fd10e60717438c4309da8dced8c6ed8827d82bd78ff89e72fe7b7822cb682c8593925e26daa773a50ce2de489b79a97a4e0445cf39b142d0c0bb71a3c83ecc0de682c8dc77895f0b6eeb481752770668c0ad69b84ec7db806ba19375f8973d9581fee87788bcf154677d9ee2534894a1041503fae1f532b96bdaaa1ffdfc3ce629b23b944fc65682f97f984435eead916f232d331120192862b8fd9e3ec008b6595c0678eabe4ec38a5a59a8ed9df8e92ed0e7f6ee9aeafca959452ea81fd3f75d2ec3107707c53d0c3735a12aeb2f469cf9cb71d472cb37dcfa5f91e158c73f767532086e0e8edcf68d6e0809c34d1bd1aa8da9bad84e1782a2ff2184c51878dbdb0e3f6bff8dd85621b727995e9f1ae33c8713dbc813fea633e29b88d5844662efe33b7f8376a68eb1b7179c6c30101997745e53b9a04392ef13c38586c957cf9b9a350e362aa22fff40f301a08b7b972c42264333787ae75e8a882d0af00e95c7b14386ce3ec93334d04a1e3e83fa924f03ba63ff9c11c406360243b93e2a86abde7694356ff98452e0819aa68131dd04006007ee656117c5c41e56a83df9ffc62f86d6e9085978ab747b6a7c8e1536e6eabf7c69f63807ade3955ddb96fa994b28d15da7152812955c297fc9c25010cf879f89b1e357b865f80c807298d05cd6e7f93725bbd302d094bdb1cdefc48d69139eec2449897fcf5fdf4cebe728a1d3df952cf094dff8e75424d7b2b7ec49c0489a0d5531472ad89a3a35d579f80296d974bf1d28fe7f079865a1847e68b73633034f9ff5d92d86c74c7b3a3e6ca28382e9c971c842a9a6646fcac14345&cri=S3suAbMrUU&ts=1813&cb=1729556451332
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
date: Tue, 22 Oct 2024 00:20:51 GMT
pragma: no-cache
content-type: image/gif

GET a4382447-0c84-4f17-898e-68d7799ca9d4
https://www.cyberark.com/ Frame 0
0

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/1071691665/ 5 KB
3 KB 55ms
55ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1071691665/?random=1729556451411&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1071691665&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

15c49f20dcdf9710d0b5da0a667e2d3f449209599484dddbb242eee570724980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 2877
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 36ms
35ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 43ms
42ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=AW-1071691665&v=3&t=t&pid=1059971609&cv=1&rv=4ah0&tc=7&tag_exp=101533422~101686685~101794737~101823848~101836706&es=1&e=gtm.init&eid=0&u=AAAAAAAAAAAAAAAgAAAAAABA&h=Ag&tr=1ogtadsdatatos.1ogt1pdatav2.1ccdadsfirst.1ccdpreautopii.1ogtconvdef.1ccdadslast&ti=2ogtadsdatatos.2ogt1pdatav2.2ccdadsfirst.2ccdpreautopii.2ogtconvdef.2ccdadslast&z=0

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 44ms
44ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 70ms
70ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 73ms
72ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame 0099 0
0 86ms
27ms Document
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.cyberark.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1071691665&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 9681
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Mon, 21 Oct 2024 21:39:30 GMT
expires: Tue, 21 Oct 2025 21:39:30 GMT
last-modified: Mon, 21 Oct 2024 16:58:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.google.de/pagead/1p-conversion/1071691665/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1...
https://www.google.com/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=...
https://www.google.de/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1...

42 B
64 B

42ms
42ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA&is_vtc=1&cid=CAQSGwDpaXnfN_ik5DsA7V5F87PCLfN7SBxsUEXEYw&random=3621428707&ipr=y

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/1071691665/?random=93571614&cv=11&fst=1729556451411&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v898648185za200zb72025662&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101794737~101823848~101836706&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&label=H8zfCNSYxvwYEJHvgv8D&hn=www.googleadservices.com&frm=0&tiba=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&gtm_ee=1&npa=1&pscdl=noapi&auid=157129000.1729556450&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQJKJ2V2ZW50LXNvdXJjZSwgdHJpZ2dlcjtuYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIpp-h79ugiQMVTdkRCB15nyN5MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHNCV0NoRUk4UGZYdUFZUTE0T21xUFRJcXNiWUFSSXNBRnpUYXVtME9mSG5vYTAxRGFEUzRyVnhGY05DVF9GNldOOHpUUXBKaWFIWWVBU3JUVTY4ZmgtWHpiMA&is_vtc=1&cid=CAQSGwDpaXnfN_ik5DsA7V5F87PCLfN7SBxsUEXEYw&random=3621428707&ipr=y
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 34ms
33ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?ctid=AW-1071691665&t=s&si=160&m=0&iss=4&sid=1851047455847591&cc=1&tl=2&hc=1&cl=0&pid=9762328&bc=1

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H2 200 RC3719b75d704c41bf84889d486a456143-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/ 451 B
547 B 42ms
42ms Script
application/x-javascript 2a02:26f0:3500:58f::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RC3719b75d704c41bf84889d486a456143-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 749f69ccbbd831343bc59cacc987b287a4eb26584e0e9e84b4d844cd0342344f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires: Tue, 22 Oct 2024 01:20:51 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.cyberark.com
content-length: 292
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: application/x-javascript
last-modified: Tue, 10 Sep 2024 21:30:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H/1.1 200
OK jquery-custom-ui.min.js Show response
rtp-static.marketo.com/rtp/libs/jqueryui/1.13.2/ 522 KB
126 KB 50ms
50ms Script
application/x-javascript 104.102.34.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jqueryui/1.13.2/jquery-custom-ui.min.js
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.34.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-34-125.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b122e173fb310c409d02c56e57eea40f1ea470fed839599c902b085d8fdb0129

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Transfer-Encoding: chunked
Access-Control-Allow-Headers: *
Access-Control-Max-Age: 86400
Content-Encoding: gzip
ETag: "85c4e68263c6de164e4bad3fb60222a5:1685620750.615377"
Connection: keep-alive, Transfer-Encoding
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Date: Tue, 22 Oct 2024 00:20:51 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 01 Jun 2023 11:54:52 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 ey22i6m9p82y.js Show response
js.driftt.com/include/1729556700000/ 221 KB
62 KB 453ms
351ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1729556700000/ey22i6m9p82y.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e96abb18e70acf14065e3bacb0dbd6942579a85d3d69d9d7551bea9c627ca3a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
x-amz-version-id: px8T70IzhuJ6oS1M7izBjK7Y8.9uRoPx
etag: W/"182931eb99afb01276b448d2f7bd627d"
access-control-allow-methods: GET, POST, OPTIONS
x-cache: RefreshHit from cloudfront
x-amz-cf-id: jSxnIWie5fATZ4du9jYd4gxBZ6_6Q2t35vKysabyzpsghfwxDiAjzQ==
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 11 Oct 2024 18:47:07 GMT
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache
x-envoy-upstream-service-time: 34
access-control-allow-credentials: true
via: 1.1 9ed190c9d6b2f812d19cbb317856ed88.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P6
server: istio-envoy
x-amz-server-side-encryption: AES256

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 257 KB
91 KB 43ms
43ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1071691665&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3cba90de30ba29910db391f8d0de52aa6b754f83fb6530a04ba6c6bc4f930893

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Tue, 22 Oct 2024 00:20:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 22 Oct 2024 00:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 92687
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 147ms
41ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=58681
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Tue, 22 Oct 2024 00:20:51 GMT
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 227 KB
58 KB 57ms
28ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f4cfd4a5b95dfb31c47cd567d9719fc12a0453f6ff27e2872147a9740e4b9e56

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=26, rtx=0, c=23, mss=1232, tbw=4462, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: zQj7th6DTj8pmrLO/iLwamWn2VvTITbRm80PpFcgedDIAAAL/PwbbhcQfWzHbq+z9f86OLQ2yySRZuTZ2adDIg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59352
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/choozle/14963/ 28 KB
9 KB 92ms
29ms Script
application/javascript 2600:9000:206f:4000:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:4000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 8078cebf9ab8ba5c0802536ed68317072ca51f1cb5293db16d63f923aad2e011

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: br
x-amz-version-id: x04iqw22f74TR7YV8WcAUNCuLsQOa2Ho
etag: W/"ae9736f2c4e7558eebdb8be79cbd6a8d"
age: 26783038
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 57sdmccvVu9fkaIjHeBD-ceu6aVIjoXvBYYZvWjmRSQ-Miid0aHXJA==
date: Sun, 17 Dec 2023 00:36:54 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Sat, 28 Oct 2023 14:30:41 GMT
x-amz-replication-status: COMPLETED
cache-control: max-age=300
via: 1.1 d947c3ab534102b2c9a7f0a4541d2ed8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2

200

activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0...
9920016.fls.doubleclick.net/ Frame D9BB
Redirect Chain

https://9920016.fls.doubleclick.net/activityi;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw...
https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=...

0
0

53ms
52ms

Document
text/html

142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9920016

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 427
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 22 Oct 2024 00:20:51 GMT
expires: Tue, 22 Oct 2024 00:20:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 22 Oct 2024 00:20:51 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9920016.fls.doubleclick.net/activityi;dc_pre=CJS_uu_boIkDFdqLgwcdfxUH6Q;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 22 KB
8 KB 218ms
130ms Script
text/javascript 3.126.222.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.222.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-222-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 922ab2b3e5bf7c9aeccd33ed91a30e09c8f8c5dea4f853ce8be17e61becdb971

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin: *
cache-control: max-age=5
content-encoding: gzip
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: text/javascript

GET
H2 200 dc000d50-4dbc-4d9a-ba52-c3015680f76c Show response
tag.simpli.fi/sifitag/ 3 KB
2 KB 132ms
41ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/dc000d50-4dbc-4d9a-ba52-c3015680f76c
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 329eba5224a490e972374a62dd94c61794c440471cc2d40a13a73d6586d7394d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-request-id: GACebetkq8UtPwJpoU0B
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding: gzip
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: openresty

GET
H/1.1 200
OK dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js Show response
s.dpmsrv.com/ 94 KB
15 KB 146ms
36ms Script
application/x-javascript 18.245.60.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.dpmsrv.com/dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-41.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5bfb62b234f6963acd89b19dedfa1e75bca2ea85bbf491344424ba177eb6cd48

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Content-Encoding: gzip
ETag: "55de4e40ff8dde1965278c6b2db98fad"
Age: 54
Connection: keep-alive
Via: 1.1 9bd86598a7f45cc948aa2f9674ece0b2.cloudfront.net (CloudFront)
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Content-Length: 15132
X-Amz-Cf-Id: 4gVJU0U2BX8x661zo3sWhV4MMUeYZ3Z3kpuGM73Y46OG0LpbVNF24w==
Date: Tue, 22 Oct 2024 00:19:58 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 25 Sep 2024 19:00:24 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P5
x-amz-server-side-encryption: AES256

GET
H3 200 activity;register_conversion=1;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;...
ad.doubleclick.net/ 0
24 B 267ms
219ms Image
image/png 172.217.16.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=9920016;type=websi0;cat=websi0;ord=9842106936023;npa=1;auiddc=157129000.1729556450;ps=1;pcor=1079979582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4ah0za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=101686685~101823847~101836706;epver=2;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps?

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 0
date: Tue, 22 Oct 2024 00:20:51 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"7614527636609531319"}],"aggregatable_trigger_data":[{"filters":[{"14":["12155760"]}],"key_piece":"0xeec68b5c3d37a868","source_keys":["12","13","14","15","16","17","18","19","20","21"]},{"key_piece":"0xf5f164cdb1fde597","not_filters":{"14":["12155760"]},"source_keys":["12","13","14","15","16","17","18","19","20","21"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"12384970658865304021","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"7614527636609531319","filters":[{"14":["12155760"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"7614527636609531319","filters":[{"14":["12155760"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"7614527636609531319","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"7614527636609531319","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["9920016"]}}
content-type: image/png
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

cnv
cnv.event.prod.bidr.io/log/
Redirect Chain

https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=[ORDER]&ord=[CACHEBUSTER]
https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1

43 B
796 B

61ms
61ms

Image
image/gif

52.17.118.158
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1

Protocol

HTTP/1.1

Server

52.17.118.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-118-158.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: no-cache, must-revalidate
pragma: no-cache
Connection: keep-alive
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
Content-Length: 43
Date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif
Server: gunicorn

Redirect headers

strict-transport-security: max-age=2592000; includeSubDomains
location: https://cnv.event.prod.bidr.io/log/cnv?tag_id=188&buzz_key=intentsify&value=&segment_key=intentsify-1098&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1
Content-Length: 0
Date: Tue, 22 Oct 2024 00:20:51 GMT
Server: gunicorn
Connection: keep-alive

GET
H3 200 favicon.png
content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9ZmF2aWNvbiZ2ZXJzaW9uPTE3MTg3NzAxMDMmZXh0PXBuZyZzaXplPTMyJnNpZz1kZWIxODkzMGVjNTA3YzBmY2EzMjNiM2NjYzEyNmNmNA%253D%253D/ 2 KB
2 KB 35ms
34ms Other
image/png 18.66.102.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9ZmF2aWNvbiZ2ZXJzaW9uPTE3MTg3NzAxMDMmZXh0PXBuZyZzaXplPTMyJnNpZz1kZWIxODkzMGVjNTA3YzBmY2EzMjNiM2NjYzEyNmNmNA%253D%253D/favicon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.102.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-3.fra56.r.cloudfront.net
Software: /
Resource Hash: 3315068613710cfcc08a1d43d532aec5d37aaa6b78e6b51f1240cdd429652f10

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-cf-pop: FRA56-P2
cache-control: max-age=2592000
age: 1399885
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
content-length: 1967
x-amz-cf-id: 8zY-4KTtCVC8XWhXFR42MlputSNKB7-6HwGmBNgMj_ewsN3Ondi24g==
date: Sat, 05 Oct 2024 19:29:26 GMT
content-type: image/png
content-disposition: inline; filename="s3_favicon_67019396281ff_uberflip-ca-central-1-files-prd_hubs_40_108540_108540_favicon.png"
last-modified: Sat, 05 Oct 2024 19:29:26 GMT

GET
H2 200 RC5266e3ee597a459fbc388f1132b7e943-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/ 521 B
583 B 41ms
41ms Script
application/x-javascript 2a02:26f0:3500:58f::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RC5266e3ee597a459fbc388f1132b7e943-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3a9ad67e7151a1a8910746fc45089d1188bf7dfd26532588beff8f03b3981281

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires: Tue, 22 Oct 2024 01:20:51 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.cyberark.com
content-length: 327
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: application/x-javascript
last-modified: Tue, 10 Sep 2024 21:30:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 RCa5164e12c82447adb2cd80d0c9b8bb38-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/ 504 B
581 B 43ms
43ms Script
application/x-javascript 2a02:26f0:3500:58f::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/6e394fe66e80/RCa5164e12c82447adb2cd80d0c9b8bb38-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: dfc76c674eb8cd322245ee8562bee8ade2d3c6fe5d4f72e51b14c059a88db5bf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "351728d0509cd22437ccb9587d29118d:1726003826.52482"
expires: Tue, 22 Oct 2024 01:20:51 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.cyberark.com
content-length: 325
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: application/x-javascript
last-modified: Tue, 10 Sep 2024 21:30:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H3 200 286320195733404 Show response
connect.facebook.net/signals/config/ 74 KB
15 KB 206ms
206ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/286320195733404?v=2.9.172&r=stable&domain=www.cyberark.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C28%2C82%2C87%2C47%2C46%2C86%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

89fb40d3f8ee135b22cd7bb01f732702b537bbd12526aaf82ff53a0f37325c2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=26, rtx=0, c=74, mss=1232, tbw=67532, tp=64, tpl=0, uplat=178, ullat=0
pragma: public
x-fb-debug: 63Wd3HBBX8qaVsO4kahcp1hhsMt1nMHHUNQXKq0L31jLNzt4gooscZjhmWrYG1/bLCdxYMOAz/Xs2CirVMuBrA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/choozle/14963/ 409 B
740 B 71ms
71ms Script
text/javascript 2600:9000:206f:4000:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/14963/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/choozle/14963/code/&publishedOn=Sat%20Oct%2028%2014:30:32%20GMT%202023&ClientID=923&PageID=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:4000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 54520ead7a4b3404f20b7e2344633752708cb393d277647f8a8b978c024a9758

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, no-store
via: 1.1 d947c3ab534102b2c9a7f0a4541d2ed8.cloudfront.net (CloudFront)
expires: Tue, 22 Oct 2024 00:20:50 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
content-length: 409
x-amz-cf-id: rAqK6MWSqw92NaC3DKO3uPT-mJc1O2KJ849TLIEo8Vsemo3NcHL9pg==
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: text/javascript
x-amz-cf-pop: FRA56-C1
server: CloudFront

GET
H/1.1 200
OK visitor Show response
sjrtp6.marketo.com/gw1/rtp/api/v1_1/ 760 B
1 KB 977ms
202ms XHR
application/json 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/rtp/api/v1_1/visitor?sid=cyberarksoftware-1729556450086-624e3f6e&aid=cyberarksoftware&1729556451863

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e432fc19ff8ba0b3e64243eb3b983293f3727e14899a63f67c12a1a34b9c26c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63113904
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: No-cache
Connection: close
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Access-Control-Allow-Origin: https://www.cyberark.com
Date: Tue, 22 Oct 2024 00:20:52 GMT
Last-Modified: Mon Oct 21 19:20:52 CDT 2024
Vary: Origin
Server: Jetty(9.4.45.v20220203)
Content-Type: application/json

GET
H/1.1 200
OK sgm Show response
sjrtp6.marketo.com/gw1/ga/ 742 B
1 KB 988ms
211ms XHR
text/json 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/ga/sgm?sid=cyberarksoftware-1729556450086-624e3f6e&1729556451863

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

5f1ce8e4dbea557201fd6da0c23fc8f2c7c24da938819d0e3e1dfcb2eb260ce3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Strict-Transport-Security: max-age=63113904
Cache-Control: no-cache
Connection: close
Access-Control-Allow-Origin: *
Content-Length: 742
Date: Tue, 22 Oct 2024 00:20:52 GMT
Content-Type: text/json;charset=utf-8
Server: Jetty(9.4.45.v20220203)

GET
H2 200 p Show response
i.simpli.fi/ 798 B
760 B 51ms
43ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.simpli.fi/p?cid=440562&cb=sifi_att_42656._hp
Requested by: Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/dc000d50-4dbc-4d9a-ba52-c3015680f76c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 4c19696ccf0a3d20cc773a19fb1f46883ddba620be1e670606e62b9db980fe60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding: gzip
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: openresty

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
811 B 202ms
134ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-fs-uuid: 00062505bdf0ee838be1c4c65e8e1105
x-msedge-ref: Ref A: A03A689D915E4DD38A54EA6A32DEF4D2 Ref B: FRAEDGE1217 Ref C: 2024-10-22T00:20:51Z
x-li-fabric: prod-lva1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYlBb3w7oOL4cTGXo4RBQ==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-for...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-fo...

0
263 B

605ms
472ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&e_ipv6=AQL-FeYJ_xlFrAAAAZKxmRLIHBkldi8UpRj6oHwo-aTEUM7CMgEd3epqX12NLL2TA8_9v8vS_fUKIL1QDsDJ7ZY3VsRQ0g
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 1301541E21B246668C1BE5A3FC22EB0E Ref B: FRAEDGE1317 Ref C: 2024-10-22T00:20:52Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYlBb36RJ44aQrdAwq3Qg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1729556451880&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&e_ipv6=AQL-FeYJ_xlFrAAAAZKxmRLIHBkldi8UpRj6oHwo-aTEUM7CMgEd3epqX12NLL2TA8_9v8vS_fUKIL1QDsDJ7ZY3VsRQ0g
x-msedge-ref: Ref A: 6F6B57C071A648D0B7147E461DAA58F2 Ref B: FRAEDGE1820 Ref C: 2024-10-22T00:20:51Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYlBb3xRliwQtBuG8c0jA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 22 Oct 2024 00:20:51 GMT

GET
H/1.1

200
OK

index.php Show response
a.dpmsrv.com/dpmpxl/
Redirect Chain

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&dpmCid%3D%26zn%3D%26sn%3D%26q%3DxImp%26v%3D1.x%26cl%3D62%26pixelIndex%3D0%26r%3D78365%26tzOffset%3D-120%26url%3Dhttps%253A%...
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26dpmCid%253D%2526zn%253D%2526sn%253D%2526q%253DxImp%2526v%253D1.x%2526cl%253D62%2526pixelIndex...
https://a.dpmsrv.com/dpmpxl/index.php?id=4084603115321777412&dpmCid=&zn=&sn=&q=xImp&v=1.x&cl=62&pixelIndex=0&r=78365&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-b...

263 B
1007 B

615ms
146ms

Script
text/javascript

54.159.177.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?id=4084603115321777412&dpmCid=&zn=&sn=&q=xImp&v=1.x&cl=62&pixelIndex=0&r=78365&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Protocol: HTTP/1.1
Server: 54.159.177.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-159-177-125.compute-1.amazonaws.com
Software: /
Resource Hash: 6df77d3b54c491827193b069ec9c0da3b3a41eb06d8fdbc08d29f91c07093f73

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Max-Age: 10
Cache-Control: no-cache, no-store, must-revalidate
content-encoding: gzip
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Expires: 0
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 228
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept

Redirect headers

cache-control: no-store, no-cache, private
location: https://a.dpmsrv.com/dpmpxl/index.php?id=4084603115321777412&dpmCid=&zn=&sn=&q=xImp&v=1.x&cl=62&pixelIndex=0&r=78365&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 466f35ec-3e85-4142-99c8-95c7bf452b75
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:51 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H3 200 08773fb052a2034353e4744495485b88.js Show response
nexus.ensighten.com/choozle/14963/code/ 673 B
1 KB 28ms
28ms Script
application/javascript 2600:9000:206f:4000:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/14963/code/08773fb052a2034353e4744495485b88.js?conditionId0=4910939
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:206f:4000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 60f515991307abd345708ae3d50ff9a7751c68c208e2586d992c3c6ff729d6b0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

etag: "314ad2369d67fe2807f627dbfdcbf52d"
age: 16270012
x-amz-version-id: kpkF4PXL.K8vMpkqxwzwd03dNtjBok8N
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 0P8jkRtws-3PKS6Q3lP6shFX9oomqY63mYmzVVTzGh6C6Ikmge8uIw==
date: Tue, 16 Apr 2024 16:53:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 28 Oct 2023 14:30:41 GMT
x-amz-replication-status: COMPLETED
cache-control: max-age=315360000
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 673
x-amz-cf-pop: FRA56-C1
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H3 200 d3d14424fac71699bdbff068d9b1184b.js Show response
nexus.ensighten.com/choozle/14963/code/ 2 KB
805 B 31ms
31ms Script
application/javascript 2600:9000:206f:4000:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/14963/code/d3d14424fac71699bdbff068d9b1184b.js?conditionId0=421905
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:9000:206f:4000:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: br
etag: W/"e8e93310d35a9462151b8fdab5b436ce"
age: 26782400
x-amz-version-id: ffPQ1iXE0NqYZgujQn.J5knMjbGtNIPl
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: H-tcKkeQqTFZeqIpcoLOy5ZH_K8-vEA_q6srWH-LTMENp8Qti0Cx3Q==
date: Sun, 17 Dec 2023 00:47:32 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Sat, 28 Oct 2023 14:30:45 GMT
x-amz-replication-status: COMPLETED
cache-control: max-age=315360000
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
server: CloudFront
x-amz-server-side-encryption: AES256

GET
H2

204

/
s.ad.smaato.net/c/
Redirect Chain

https://um.simpli.fi/smaato
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=7DEEB55C4D1F4B0799E41E7096C9DA73

0
236 B

133ms
52ms

Image
text/plain

2600:9000:211e:b800:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol: H2
Server: 2600:9000:211e:b800:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

via: 1.1 b25bc331cb2e5e7e25d9488f5ecdc940.cloudfront.net (CloudFront)
cache-control: no-cache, must-revalidate
x-cache: Miss from cloudfront
x-amz-cf-id: 1MfTgGRRotx7KEaA7fkftmHJfy-4qrEtWRThg5ryskogIIM3Gxu2aQ==
date: Tue, 22 Oct 2024 00:20:52 GMT
x-amz-cf-pop: FRA56-C2
server: CloudFront

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

200

RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003
sync.targeting.unrulymedia.com/csync/
Redirect Chain

https://um.simpli.fi/nexxen
https://sync.1rx.io/usersync/simplifi/7DEEB55C4D1F4B0799E41E7096C9DA73
https://sync.1rx.io/usersync/simplifi/7DEEB55C4D1F4B0799E41E7096C9DA73?zcc=1&cb=1729556452210
https://sync.targeting.unrulymedia.com/csync/RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003

43 B
378 B

172ms
56ms

Image
image/gif

46.228.174.117
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003
Protocol: H2
Server: 46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
date: Tue, 22 Oct 2024 00:20:52 GMT
content-length: 43

Redirect headers

expires: 0
cache-control: no-store, no-cache, must-revalidate
location: https://sync.targeting.unrulymedia.com/csync/RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003
date: Tue, 22 Oct 2024 00:20:52 GMT
pragma: no-cache
content-type: text/html

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://um.simpli.fi/triplelift
https://eb2.3lift.com/xuid?mid=7969&xuid=7DEEB55C4D1F4B0799E41E7096C9DA73&dongle=yf3

37 B
140 B

158ms
51ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7969&xuid=7DEEB55C4D1F4B0799E41E7096C9DA73&dongle=yf3
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://eb2.3lift.com/xuid?mid=7969&xuid=7DEEB55C4D1F4B0799E41E7096C9DA73&dongle=yf3
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

200

sync
simplifi.partners.tremorhub.com/
Redirect Chain

https://um.simpli.fi/telaria_p
https://simplifi.partners.tremorhub.com/sync?UISF=7DEEB55C4D1F4B0799E41E7096C9DA73

43 B
175 B

418ms
128ms

Image
image/gif

2600:1f18:612b:4200:d0bf:d36:b5ac:b7f8
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simplifi.partners.tremorhub.com/sync?UISF=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol: H2
Server: 2600:1f18:612b:4200:d0bf:d36:b5ac:b7f8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif
server: nginx

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://simplifi.partners.tremorhub.com/sync?UISF=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain

https://um.simpli.fi/tapad
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73

95 B
426 B

58ms
58ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 95
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/png
server: Jetty(11.0.13)

Redirect headers

strict-transport-security: max-age=31536000
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=7DEEB55C4D1F4B0799E41E7096C9DA73
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
server: Jetty(11.0.13)

GET
H2

200

empty.gif
um.simpli.fi/
Redirect Chain

https://um.simpli.fi/ad_advisor
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=7DEEB55C4D1F4B0799E41E7096C9DA73
https://d.agkn.com/pixel/10751/?che=1729556452276&ip=217.114.215.131&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219883205043000015856
https://um.simpli.fi/aa_px?sk=219883205043000015856
https://um.simpli.fi/empty.gif

43 B
361 B

61ms
60ms

Image
image/gif

34.91.62.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/empty.gif

Protocol

Server

34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

186.62.91.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: *
content-length: 43
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
location: /empty.gif
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/intentiq
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7DEEB55C4D1F4B0799E41E7096C9DA73

0
0

GET
H2 200 pubmatic
um.simpli.fi/ 43 B
409 B 49ms
47ms Image
image/gif 34.91.62.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

186.62.91.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 43
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2 200 freewheel
um.simpli.fi/ 43 B
409 B 77ms
76ms Image
image/gif 34.91.62.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/freewheel

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

186.62.91.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 43
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

204

cms
ups.analytics.yahoo.com/ups/58726/
Redirect Chain

https://um.simpli.fi/dtnx
https://fei.pro-market.net/engine?du=24;csync=7DEEB55C4D1F4B0799E41E7096C9DA73;mimetype=img;
https://fei.pro-market.net/engine?du=24;csync=7DEEB55C4D1F4B0799E41E7096C9DA73;mimetype=img;sr
https://cms.analytics.yahoo.com/cms?partner_id=DATCS
https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS

0
108 B

175ms
104ms

Image
text/html

2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS

Protocol

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Tue, 22 Oct 2024 00:20:52 GMT
age: 0
content-type: text/html
server: ATS
referrer-policy: no-referrer-when-downgrade

Redirect headers

strict-transport-security: max-age=31536000
cache-control: no-store
location: https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS
content-length: 257
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
content-language: en
server: ATS

GET
H2

204

/
loadm.exelator.com/load/
Redirect Chain

https://um.simpli.fi/exelatem
https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0
https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0&xl8blockcheck=1

0
771 B

78ms
78ms

Image
text/plain

54.78.254.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0&xl8blockcheck=1
Protocol: H2
Server: 54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date: Tue, 22 Oct 2024 00:20:52 GMT
x-powered-by: Undertow/1
server: nginx
access-control-allow-credentials: true

Redirect headers

cache-control: no-cache
location: https://loadm.exelator.com/load/?p=204&g=2191&simid=7DEEB55C4D1F4B0799E41E7096C9DA73&j=0&xl8blockcheck=1
access-control-allow-credentials: true
content-length: 0
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif
x-powered-by: Undertow/1
server: nginx

GET
H2 200 yahoo
um.simpli.fi/ 43 B
409 B 79ms
78ms Image
image/gif 34.91.62.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/yahoo

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

186.62.91.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 43
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H/1.1

204

sync
sync.bfmio.com/
Redirect Chain

https://um.simpli.fi/beachfront
https://sync.bfmio.com/sync?pid=141&uid=7DEEB55C4D1F4B0799E41E7096C9DA73

0
421 B

603ms
144ms

Image
text/plain

52.73.21.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=141&uid=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol: HTTP/1.1
Server: 52.73.21.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-21-157.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Date: Tue, 22 Oct 2024 00:20:52 GMT
Connection: keep-alive

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://sync.bfmio.com/sync?pid=141&uid=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H/1.1

500
Internal Server Error

29931
stags.bluekai.com/site/
Redirect Chain

https://um.simpli.fi/bluekai
https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73

27 B
27 B

185ms
49ms

Image
text/html

2.23.197.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol: HTTP/1.1
Server: 2.23.197.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-197-190.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5607bc0b49036b5f13acf3f5767e0fb2fb947f5369bda253939e78e2b11f85b4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Connection: keep-alive
Expires: Tue, 22 Oct 2024 00:20:52 GMT
Content-Length: 27
Date: Tue, 22 Oct 2024 00:20:52 GMT
AK-GRN: 0.98d01702.1729556452.140b80e
Content-Type: text/html

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

404

tpid=7DEEB55C4D1F4B0799E41E7096C9DA73
bcp.crwdcntrl.net/map/c=7625/tp=SIMP/
Redirect Chain

https://um.simpli.fi/crwdcntrl
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73

49 B
266 B

219ms
72ms

Image
image/gif

54.72.108.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol: H2
Server: 54.72.108.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-108-116.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache
pragma: no-cache
expires: 0
access-control-allow-origin: *
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 49
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif
x-server: 10.45.21.145
server: Jetty(9.4.38.v20210224)

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

204

merge
ce.lijit.com/
Redirect Chain

https://um.simpli.fi/lj_match
https://ce.lijit.com/merge?pid=2&3pid=7DEEB55C4D1F4B0799E41E7096C9DA73

0
223 B

256ms
68ms

Image
text/plain

34.242.121.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=2&3pid=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol: H2
Server: 34.242.121.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-242-121-27.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

expires: Fri, 20 Mar 2009 00:00:00 GMT
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 22 Oct 2024 00:20:52 GMT
pragma: no-cache
vary: Accept-Encoding
x-merge: GDPR Optout true

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://ce.lijit.com/merge?pid=2&3pid=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

451

419566.gif
idsync.rlcdn.com/
Redirect Chain

https://um.simpli.fi/liveramp_match
https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73

0
98 B

171ms
57ms

Image
text/plain

35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H3

200

/
www.google.de/pagead/1p-conversion/1026675585/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1729556451902&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHB...
https://www.google.com/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDs...
https://www.google.de/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQ...

42 B
64 B

49ms
49ms

Image
image/gif

2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSKQDpaXnfbF1UqGHHo6kZ5SC7mKISp4x66a-dMMLw3PtLhIpxP8i1s62b&random=2407399201&ipr=y

Protocol

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/1026675585/?random=442201237&cv=7&fst=1729556451902&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOrGsQI&pscrd=IhMImrrA79ugiQMV3zlVCB10GDAwMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOokBaHR0cHM6Ly93d3cuY3liZXJhcmsuY29tL3Jlc291cmNlcy90aHJlYXQtcmVzZWFyY2gtYmxvZy9nb2xkZW4tc2FtbC1uZXdseS1kaXNjb3ZlcmVkLWF0dGFjay10ZWNobmlxdWUtZm9yZ2VzLWF1dGhlbnRpY2F0aW9uLXRvLWNsb3VkLWFwcHM&is_vtc=1&cid=CAQSKQDpaXnfbF1UqGHHo6kZ5SC7mKISp4x66a-dMMLw3PtLhIpxP8i1s62b&random=2407399201&ipr=y
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 204 spotx_match
um.simpli.fi/ 0
272 B 80ms
79ms Image
text/plain 34.91.62.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/spotx_match

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

186.62.91.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-methods: GET, POST, OPTIONS
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-origin: *
date: Tue, 22 Oct 2024 00:20:52 GMT
x-content-type-options: nosniff

GET
H2

200

setuid
ib.adnxs.com/
Redirect Chain

https://um.simpli.fi/an
https://ib.adnxs.com/setuid?entity=66&code=7DEEB55C4D1F4B0799E41E7096C9DA73

43 B
1 KB

49ms
47ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=66&code=7DEEB55C4D1F4B0799E41E7096C9DA73

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: facfd5ba-9c62-4acc-bc47-65352998d9de
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://ib.adnxs.com/setuid?entity=66&code=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://um.simpli.fi/rb_match
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=7DEEB55C4D1F4B0799E41E7096C9DA73&expires=365

0
239 B

202ms
48ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=7DEEB55C4D1F4B0799E41E7096C9DA73&expires=365
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 7d6e3b6fefbbeb4d018118d74243a2fc
Pragma: no-cache
Content-Type: image/gif

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=7DEEB55C4D1F4B0799E41E7096C9DA73&expires=365
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=7DEEB55C4D1F4B0799E41E7096C9DA73

43 B
264 B

160ms
56ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072966&val=7DEEB55C4D1F4B0799E41E7096C9DA73
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 22 Oct 2024 00:20:51 GMT
content-type: image/gif
vary: Accept
server: OXGW/0.0.0

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://us-u.openx.net/w/1.0/sd?id=537072966&val=7DEEB55C4D1F4B0799E41E7096C9DA73
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2 200 pixel
cm.g.doubleclick.net/ 170 B
409 B 159ms
59ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 129ms
128ms Stylesheet
text/css 3.126.222.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.222.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-222-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a30bb9458dd13fdc8c80f92b3532fa21dd7b5459a0b48eeea0c3bf71dec1ec93

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 209ms
133ms Fetch
image/jpeg 3.126.222.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.222.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-222-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin: *
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/jpeg

POST
H2 200 s49903071052839 Show response
cyberark.sc.omtrdc.net/b/ss/cyberarkproduction/1/JS-2.27.0-LEWM/ 43 B
389 B 168ms
56ms XHR
image/gif 63.140.62.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cyberark.sc.omtrdc.net/b/ss/cyberarkproduction/1/JS-2.27.0-LEWM/s49903071052839

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-27.data.adobedc.net

Software

jag /

Resource Hash

55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, no-store, max-age=0, no-transform, private
pragma: no-cache
etag: 3714194200525012992-4618239780686736093
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Mon, 21 Oct 2024 00:20:52 GMT
access-control-allow-origin: https://www.cyberark.com
p3p: CP="This is not a P3P policy"
content-length: 43
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 1; mode=block
last-modified: Wed, 23 Oct 2024 00:20:52 GMT
vary: *
server: jag
content-type: image/gif;charset=utf-8

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 102ms
34ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=286320195733404&ev=PageView&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&rl=&if=false&ts=1729556452044&sw=1600&sh=1200&v=2.9.172&r=stable&ec=0&o=12318&fbp=fb.1.1729556452043.29023590965155466&cs_est=true&ler=empty&cdl=API_unavailable&it=1729556451825&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=10, mss=1328, tbw=2923, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 271ms
214ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=286320195733404&ev=PageView&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&rl=&if=false&ts=1729556452044&sw=1600&sh=1200&v=2.9.172&r=stable&ec=0&o=12318&fbp=fb.1.1729556452043.29023590965155466&cs_est=true&ler=empty&cdl=API_unavailable&it=1729556451825&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7428388398702965151"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: YUPa2WyFoaiRV52k72VZHAcjs6blIsA0T2sNRfxJHkSvTEa6S9EOnEwlt4KxhwUPLdQFEeF56fV9ZhFGxjMjVw==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7428388398702965151", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=10, mss=1328, tbw=3241, tp=-1, tpl=-1, uplat=180, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
311 B 143ms
143ms XHR
text/plain 3.126.222.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=jVuggUzL4Z1pNoK2f21A_Q&is_js=true&landing_url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&t=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&tip=QgFbgZCrwQrQO976_9j4dg_7nanCznCet4NuByXsMgE&host=https%3A%2F%2Fwww.cyberark.com&sa_conv_data_css_value=%270-a85b802f-86f5-5544-7197-56414755013b%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9a85b802f86f55544719756414755013bd972d783&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIHA3H2EEmQtKCcneGn8odvHKBl4NWP20rZid3RNg5kptENYBGAQg49_buAYwAToEQN4Ii0IEHcE6fw.Cjt%252BJoOFByImqvUmnVxJsEKyJ3cqPsnyHPGKfKClEfc&sa-user-id-v2=s%253AqFuAL4b1VURxl1ZBR1UBO9ly14M.NBHHbbL%252F1WEzhB%252FcQWfEG7fSHshc3ZePsRTUji6yEVs&sa-user-id=s%253A0-a85b802f-86f5-5544-7197-56414755013b.IDSYYOUm01kjppRzsngxvGR7KTDsl%252Fky1aI%252F1WzCoBM
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.222.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-222-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c7295f0f8c9fbfaeb021c7f80e61b2ebc9c3312995a17fb8ba238ce9068c9734

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-methods: GET
access-control-allow-origin: https://www.cyberark.com
content-length: 116
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: text/plain; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: *

GET
H/1.1

200
OK

iframe
d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/ Frame DC6E
Redirect Chain

https://insight.adsrvr.org/tags/0v1kpom/u9beit9/iframe
https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe

0
0

182ms
52ms

Document
text/html

13.225.83.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/code/08773fb052a2034353e4744495485b88.js?conditionId0=4910939
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.83.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-83-200.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Age: 66665
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 138
Content-Type: text/html
Date: Mon, 21 Oct 2024 05:50:09 GMT
ETag: "d45046dc61fcd53aaf217c2c9496ec77"
Last-Modified: Fri, 01 Oct 2021 23:43:18 GMT
Server: AmazonS3
Via: 1.1 6c9a2d99a25484f38efa27d58a726b2c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 9JGkShRmHaW_YCw6Vga5d2dQjRMtnrXejw1hJ6cYUo-bBmyE3HTi2g==
X-Amz-Cf-Pop: FRA2-C2
X-Cache: Hit from cloudfront
x-amz-server-side-encryption: AES256

Redirect headers

content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
location: https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 141ms
141ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A51%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:52 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 core
js.driftt.com/ Frame 2270 0
0 253ms
160ms Document
text/html 18.245.86.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=f6bafa70-4051-428e-bfd3-3a1454b90d46&sessionStarted=1729556452.237&campaignRefreshToken=843b3c86-3638-43d6-96e7-4bf0f959d0b2&hideController=false&pageLoadStartTime=1729556448519&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1729556700000/ey22i6m9p82y.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-73.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 22 Oct 2024 00:20:52 GMT
etag: W/"323cf43fb7dd4d8ce2fbf72604328721"
last-modified: Fri, 11 Oct 2024 18:46:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 e0bdfd4f00aaa5b927cf38c4eda059ca.cloudfront.net (CloudFront)
x-amz-cf-id: wkRPvRcQCg9izv1e0HZ3eU5Sv_DsVobAQY1Mf-1-oeAOvArTw-N6qg==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: KOzChVsUmRwQhfJPojbnFLzc1Y3kJgXL
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 23

GET
H2 200 chat
js.driftt.com/core/ Frame 82D1 0
0 503ms
420ms Document
text/html 18.245.86.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1729556448519

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1729556700000/ey22i6m9p82y.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-73.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 22 Oct 2024 00:20:52 GMT
etag: W/"323cf43fb7dd4d8ce2fbf72604328721"
last-modified: Fri, 11 Oct 2024 18:46:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 e0bdfd4f00aaa5b927cf38c4eda059ca.cloudfront.net (CloudFront)
x-amz-cf-id: zVHMkPOAXY7FT90Nu172fgQet21MygwlXgODgR9W6XKdMWWazHYC5A==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: KOzChVsUmRwQhfJPojbnFLzc1Y3kJgXL
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 20

POST
H2 200 mon Show response
obs.segreencolumn.com/ 0
148 B 169ms
167ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.segreencolumn.com/mon
Requested by: Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin: https://www.cyberark.com
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H2 200 mon Show response
obs.segreencolumn.com/ 0
16 B 270ms
269ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.segreencolumn.com/mon
Requested by: Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin: https://www.cyberark.com
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 pixel Show response
cm.g.doubleclick.net/ 170 B
232 B 65ms
64ms Script
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=4084603115321777412&pixelIndex=0

Requested by

Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

071d0a5d172af491aedca9041f20e830d25fd4d339a1006bca3bed949069aa30

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

GET
H/1.1

200
OK

blank.png
s.dpmsrv.com/
Redirect Chain

https://a.usbrowserspeed.com/cs?pid=d177d942cb8207b52f57818feb9bb79a7b77ce6e0ed688e3af36875661b9be1d&r=https%3A%2F%2Fs.dpmsrv.com%2Fblank.png&puid=62_4084603115321777412
https://s.dpmsrv.com/blank.png

563 B
1 KB

39ms
39ms

Image
image/png

18.245.60.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.dpmsrv.com/blank.png
Protocol: HTTP/1.1
Server: 18.245.60.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-41.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 275bbb87cacfdec0c1259a2356fb3f2858f18e6f842d1fa1e5c8e8c16eb9a120

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

ETag: "0db3c937b3b1cedbed051c0f2592bc1e"
Age: 72856
Connection: keep-alive
Via: 1.1 9bd86598a7f45cc948aa2f9674ece0b2.cloudfront.net (CloudFront)
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Content-Length: 563
X-Amz-Cf-Id: L8z-D2fYxkm7GdlmrAoGVG57iMS6_jhtCLRs0nntHNxtRA-cH1s_vQ==
Date: Tue, 22 Oct 2024 00:20:14 GMT
Content-Type: image/png
Last-Modified: Tue, 11 Jun 2024 14:07:56 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P5
x-amz-server-side-encryption: AES256

Redirect headers

location: https://s.dpmsrv.com/blank.png
content-length: 53
date: Tue, 22 Oct 2024 00:20:53 GMT
content-type: text/html; charset=utf-8
server: awselb/2.0

GET
H2 451 423396.gif
idsync.rlcdn.com/ 0
42 B 65ms
65ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/423396.gif?partner_uid=4084603115321777412
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
194 B 193ms
192ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D2D2920439E341F0A7453C24D9AA1F9A Ref B: FRAEDGE1820 Ref C: 2024-10-22T00:20:52Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAYlBb39QrgsIeEdiTr8Cw==
x-li-proto: http/2
access-control-allow-origin: https://www.cyberark.com
x-cache: CONFIG_NOCACHE
date: Tue, 22 Oct 2024 00:20:52 GMT
vary: Origin

GET
H3 200 collect
www.google-analytics.com/ 35 B
58 B 34ms
33ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1202403874&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP&ea=Organization&el=Keyweb%20AG&_u=aHBAgEABAAAAAGAEK~&jid=&gjid=&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&cd1=Keyweb%20AG&npa=1&z=1490896191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

age: 85615
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 21 Oct 2024 00:33:57 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 40ms
40ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 71ms
71ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 76ms
75ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 collect
www.google-analytics.com/ 35 B
58 B 41ms
40ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1202403874&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Opt-In%20Campaign%20Audience&el=Keyweb%20AG&_u=aHBAgEABAAAAAGAEK~&jid=&gjid=&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&cd1=Keyweb%20AG&npa=1&z=263422613

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

age: 85615
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 21 Oct 2024 00:33:57 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 53ms
52ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 a
www.googletagmanager.com/ 0
14 B 52ms
52ms Image
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:654:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:654:0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 22 Oct 2024 00:20:52 GMT
x-xss-protection: 0
content-type: text/html
server: Google Tag Manager

GET
H3 200 collect
www.google-analytics.com/ 35 B
58 B 41ms
40ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1202403874&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=All%20visitors&el=Keyweb%20AG&_u=aHBAgEABAAAAAGAEK~&jid=&gjid=&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&cd1=Keyweb%20AG&npa=1&z=1038398435

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

age: 85615
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 21 Oct 2024 00:33:57 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET
H3 200 collect
www.google-analytics.com/ 35 B
58 B 39ms
39ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1202403874&t=event&ni=1&_s=5&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&ul=de-de&de=UTF-8&dt=Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Gartner%20MQ%202020&el=Keyweb%20AG&_u=aHBAgEABAAAAAGAEK~&jid=&gjid=&cid=146266419.1729556450&tid=UA-44168172-9&_gid=1583040074.1729556450&gtm=45He4ah0n715SFWTHv72025662za200&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&cd7=&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823847~101836706&cd1=Keyweb%20AG&npa=1&z=177841722

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

age: 85615
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 21 Oct 2024 00:33:57 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 136ms
136ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A52%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223002%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:53 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 22 Oct 2024 00:20:53 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 mon Show response
obs.segreencolumn.com/ 0
39 B 135ms
133ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.segreencolumn.com/mon
Requested by: Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin: https://www.cyberark.com
content-length: 0
date: Tue, 22 Oct 2024 00:20:53 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H/1.1 200
OK index.php Show response
a.dpmsrv.com/dpmpxl/ 5 B
1 KB 133ms
133ms Script
text/javascript 54.159.177.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?dpmCid=&zn=&sn=&q=xSeg&v=1.x&ep%5Bids%5D=20714219&cl=62&pixelIndex=0&r=83053&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&id=4084603115321777412
Requested by: Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.159.177.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-159-177-125.compute-1.amazonaws.com
Software: /
Resource Hash: fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Max-Age: 10
Cache-Control: no-cache, no-store, must-revalidate
content-encoding: gzip
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Expires: 0
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 31
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept

GET
H2 200 seg
ib.adnxs.com/ 43 B
1 KB 44ms
43ms Image
image/gif 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/seg?member=827&add=20714219

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 973b7502-cac6-4a1d-8867-9f3a8a166fa6
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:53 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 139ms
138ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A53%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224003%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:54 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 22 Oct 2024 00:20:54 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 mon Show response
obs.segreencolumn.com/ 0
39 B 133ms
131ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.segreencolumn.com/mon
Requested by: Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin: https://www.cyberark.com
content-length: 0
date: Tue, 22 Oct 2024 00:20:54 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H/1.1 200
OK index.php Show response
a.dpmsrv.com/dpmpxl/ 5 B
1 KB 137ms
137ms Script
text/javascript 54.159.177.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?dpmCid=&zn=&sn=&q=xSeg&v=1.x&ep%5Bids%5D=8179407%2C17469484%2C17455522%2C17469469%2C17469519%2C17503755%2C3781750&cl=62&pixelIndex=0&r=753495&tzOffset=-120&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&id=4084603115321777412
Requested by: Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_511a418e72591eb7e33f703f04c3fa16df6c90bd.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.159.177.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-159-177-125.compute-1.amazonaws.com
Software: /
Resource Hash: fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

Access-Control-Max-Age: 10
Cache-Control: no-cache, no-store, must-revalidate
content-encoding: gzip
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Expires: 0
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 31
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept

GET
H2 200 seg
ib.adnxs.com/ 43 B
1 KB 53ms
51ms Image
image/gif 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/seg?member=827&add=8179407,17469484,17455522,17469469,17469519,17503755,3781750

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 67f17ab5-72ae-46ab-ac13-068bf7a1dcff
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

GET
H2 200 px
secure.adnxs.com/ 43 B
1 KB 51ms
50ms Image
image/gif 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=830208&t=2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 124d9acc-9d93-48df-b8cd-4f4dbf40e6e2
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

GET
H2 200 px
secure.adnxs.com/ 43 B
1 KB 46ms
45ms Image
image/gif 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=1093460&t=2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: cf3e9c8b-382b-4bbf-9210-13c1c62062ac
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

GET
H2 200 px
secure.adnxs.com/ 43 B
1 KB 47ms
47ms Image
image/gif 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=1092981&t=2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: e7dd96fe-b9bf-427d-bc21-ee313a58eb8d
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

GET
H2 200 px
secure.adnxs.com/ 43 B
1 KB 62ms
61ms Image
image/gif 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=1093451&t=2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 1a2ef569-dd17-415d-8de8-85ed690bbf8a
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

GET
H2 200 px
secure.adnxs.com/ 43 B
1 KB 49ms
48ms Image
image/gif 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=1093467&t=2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 959c063f-d6b8-44ce-ae24-301bd7c129dc
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

GET
H2 200 px
secure.adnxs.com/ 43 B
1 KB 56ms
55ms Image
image/gif 37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=1095425&t=2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 217.114.215.131; 217.114.215.131; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 6250ac1e-2316-45c2-9983-2caf0464c2ed
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 22 Oct 2024 00:20:54 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 140ms
140ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A54%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225004%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:55 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 22 Oct 2024 00:20:55 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 3.ee35dea2.chunk.js Show response
js.driftt.com/conductor/assets/ 158 B
852 B 43ms
43ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/3.ee35dea2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1729556700000/ey22i6m9p82y.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

x-amz-version-id: rYV3Tk3yEytdzde9thJ_AN9ul6xSrvB.
etag: "e6714addd36102488fb27a980401fd36"
age: 3024411
access-control-allow-methods: GET, POST, OPTIONS
x-cache: Hit from cloudfront
x-amz-cf-id: ivNghYQfgyRfGRBh3ngFOhBpv3wgz0ttAweo2RQCGp6DPI4s4fuDVg==
date: Tue, 17 Sep 2024 00:14:04 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 10 Sep 2024 14:51:22 GMT
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 13
access-control-allow-credentials: true
via: 1.1 9ed190c9d6b2f812d19cbb317856ed88.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 158
x-amz-cf-pop: FRA60-P6
server: istio-envoy
x-amz-server-side-encryption: AES256

GET
H2 206 notification.5f7c6014.mp3
js.driftt.com/conductor/assets/media/ 8 KB
8 KB 48ms
47ms Media
audio/mpeg 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/media/notification.5f7c6014.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: S33UiBwNvliR50b2AEBpFOEOFBHHZpkx
etag: "5f7c6014cf73831f91963a668b71fbb9"
age: 7953006
access-control-allow-methods: GET, POST, OPTIONS
x-cache: Hit from cloudfront
x-amz-cf-id: s2Ej_o_BYVVD9wns5b2CST4Ur00fj6XVQvbvfF5NkZ27yGPtauP-Yw==
date: Sun, 21 Jul 2024 23:10:49 GMT
content-type: audio/mpeg
last-modified: Thu, 18 Jul 2024 16:59:01 GMT
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=31536000
x-envoy-upstream-service-time: 18
access-control-allow-credentials: true
Content-Range: bytes 0-7754/7755
via: 1.1 9ed190c9d6b2f812d19cbb317856ed88.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 7755
x-amz-cf-pop: FRA60-P6
server: istio-envoy
x-amz-server-side-encryption: AES256

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 144ms
144ms Image
image/gif 95.101.111.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A55%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226004%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:20:56 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 22 Oct 2024 00:20:56 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 mon Show response
obs.segreencolumn.com/ 0
39 B 139ms
138ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.segreencolumn.com/mon
Requested by: Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/84cf3062f98cbab994d639a975b2798e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Response headers

access-control-allow-origin: https://www.cyberark.com
content-length: 0
date: Tue, 22 Oct 2024 00:20:56 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.cyberark.com
URL: blob:https://www.cyberark.com/9ea938e4-65fc-409a-9bd3-00e6a7fb2552

Domain: www.cyberark.com
URL: blob:https://www.cyberark.com/a4382447-0c84-4f17-898e-68d7799ca9d4

Domain: sync.intentiq.com
URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=7DEEB55C4D1F4B0799E41E7096C9DA73

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=7ffbeec5-6b45-45f0-8a8b-0f4614620feb&session=ab6ea907-eb75-486e-8278-8c308a8301c4&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2022%20Oct%202024%2000%3A20%3A56%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227005%22%7D&isIframe=false&m=%7B%22description%22%3A%22In%20this%20blog%20post%2C%20we%20introduce%20a%20new%20attack%20vector%20discovered%20by%20CyberArk%20Labs%20and%20dubbed%20%E2%80%9Cgolden%20SAML.%E2%80%9D%20The%20vector%20enables%20an%20attacker%20to%20create%20a%20golden%20SAML%2C%20which%20is%20basically%20a%20forged%20SAML...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Golden%20SAML%3A%20Newly%20Discovered%20Attack%20Technique%20Forges%20Authentication%20to%20Cloud%20Apps%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps&pageViewId=82750007-f594-40b3-84d3-45801eda0f61&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&ipv6=2001%3A1b60%3A1010%3A3%3A1012%3A252e%3A2f84%3Abc77&v=1.1.29

Verdicts & Comments Add Verdict or Comment

189 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

80 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.cyberark.com/	1969-12-31 23:59:59	Name: _MGZ_ Value: k5k477tu63bhl8uqdve3saakuf
.cyberark.com/	1970-01-21 00:25:58	Name: __cf_bm Value: FqCYh3XfROu86jqQD6Rdmp15j1zMdZV9WCTrCRobp7M-1729556448-1.0.1.1-3rAB7KTzGi_72MoXiYDL0J3A9s3ndLUYgjntRHvCJ.zJyNwL_pt_s4kYSOF4rGjONSF2ot0njtkDrBa2nN9F8Q
.www.cyberark.com/	1970-01-21 09:11:32	Name: _ufav Value: b17d284342c640a6ae920085b5f52a09
.www.cyberark.com/	1970-01-21 00:26:00	Name: _ufas Value: ab4540eee47a47a492f0de62a59cd623
www.cyberark.com/	1970-01-21 00:25:58	Name: ufentry Value: 20241021.205049
.cyberark.com/	1969-12-31 23:59:59	Name: at_check Value: true
.cyberark.com/	1970-01-21 02:37:20	Name: _cq_duid Value: 1.1729556449.oyQePtFo1CuwwOkR
.cyberark.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1729556449.oRaS1qqnwi1C7ier
.cyberark.com/	1970-01-21 02:35:32	Name: _gcl_au Value: 1.1.157129000.1729556450
.demdex.net/	1970-01-21 04:45:08	Name: demdex Value: 17521897870795926943090136164194094885
.cyberark.com/	1969-12-31 23:59:59	Name: AMCVS_9AB97041603F3EDB0A495C66%40AdobeOrg Value: 1
.cyberark.com/	1970-01-21 10:01:56	Name: _mkto_trk Value: id:316-CZP-275&token:_mch-cyberark.com-1729556449735-82067
.cyberark.com/	1970-01-21 02:35:32	Name: _rdt_uuid Value: 1729556449792.9844c189-b22f-4d1d-83cc-d8043497f49e
.cyberark.com/	1970-01-21 10:01:56	Name: _ga Value: GA1.2.146266419.1729556450
.cyberark.com/	1970-01-21 00:27:22	Name: _gid Value: GA1.2.1583040074.1729556450
.cyberark.com/	1970-01-21 00:25:56	Name: _dc_gtm_UA-44168172-9 Value: 1
.cyberark.com/	1970-01-21 00:25:58	Name: TAsessionID Value: fd5756fa-fd1b-45b4-97bf-c119069b26f3\|NEW
.cyberark.com/	1969-12-31 23:59:59	Name: notice_behavior Value: expressed,eu
.cyberark.com/	1970-01-21 09:11:32	Name: cf_clearance Value: Cf6My.MAkYBnx52uFutE8fOPiTEP.Vj1rcDYg4TzW0E-1729556449-1.2.1.1-2XuFyYAsVwsiaOeO4DViAynziv91WekBzu9PMVdp8OZRc_q0elVktcNy6g.CQxAdPCnnlhSMo_5rkuaxVpe6itu4HPXdYb8KxV9FLRPcjQ4tROhAMZleC0OuvImtObIpFC2Ml0.OGViEnqOM9TEStSc5_JOowsDqaWPxpIOHnAj3xnVES9i6MDpemxSlIjjWgjaBI1rKeY66BZdrB.q5BfQxkqKmS3A8dMCX70VM9T0kllLONsShLEzNR0vikxvx7K0O_PbqafCzlTp7_LmnH5XIA8GD7RDSDnPysB_ImovCplW6nk_6YVrPJWq1dvuT4HUE3CYRPhtVNMAG7ObIStPobAly5oo0ml7W1WxCognd6XhSjfbCon7S6EoYDMPF
.cyberark.com/	1970-01-21 10:01:56	Name: mbox Value: session#a9db798c9972494f99961f3a433e9161#1729558310\|PC#a9db798c9972494f99961f3a433e9161.37_0#1792801250
.cyberark.com/	1970-01-21 10:01:56	Name: trwv.uid Value: cyberarksoftware-1729556450086-440833af%3A1
.cyberark.com/	1970-01-21 00:25:58	Name: trwsa.sid Value: cyberarksoftware-1729556450086-624e3f6e%3A1
.adnxs.com/	1970-01-21 10:01:56	Name: receive-cookie-deprecation Value: 1
www.cyberark.com/	1970-01-21 00:36:01	Name: _an_uid Value: 0
www.cyberark.com/	1970-01-21 10:01:56	Name: _gd_visitor Value: 7ffbeec5-6b45-45f0-8a8b-0f4614620feb
www.cyberark.com/	1970-01-21 00:26:10	Name: _gd_session Value: ab6ea907-eb75-486e-8278-8c308a8301c4
.dpm.demdex.net/	1970-01-21 04:45:08	Name: dpm Value: 17521897870795926943090136164194094885
.cyberark.com/	1970-01-21 10:01:56	Name: AMCV_9AB97041603F3EDB0A495C66%40AdobeOrg Value: 179643557%7CMCIDTS%7C20019%7CMCMID%7C13433950944575235472312575952379861128%7CMCAAMLH-1730161249%7C6%7CMCAAMB-1730161249%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729563649s%7CNONE%7CMCSYNCSOP%7C411-20026%7CvVersion%7C5.5.0
obs.segreencolumn.com/	1970-01-21 08:29:46	Name: cg_uuid Value: 536d7477d19b9477c920606e748f10b0
.simpli.fi/	1970-01-21 09:12:58	Name: suid Value: 7DEEB55C4D1F4B0799E41E7096C9DA73
www.cyberark.com/	1969-12-31 23:59:59	Name: dpm_url_count Value: 1
.simpli.fi/	1970-01-21 00:36:01	Name: uid_syncd_secure Value: true
.doubleclick.net/	1970-01-21 04:45:08	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 02:35:32	Name: XANDR_PANID Value: tYHS_Fum0qv83EfcDMcPt-Otkxih6PBThXrWql-p5BYKxaT_8LgzmvrJgXey0cJmrj9t8DzMUFlLh53DZF7OC1HlOAe4x9nADS1jq_BTWX4.
.adnxs.com/	1970-01-21 02:35:32	Name: uuid2 Value: 4084603115321777412
tags.srv.stackadapt.com/	1970-01-21 09:11:32	Name: sa-user-id Value: s%3A0-a85b802f-86f5-5544-7197-56414755013b.IDSYYOUm01kjppRzsngxvGR7KTDsl%2Fky1aI%2F1WzCoBM
.srv.stackadapt.com/	1970-01-21 09:11:32	Name: sa-user-id Value: s%3A0-a85b802f-86f5-5544-7197-56414755013b.IDSYYOUm01kjppRzsngxvGR7KTDsl%2Fky1aI%2F1WzCoBM
tags.srv.stackadapt.com/	1970-01-21 09:11:32	Name: sa-user-id-v2 Value: s%3AqFuAL4b1VURxl1ZBR1UBO9ly14M.NBHHbbL%2F1WEzhB%2FcQWfEG7fSHshc3ZePsRTUji6yEVs
.srv.stackadapt.com/	1970-01-21 09:11:32	Name: sa-user-id-v2 Value: s%3AqFuAL4b1VURxl1ZBR1UBO9ly14M.NBHHbbL%2F1WEzhB%2FcQWfEG7fSHshc3ZePsRTUji6yEVs
tags.srv.stackadapt.com/	1970-01-21 09:11:32	Name: sa-user-id-v3 Value: s%3AAQAKIHA3H2EEmQtKCcneGn8odvHKBl4NWP20rZid3RNg5kptENYBGAQg49_buAYwAToEQN4Ii0IEHcE6fw.Cjt%2BJoOFByImqvUmnVxJsEKyJ3cqPsnyHPGKfKClEfc
.srv.stackadapt.com/	1970-01-21 09:11:32	Name: sa-user-id-v3 Value: s%3AAQAKIHA3H2EEmQtKCcneGn8odvHKBl4NWP20rZid3RNg5kptENYBGAQg49_buAYwAToEQN4Ii0IEHcE6fw.Cjt%2BJoOFByImqvUmnVxJsEKyJ3cqPsnyHPGKfKClEfc
www.cyberark.com/	1970-01-21 09:11:32	Name: sa-user-id Value: s%253A0-a85b802f-86f5-5544-7197-56414755013b.IDSYYOUm01kjppRzsngxvGR7KTDsl%252Fky1aI%252F1WzCoBM
www.cyberark.com/	1970-01-21 09:11:32	Name: sa-user-id-v2 Value: s%253AqFuAL4b1VURxl1ZBR1UBO9ly14M.NBHHbbL%252F1WEzhB%252FcQWfEG7fSHshc3ZePsRTUji6yEVs
www.cyberark.com/	1970-01-21 09:11:32	Name: sa-user-id-v3 Value: s%253AAQAKIHA3H2EEmQtKCcneGn8odvHKBl4NWP20rZid3RNg5kptENYBGAQg49_buAYwAToEQN4Ii0IEHcE6fw.Cjt%252BJoOFByImqvUmnVxJsEKyJ3cqPsnyHPGKfKClEfc
.cyberark.com/	1970-01-21 00:25:58	Name: gpv_c51 Value: https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fgolden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
.cyberark.com/	1970-01-21 01:09:08	Name: s_nr30 Value: 1729556451974-New
.cyberark.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.doubleclick.net/	1970-01-21 01:09:08	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-21 09:47:32	Name: IDE Value: AHWqTUllMFZys5W9Yvhhm2ceDMuPgEylYM6spdLudexPQ-DR3vjYaIe3baaXMkWN
.cyberark.com/	1970-01-21 02:35:32	Name: _fbp Value: fb.1.1729556452043.29023590965155466
.bidr.io/	1970-01-21 09:54:30	Name: bito Value: AAHI5k7OLeAAABQqrzb0Wg
.bidr.io/	1970-01-21 09:54:30	Name: bitoIsSecure Value: ok
.linkedin.com/	1970-01-21 09:11:32	Name: bcookie Value: "v=2&40f4503b-033d-4e22-8930-60689b9f588f"
.linkedin.com/	1970-01-21 04:45:08	Name: li_gc Value: MTswOzE3Mjk1NTY0NTI7MjswMjHyhF5/CqNhqIlCSTD0VCu8i9BYVJd8Lo+eeL17VdKfvg==
.linkedin.com/	1970-01-21 00:27:22	Name: lidc Value: "b=TGST05:s=T:r=T:a=T:p=T:g=3142:u=1:x=1:i=1729556452:t=1729642852:v=2:sig=AQEPcQLw_trk8Mjs8kfFhpLmdlxyjQfp"
.tapad.com/	1970-01-21 01:52:20	Name: TapAd_TS Value: 1729556452217
.tapad.com/	1970-01-21 01:52:20	Name: TapAd_DID Value: 1de5d9c1-8f59-45de-ad8b-3bb6bb272d5e
.1rx.io/	1970-01-21 09:11:32	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003%22%7D
www.cyberark.com/	1970-01-21 00:25:58	Name: drift_campaign_refresh Value: 843b3c86-3638-43d6-96e7-4bf0f959d0b2
.pro-market.net/	1970-01-21 04:45:08	Name: anProfile Value: "1ha0kfoj6gydt+1+1f=1+1g=1+1j=41+rs=s+rt=20011B60101000031012252E2F84BC77+s2=(slqeas)+vm=24-7DEEB55C4D1F4B0799E41E7096C9DA73"
.pro-market.net/	1970-01-21 01:09:08	Name: anHistory Value: "1ha0kfoj6gydt+2+!#7')%@#Ynk"
.tapad.com/	1970-01-21 01:52:20	Name: TapAd_3WAY_SYNCS Value:
.agkn.com/	1970-01-21 09:11:32	Name: ab Value: 0001%3AW0eVuACZxldz9L%2F9GQbBTMrLB9lQ85fd
.exelator.com/	1970-01-21 03:18:44	Name: EE Value: "cfe45b3d74c630311807747cef00370f"
.exelator.com/	1970-01-21 03:18:44	Name: ud Value: "eJxrXxzq6XKLQSE5LdXENMk4xdwk2czYwNjQ0MLA3NzEPDk1zcDA2NwgbXFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDIckl%252BUWb6IhfXxUUpaQyLSopPBZ%252BMOAsAhQAqIg%253D%253D"
.targeting.unrulymedia.com/	1970-01-21 09:11:32	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-c9c06258-a2f4-4ffb-85a5-11e26e43af57-003%22%7D
.agkn.com/	1970-01-21 09:11:32	Name: u Value: C\|0AAAAAAAALqmsZAAAAAAA
.dpmsrv.com/	1970-01-21 10:01:56	Name: dpm_pxl Value: d6c130a41c0b6d987e80e0803d343e0745e0be1d
.dpmsrv.com/	1970-01-21 10:01:56	Name: dpm_pxl_aid Value: 4084603115321777412
www.cyberark.com/	1969-12-31 23:59:59	Name: hasLiveRampMatch Value: true
.bfmio.com/	1970-01-21 09:11:32	Name: __141_cid Value: 7DEEB55C4D1F4B0799E41E7096C9DA73
.bfmio.com/	1970-01-21 09:11:32	Name: __io_cid Value: c2a9c242261305bd3ea83a5db294c234c7f0598c
.cyberark.com/	1970-01-21 10:01:56	Name: _ga_XTLTD7RKN5 Value: GS1.2.1729556450.1.0.1729556452.58.0.0
www.cyberark.com/	1970-01-21 10:01:56	Name: drift_aid Value: fff187c7-f545-4672-b089-73c425e23ec0
www.cyberark.com/	1970-01-21 10:01:56	Name: driftt_aid Value: fff187c7-f545-4672-b089-73c425e23ec0
.a.usbrowserspeed.com/	1970-01-21 09:11:32	Name: tuid Value: d0a4b5f2-bd7c-4814-a7ca-7427226ec028
.dpmsrv.com/	1970-01-21 10:01:56	Name: xdpm_segs_62 Value:
.adnxs.com/	1970-01-21 02:35:32	Name: anj Value: dTM7k!M4.FEVNsVF']wIg2E>2x:ZP=!g]ht#MUVIpDj>lih.1^KF'gN4/]57IE?TpIEF8[_zj2`JB_#b4nu-MIEXXnKbRn]'U7[N!2>h9/+0J2!.C_apTyWd
.dpmsrv.com/	1970-01-21 10:01:56	Name: xdpm_segsid_62 Value: 17469484%2C3781750%2C17469519%2C20714219%2C17455522%2C17503755%2C17469469%2C8179407
www.cyberark.com/	1969-12-31 23:59:59	Name: dpm_time_site Value: 4.001

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
worker	verbose	URL: blob:https://www.cyberark.com/9ea938e4-65fc-409a-9bd3-00e6a7fb2552(Line 1) Message: Error
network	error	URL: https://idsync.rlcdn.com/419566.gif?partner_uid=7DEEB55C4D1F4B0799E41E7096C9DA73 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://stags.bluekai.com/site/29931?id=7DEEB55C4D1F4B0799E41E7096C9DA73 Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=7DEEB55C4D1F4B0799E41E7096C9DA73 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps Message: Refused to execute script from 'https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=4084603115321777412&pixelIndex=0' because its MIME type ('image/png') is not executable.
network	error	URL: https://idsync.rlcdn.com/423396.gif?partner_uid=4084603115321777412 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

316-czp-275.mktoresp.com
9920016.fls.doubleclick.net
a.dpmsrv.com
a.usbrowserspeed.com
aa.agkn.com
ad.doubleclick.net
alb.reddit.com
assets.adobedtm.com
b.6sc.co
bcp.crwdcntrl.net
c.6sc.co
cdnjs.cloudflare.com
ce.lijit.com
cihost.uberflip.com
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
cnv.event.prod.bidr.io
connect.facebook.net
consent-pref.trustarc.com
consent.trustarc.com
content.cdntwrk.com
cyberark.demdex.net
cyberark.sc.omtrdc.net
cyberark.tt.omtrdc.net
d.agkn.com
d1eoo1tco6rr5e.cloudfront.net
dpm.demdex.net
eb2.3lift.com
fei.pro-market.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.simpli.fi
ib.adnxs.com
idsync.rlcdn.com
in.ml314.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.driftt.com
loadm.exelator.com
ml314.com
munchkin.marketo.net
nexus.ensighten.com
ob.segreencolumn.com
obs.segreencolumn.com
pixel-config.reddit.com
pixel.rubiconproject.com
pixel.tapad.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
rtp-static.marketo.com
s.ad.smaato.net
s.dpmsrv.com
secure.adnxs.com
simplifi.partners.tremorhub.com
sjrtp6-cdn.marketo.com
sjrtp6.marketo.com
snap.licdn.com
stags.bluekai.com
stats.g.doubleclick.net
sync.1rx.io
sync.bfmio.com
sync.intentiq.com
sync.targeting.unrulymedia.com
tag.simpli.fi
tags.srv.stackadapt.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.cyberark.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.redditstatic.com
b.6sc.co
sync.intentiq.com
www.cyberark.com
104.102.34.125
104.16.69.86
13.107.42.14
13.224.189.52
13.224.189.92
13.225.83.200
142.250.184.230
142.250.185.226
142.250.186.130
15.197.193.217
151.101.193.140
151.101.65.140
172.217.16.198
18.245.60.41
18.245.86.73
18.245.86.77
18.66.102.3
192.28.146.116
192.28.147.68
2.23.197.190
2001:4860:4802:34::36
23.197.137.224
2600:1901:0:8eee::
2600:1f18:612b:4200:d0bf:d36:b5ac:b7f8
2600:1f18:e8a:cd08:3437:aff5:50c:d298
2600:9000:206f:4000:2:8f43:5780:93a1
2600:9000:20eb:6000:12:53a8:95c0:93a1
2600:9000:211e:b800:1b:5138:8a40:93a1
2600:9000:2490:ae00:18:15b9:5a80:93a1
2606:4700::6811:190e
2620:1ec:21::14
2a00:1288:80:807::2
2a00:1450:4001:80e::2003
2a00:1450:4001:81d::200a
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:830::200e
2a00:1450:400c:c06::9d
2a02:26f0:3500:10::210:a99
2a02:26f0:3500:58f::1e80
2a02:26f0:7100::210:172
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a04:4e42:600::396
3.126.222.51
34.111.113.62
34.117.77.79
34.208.53.22
34.242.121.27
34.250.214.229
34.91.62.186
34.98.64.218
35.174.248.58
35.204.89.238
35.244.174.68
37.252.171.85
46.228.174.117
52.17.118.158
52.17.200.40
52.222.236.93
52.48.129.25
52.57.232.9
52.73.21.157
54.159.177.125
54.72.108.116
54.77.122.229
54.78.254.47
63.140.62.27
66.235.152.225
69.173.144.139
76.223.111.18
95.101.111.184
0055d15dc97d09fc7eed2789abfe2c3039920d83ee38d86f43d223a84b2d8fba
0250e8c55348f0165caec330ed0138ccbb65cfe6535abc96fabea630163b3df1
0623e10825f73d9189d396ac17783eccc55e05af0f92dd84422d2bb8522680ec
071d0a5d172af491aedca9041f20e830d25fd4d339a1006bca3bed949069aa30
0ae1d8ff559d265d54750e40737826960c9948d43edfb72b2d33c7fb2dcd3ebb
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f73a273925d016886f0d993c95bd14be555b826b82afca044a9111ff0d9f2a9
1055046717fb33ae9b9d0205f0c5242d99138168002d54ace053c07e49c97b27
139f0fa0e925b7cfb066a495e136bb92914624aea888e8bbda0594595857af6f
143a1ee63c9fe87791cde6209d3716bf432ede02fc23ecbd064edfe1cc02bca9
15c49f20dcdf9710d0b5da0a667e2d3f449209599484dddbb242eee570724980
177628e7287755e9c42cb9adcee0d7b59183e2c1c9480a047005b39d806089c2
19bb468ba17ea560dc3b738083bfdfbe55dea24abc35be5d6889d1bc2fd31182
1afb09b056ef890af30cbc33888945853da97fd1fe059d6445d2da33666cdb40
1f120dbe60c10831180babf37afc0edb7c01e9f4e7b135cfedc58b3523c887fb
1f150486021d4182821249f13273a7a87862756e2b021e3d19121aaae6a2e09d
1fb7ee27fdfb34869f89aa51d9af1cf86ecc6800ab591ec3ca78f155742200b2
2023d576439d0a3c2f727055923e314484ca21b0790ac1bdfe2e8727723c39eb
232c6f6a7678304f9efaa26f30b1610debc2ba9f4cd636b5e6751c8d73761b92
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
275bbb87cacfdec0c1259a2356fb3f2858f18e6f842d1fa1e5c8e8c16eb9a120
27983c8670fbfe01d17c2a0fdd22394e69589bc13e249015da683900010d8b92
2a3715832a93638fea5b7278a3ec48a129918aa31fc99603f0b7630e565edf6f
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f
3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
329eba5224a490e972374a62dd94c61794c440471cc2d40a13a73d6586d7394d
3315068613710cfcc08a1d43d532aec5d37aaa6b78e6b51f1240cdd429652f10
33af9b233d5770f84d5a7235aebfce12c8c8aae4a7afe780a0d9b87b56c1dbf8
33bfff284b4455e2dd459c4bf0e6076a5fe5f8632b42b8ccd2dd5a0d55dbcfbb
37e95127d694d4e83ae2a63427d36108b85d8f116879c790c506a4f9dee75199
3a9ad67e7151a1a8910746fc45089d1188bf7dfd26532588beff8f03b3981281
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3cba90de30ba29910db391f8d0de52aa6b754f83fb6530a04ba6c6bc4f930893
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45aca110620ac12009925cac1e38aa4e71426a2b83ee7f356010069b45539d56
479dbd7adb24eeca702986de7d7d3f34fe50bba22cad3db36b488d09e2e08582
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4beb123e00f4bef8edecb3c7ddda6eb703d9fac9a91c24ddde2aef8a1cd49bc2
4bfc478aed04b437be702f1cf6622778ac8bb9609bdd9ad2ef61f8e43ef41512
4c19696ccf0a3d20cc773a19fb1f46883ddba620be1e670606e62b9db980fe60
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
524281b4e193562aa90fbd5101733e2738dd88d2171d4361f1b73b2e06a59bfe
54520ead7a4b3404f20b7e2344633752708cb393d277647f8a8b978c024a9758
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
5607bc0b49036b5f13acf3f5767e0fb2fb947f5369bda253939e78e2b11f85b4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56a4c695b3c177ae27175aebb8c2a661ba15e626d4d9fcca1fd610e21947f8fb
59a7a179044a073f8724448ebb09aef58d8874ffcbb4138c3f89482c3ea5db63
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5b637e98e4790e5e42030aacdedaefcfdfaaa725e6d3caa64c8670045517a35a
5bfb62b234f6963acd89b19dedfa1e75bca2ea85bbf491344424ba177eb6cd48
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
5cbd2c4ce1325baae0fa325bdd95a25a925b094d7e88fc6fcebb834a6906c5b4
5ceaaba22d75b58e04150311f596306562a3e595e27ed4b1dfa451b82dda9e50
5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec
5f1ce8e4dbea557201fd6da0c23fc8f2c7c24da938819d0e3e1dfcb2eb260ce3
60f515991307abd345708ae3d50ff9a7751c68c208e2586d992c3c6ff729d6b0
66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4
67916d020980b0b2146bf72b94ac76ba8f60b7258a0c5613ee1b0fe8379ba24c
67e2f25233ffe02ea0a70301e7440e6371d8943ca3f759b1d128b590e7e9419b
67e5974968ed8c4d0d8cc5a63788094985c36685f7e18b2e1643ded31d032088
688d6577ebeea79fd6e9ab9d09f9ac69a2cca4e6f2060776e9326aba482176bd
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6df77d3b54c491827193b069ec9c0da3b3a41eb06d8fdbc08d29f91c07093f73
6fe7e313748ef9c88c8bde3bd65111faf8cc408ae3cf0e32274c06a1145b3243
7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a
74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595
749f69ccbbd831343bc59cacc987b287a4eb26584e0e9e84b4d844cd0342344f
789ee7ec8ddfe397c857cf0799e6bb655608853a54b7bf6642cc4a4e1378fbf0
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9
8078cebf9ab8ba5c0802536ed68317072ca51f1cb5293db16d63f923aad2e011
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
88b4bd1c3c8e9af6516b562e9679955ff48479ee6a5771e97ef425d1c5425e1f
89fb40d3f8ee135b22cd7bb01f732702b537bbd12526aaf82ff53a0f37325c2a
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8dd7a7eeccaaffd8a75ac8a2420ae500376d9f7f652dd8545deebd399bb96cfa
8ea3873a69611e840472b4320bb35a35d9ce9bc51d253b7e57ee3bd8732be817
922ab2b3e5bf7c9aeccd33ed91a30e09c8f8c5dea4f853ce8be17e61becdb971
952f35790a58d6c58cd01db0b7994f8b1e3f2d4328f8dd2ed423c01579d403c6
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
9d9bceae4048b57ba01c25f2fdba932a9936f9ed3e7e43aabc1e463856c00db4
a02215e865c2949ab838df058f262ddc8d5361d613eeb881f97be60f1f1dc4bf
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362
a1b920e479c79dcaa01636fef3b9b80f2005e4f0aefb623e8e312a6cce834ea1
a249bcffb2d8e92a3bdff919def43b14841803ad93b80ffa864db1090e007594
a30bb9458dd13fdc8c80f92b3532fa21dd7b5459a0b48eeea0c3bf71dec1ec93
a36681fe4fd06eb0856952cddb2047065db39f00e819dbf0e9715540083f8198
a8d82e3be2a96b75953a364e418e7bbacf8c55438b4c9bcdaacc72d2e0cfdeca
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ad48841a67a5fe1429379e173147275e4e87794f01df53c9ec53257ebd3b1042
ae17c16afbea216707b2203ea1cf9bdb45b9bfe47d0f4ae3258ddbc6294dd02f
ae4fae929c4bc4e4df1273de5c1a2cccc944b0741850a882711ddbe1c1a74250
b122e173fb310c409d02c56e57eea40f1ea470fed839599c902b085d8fdb0129
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2f4e6e7c111bd008a79fa50a2f95fd41995df4f1995843910ff407c6e805f24
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
b98e0f76f97857fce1b3fbd8e9ed5775988e85fffd71dcc2422f8d012378ea34
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bce8ce0d0f68ceecff66a7d2a6c3dd78fce20c7595f4239a69909d7c5e2c363a
bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027
bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641
c14f6d26fa1f78e846b809a9bd0f2c0f61d5c20bd164a6b9794155d2a26a4286
c1cd0852f3077f1b059e16529d8de16acb490990d6cb796dd74873de0bfd8a91
c5965d5d4043ea8e2514e8d8b488720375088fae0c54a112eb029e83def9c4b5
c725d1f370fda095ffc8e000d4780897eb77b5708e28f8486c7ccbb3b7fc38a6
c7295f0f8c9fbfaeb021c7f80e61b2ebc9c3312995a17fb8ba238ce9068c9734
c927e5e6481bf7a50454e40f52e1d6a0384d68fc8c626778dc9f04273780aebd
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca82fdebe02da89a7878f169d27eda219b2034e7dd55a52acc4b6c47327b64e4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf59b9c3eb9ce46a4fa0a9745ca1ffe227c94acb49dc5bcfc8a582c75c202b26
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d4761d421bbf2f059126b9ce4f5e0a9f7bc83b046a58162780a2b9c3ab8c9a56
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
d999840e4597740dd31ed034dca5776a96d92d556d9b30d442c903725a1dc21d
da70aaab22df021fab995b92d471f3e92495729f3c219f5d676c6cae8239b417
da9ff7b06912466abc8c42b979f84706ce896098ab9ea85e81258426db80fdb0
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de2e29b346da4bc7fc22f9d1f1b548cc29d6fbbb07ec236e795a1a6853c6b1cf
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfc76c674eb8cd322245ee8562bee8ade2d3c6fe5d4f72e51b14c059a88db5bf
dfcf469c7a66c6b348b50f9cd98a103da4c6ba969f80fb88ee7fed530315b302
e3a815612bbd1985cde65c5e4f47ca80ebdb95fb6166c59188d3b26c6df90e85
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b5bb34030760357507f6f487e177477dbb8c7f671d2234ede059914a419a11
e432fc19ff8ba0b3e64243eb3b983293f3727e14899a63f67c12a1a34b9c26c8
e52c838f42938406d65ae685cc53e2d7c5dc09f2c2080f9d6baa6f66acb554c8
e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2
e8a9bf176b6fad2653eec220b27ad2aba42463150c6bfccceb446ef4545c0df7
e8b5fa15cdf049327e2516b875ebfc85c0d40eeb6d9da10ba2397b189d3509a2
e96abb18e70acf14065e3bacb0dbd6942579a85d3d69d9d7551bea9c627ca3a0
ea452041e2a080dde60b253797884b42af24197c86bcb0514d2526908d11f1d5
eee6eaf59f3744b188505112ab4f349b8a7bdb5a460a253042a55ce40373bf2f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef66e9df572ace7075e22087a9df85a85a3fd11f165b4da3d7881813b9684ccf
f4cfd4a5b95dfb31c47cd567d9719fc12a0453f6ff27e2872147a9740e4b9e56
f514531503c88d1dcd2951aa5ed98f3b188fe016f1a47fc2e2ba103c72173101
f5c6d1a4a78814a5c7684cfb348d04091c496cc2e9520d8f41741a3cf2c37e91
f7812c4e95ca8f1f951f6cdc39e851fa8495343245ee2679697ebdc2acbd76b7
fac1feb1a5135b9907789af41fd68ec31edf9912c62409f4aa47f91cef731769
fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe68ada9a3d8295f355417eee75328dc8b09a238e2a2cf2dcbb738d4e5ddc511

www.cyberark.com Open in urlscan Pro 104.16.69.86 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

238 Requests

88 %HTTPS

34 %IPv6

57 Domains

80 Subdomains

67 IPs

7 Countries

4634 kBTransfer

9665 kBSize

80 Cookies

31 Outgoing links

Redirected requests

238 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cyberark.com Open in urlscan Pro
104.16.69.86 Public Scan

Screenshot
Live screenshot

Full Image

238
Requests

88 %
HTTPS

34 %
IPv6

57
Domains

80
Subdomains

67
IPs

7
Countries

4634 kB
Transfer

9665 kB
Size

80
Cookies

238 HTTP transactions
1 data transactions