www.cyberark.com Open in urlscan Pro
104.16.14.87 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Submission: On October 04 via api (October 4th 2023, 2:42:59 pm UTC) from DE — Scanned from DE

Summary HTTP 151 Redirects Links 44 Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 25 domains to perform 151 HTTP transactions. The main IP is 104.16.14.87, located in and belongs to CLOUDFLARENET, US. The main domain is www.cyberark.com. The Cisco Umbrella rank of the primary domain is 605210.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 16th 2023. Valid for: a year.

This is the only time www.cyberark.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	104.16.14.87 104.16.14.87	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	99.86.4.7 99.86.4.7	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
8	2600:9000:20e... 2600:9000:20eb:6200:12:53a8:95c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
5	2a02:26f0:e60... 2a02:26f0:e600:589::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	34.111.234.236 34.111.234.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	23.197.137.224 23.197.137.224	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	63.33.121.220 63.33.121.220	16509 (AMAZON-02) (AMAZON-02)
21	2.17.100.193 2.17.100.193	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	23.56.202.193 23.56.202.193	16625 (AKAMAI-AS) (AKAMAI-AS)
10	13.225.78.35 13.225.78.35	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
1	34.252.33.233 34.252.33.233	16509 (AMAZON-02) (AMAZON-02)
1 1	52.18.247.63 52.18.247.63	16509 (AMAZON-02) (AMAZON-02)
1	66.235.152.107 66.235.152.107	15224 (OMNITURE) (OMNITURE)
2	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
1	52.23.135.254 52.23.135.254	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
3	192.28.146.116 192.28.146.116	15224 (OMNITURE) (OMNITURE)
2	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
14	52.222.236.115 52.222.236.115	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	143.204.98.83 143.204.98.83	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:e60... 2a02:26f0:e600::170f:b2eb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	44.214.184.42 44.214.184.42	14618 (AMAZON-AES) (AMAZON-AES)
151	32

22 104.16.14.87 (None, )

ASN13335 (CLOUDFLARENET, US)

www.cyberark.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 99.86.4.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-7.fra6.r.cloudfront.net

content.cdntwrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:20eb:6200:12:53a8:95c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cihost.uberflip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:e600:589::1e80 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.234.236 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.197.137.224 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-137-224.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.33.121.220 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-121-220.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.56.202.193 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-202-193.deploy.static.akamaitechnologies.com

sjrtp6-cdn.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtp-static.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.225.78.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-35.fra2.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.252.33.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-33-233.eu-west-1.compute.amazonaws.com

cyberark.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.247.63 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-247-63.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.107 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-107.data.adobedc.net

cyberark.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.23.135.254 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-23-135-254.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

316-czp-275.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.28.146.116 (United States)

ASN15224 (OMNITURE, US)

sjrtp6.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 52.222.236.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-115.fra56.r.cloudfront.net

consent-pref.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-83.fra50.r.cloudfront.net

consent-st.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.215 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:e600::170f:b2eb (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.214.184.42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-214-184-42.compute-1.amazonaws.com

prefmgr-cookie.truste-svc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 4398 consent-pref.trustarc.com — Cisco Umbrella Rank: 17422 consent-st.trustarc.com — Cisco Umbrella Rank: 46659	568 KB
22	6sc.co j.6sc.co — Cisco Umbrella Rank: 14010 c.6sc.co — Cisco Umbrella Rank: 19472 ipv6.6sc.co — Cisco Umbrella Rank: 14550 b.6sc.co — Cisco Umbrella Rank: 7792	25 KB
22	cyberark.com www.cyberark.com — Cisco Umbrella Rank: 605210	357 KB
8	uberflip.com cihost.uberflip.com — Cisco Umbrella Rank: 147819	297 KB
6	marketo.com sjrtp6-cdn.marketo.com — Cisco Umbrella Rank: 260154 rtp-static.marketo.com — Cisco Umbrella Rank: 44415 sjrtp6.marketo.com — Cisco Umbrella Rank: 219321	54 KB
5	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 626	103 KB
5	cdntwrk.com content.cdntwrk.com — Cisco Umbrella Rank: 205059	358 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113	181 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	137 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 319 cyberark.demdex.net	5 KB
3	ml314.com ml314.com — Cisco Umbrella Rank: 3065 in.ml314.com — Cisco Umbrella Rank: 16668	12 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	251 KB
2	google.de www.google.de — Cisco Umbrella Rank: 3974	515 B
2	google.com www.google.com — Cisco Umbrella Rank: 11 region1.analytics.google.com — Cisco Umbrella Rank: 2225	663 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 175	397 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 96	21 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 7483	6 KB
1	truste-svc.net prefmgr-cookie.truste-svc.net — Cisco Umbrella Rank: 46821	2 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 806	577 B
1	mktoresp.com 316-czp-275.mktoresp.com	318 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 2076	637 B
1	omtrdc.net cyberark.tt.omtrdc.net	842 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1990	517 B
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1759	8 KB
1	gstatic.com fonts.gstatic.com	48 KB
151	25

	Domain	Requested by
22	www.cyberark.com	www.cyberark.com content.cdntwrk.com
18	b.6sc.co	www.cyberark.com
14	consent-pref.trustarc.com	consent.trustarc.com consent-pref.trustarc.com www.cyberark.com prefmgr-cookie.truste-svc.net
10	consent.trustarc.com	www.cyberark.com consent.trustarc.com
8	cihost.uberflip.com	www.cyberark.com cihost.uberflip.com
5	assets.adobedtm.com	www.cyberark.com assets.adobedtm.com
5	content.cdntwrk.com	www.cyberark.com content.cdntwrk.com
4	fonts.googleapis.com	www.cyberark.com cihost.uberflip.com
4	cdnjs.cloudflare.com	www.cyberark.com cdnjs.cloudflare.com
3	sjrtp6.marketo.com	sjrtp6-cdn.marketo.com
3	www.googletagmanager.com	www.cyberark.com www.googletagmanager.com www.google-analytics.com
2	www.google.de	www.cyberark.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	rtp-static.marketo.com	sjrtp6-cdn.marketo.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	dpm.demdex.net	assets.adobedtm.com www.cyberark.com
2	munchkin.marketo.net	www.cyberark.com munchkin.marketo.net
2	ml314.com	www.cyberark.com ml314.com
1	prefmgr-cookie.truste-svc.net	www.cyberark.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	region1.analytics.google.com	www.googletagmanager.com
1	consent-st.trustarc.com	consent-pref.trustarc.com
1	www.google.com	www.cyberark.com
1	316-czp-275.mktoresp.com	munchkin.marketo.net
1	alb.reddit.com	www.cyberark.com
1	in.ml314.com	ml314.com
1	cyberark.tt.omtrdc.net	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	cyberark.demdex.net	assets.adobedtm.com
1	www.redditstatic.com	www.cyberark.com
1	sjrtp6-cdn.marketo.com	www.cyberark.com
1	fonts.gstatic.com	fonts.googleapis.com
151	35

This site contains links to these domains. Also see Links.

Domain
cyberark-customers.force.com
cyberark.com
labs.cyberark.com
careers.cyberark.com
www.conjur.org
docs.cyberark.com
www.facebook.com
twitter.com
www.linkedin.com
woshub.com
blogs.technet.microsoft.com
www2.fireeye.com
www.blackhat.com
lp.cyberark.com
investors.cyberark.com
www.youtube.com

Subject Issuer	Validity	Valid
cyberark.com Cloudflare Inc ECC CA-3	`2023-04-16` - `2024-04-15`	a year	crt.sh
content.cdntwrk.com Amazon RSA 2048 M02	`2023-09-24` - `2024-10-22`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.uberflip.com Amazon RSA 2048 M02	`2023-06-23` - `2024-07-20`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
ml314.com GTS CA 1D4	`2023-10-03` - `2024-01-01`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
6sc.co R3	`2023-08-19` - `2023-11-17`	3 months	crt.sh
*.marketo.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2023-04-17` - `2024-05-14`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-08-22` - `2024-09-21`	a year	crt.sh
*.ml314.com Amazon RSA 2048 M02	`2023-02-27` - `2023-12-14`	10 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.truste-svc.net Amazon RSA 2048 M01	`2023-04-23` - `2024-05-21`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Frame ID: 9395922190D5A28DFA87FB4B03312402
Requests: 129 HTTP requests in this frame

Frame: https://cyberark.demdex.net/dest5.html?d_nsid=0
Frame ID: 46DCD2DA1B181D436E8D935234AAD90F
Requests: 1 HTTP requests in this frame

Frame: https://consent.trustarc.com/get?name=crossdomain.html&domain=cyberark.com
Frame ID: 10D80D29621C3EB1D564E9D1675A8BB6
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
Frame ID: FCCBDDA7A3BB936DF32331CAFB3647F3
Requests: 18 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html
Frame ID: 306F0519A3650CAA04E0CCE17FD9C5E5
Requests: 1 HTTP requests in this frame

Frame: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
Frame ID: BAEA8FBEAB169F93792426A2027F57AF
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/cookie_inneriframe.html
Frame ID: 160F00B53D59F3476A6592AB47D9B084
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CyberArk Labs: From Safe Mode to Domain Compromise

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

Page Statistics

151
Requests

83 %
HTTPS

41 %
IPv6

25
Domains

35
Subdomains

32
IPs

5
Countries

2436 kB
Transfer

6711 kB
Size

29
Cookies

44 Outgoing links

These are links going to different origins than the main page.

URL: https://cyberark-customers.force.com/mplace/s/
Title: Marketplace

Search URL Search Domain Scan URL

URL: https://cyberark.com/partners/
Title: Partners

Search URL Search Domain Scan URL

URL: https://cyberark.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://labs.cyberark.com/
Title: CyberArk Labs

Search URL Search Domain Scan URL

URL: https://careers.cyberark.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.conjur.org/
Title: Conjur Secrets Manager Open Source

Search URL Search Domain Scan URL

URL: https://cyberark-customers.force.com/s/
Title: Technical Community

Search URL Search Domain Scan URL

URL: https://docs.cyberark.com/
Title: Product Documentation

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=CyberArk%20Labs:%20From%20Safe%20Mode%20to%20Domain%20Compromise&url=https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise&title=CyberArk%20Labs:%20From%20Safe%20Mode%20to%20Domain%20Compromise&summary=Overview%20CyberArk%20Labs%20recently%20identified%20what%20it%20believes%20to%20be%20a%20significant%20risk%20related%20to%20Windows%20Safe%20Mode,%20which%20is%20built%20into%20all%20Windows%20Operating%20Systems%20(OS)%20on%20both%20PCs%20and%20servers....
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=CyberArk%20Labs%3A%20From%20Safe%20Mode%20to%20Domain%20Compromise&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&via=CyberArk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&title=CyberArk%20Labs%3A%20From%20Safe%20Mode%20to%20Domain%20Compromise&summary=Overview%20CyberArk%20Labs%20recently%20identified%20what%20it%20believes%20to%20be%20a%20significant%20risk%20related%20to%20Windows%20Safe%20Mode%2C%20which%20is%20built%20into%20all%20Windows%20Operating%20Systems%20%28OS%29%20on%20both%20PCs%20and%20servers....
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://woshub.com/virtual-secure-mode-vsm-in-windows-10-enterprise/
Title: Virtual Secure Module

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/rhalbheer/2011/06/16/ten-immutable-laws-of-security-version-2-0/
Title: Ten Immutable Laws of Security

Search URL Search Domain Scan URL

URL: https://www2.fireeye.com/rs/fireye/images/fireeye-how-stop-spearphishing.pdf
Title: https://www2.fireeye.com/rs/fireye/images/fireeye-how-stop-spearphishing.pdf

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-15/materials/us-15-Moore-Defeating%20Pass-the-Hash-Separation-Of-Powers.pdf
Title: https://www.blackhat.com/docs/us-15/materials/us-15-Moore-Defeating%20Pass-the-Hash-Separation-Of-Powers.pdf

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.cyberark.com%2Fresources
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Check%20out%20what%27s%20happening%20at%20CyberArk%21&url=https%3A%2F%2Fwww.cyberark.com%2Fresources&via=CyberArk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.cyberark.com%2Fresources&title=English%20%E2%80%93%20CyberArk%20Software%20Inc%27s&summary=Check%20out%20what%27s%20happening%20at%20CyberArk%21
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://lp.cyberark.com/Stay-in-touch.html
Title: Tell Me How

Search URL Search Domain Scan URL

URL: https://cyberark.com/services-support/contact-support/
Title: Contact Support

Search URL Search Domain Scan URL

URL: https://cyberark.com/services-support/professional-services/training-certification/
Title: Training & Certification

Search URL Search Domain Scan URL

URL: https://cyberark.com/customer-support/
Title: Customer Support

Search URL Search Domain Scan URL

URL: https://cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-software-service/
Title: EPM SaaS Register / Login

Search URL Search Domain Scan URL

URL: https://cyberark.com/product-security/
Title: Product Security

Search URL Search Domain Scan URL

URL: https://cyberark.com/resources
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://cyberark.com/blueprint/
Title: CyberArk Blueprint

Search URL Search Domain Scan URL

URL: https://cyberark.com/discover-privileged-accounts-exist-cyberark-dna/
Title: Scan Your Network

Search URL Search Domain Scan URL

URL: https://cyberark-customers.force.com/partner/s/login/
Title: Partner Community

Search URL Search Domain Scan URL

URL: https://cyberark.com/partner-finder/
Title: Partner Finder

Search URL Search Domain Scan URL

URL: https://cyberark.com/partners/alliance-partners/
Title: Alliance Partner

Search URL Search Domain Scan URL

URL: https://investors.cyberark.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://cyberark.com/company/management-team/
Title: Management Team

Search URL Search Domain Scan URL

URL: https://cyberark.com/company/board-of-directors/
Title: Board of Directors

Search URL Search Domain Scan URL

URL: https://cyberark.com/newsroom/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://cyberark.com/company/#office-locations
Title: Office Locations

Search URL Search Domain Scan URL

URL: https://twitter.com/CyberArk

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CyberArk

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyber-ark-software

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/cyberarksoftware

Search URL Search Domain Scan URL

URL: https://cyberark.com/terms-conditions/
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://cyberark.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80

https://cm.everesttech.net/cm/dd?d_uuid=64129264355987481412656443445332569891 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZR151QAAAIBdAwN-

151 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request cyberark-labs-from-safe-mode-to-domain-compromise Show response
www.cyberark.com/resources/blog/ 275 KB
52 KB 338ms
303ms Document
text/html 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e5c37b7bd9ef53ab17e162bba0d3cb3d683e153145537d2fe4a8571e9a94ed3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 810e31106dde3617-FRA
content-encoding: gzip
content-language: en
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 14:42:28 GMT
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
referrer-policy: unsafe-url
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 lato.css
content.cdntwrk.com/css/google-fonts/ 6 KB
961 B 43ms
8ms Stylesheet
text/css 99.86.4.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/css/google-fonts/lato.css?v=075928935a99
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-7.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88b4bd1c3c8e9af6516b562e9679955ff48479ee6a5771e97ef425d1c5425e1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 06:03:51 GMT
content-encoding: gzip
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 376718
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 27 Sep 2023 16:01:48 GMT
server: AmazonS3
etag: W/"37291223d8c6a87c6435a8740e28f134"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: FVT1veBEni7UEfYmSlUWGicfWm4csVlX6RY4zCMY29iT4JPVeUMcBg==

GET
H2 200 hubs.9b5118c2a50b1bc4f84d.css
content.cdntwrk.com/css/hubs/ 262 KB
44 KB 44ms
9ms Stylesheet
text/css 99.86.4.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/css/hubs/hubs.9b5118c2a50b1bc4f84d.css
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-7.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a7eed87c459caad61192086fc502bab814a9c52619c1f60baf012b2cd2c44143

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 05:49:55 GMT
content-encoding: gzip
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 377554
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 27 Sep 2023 16:01:48 GMT
server: AmazonS3
etag: W/"5f33d988ae52e9b9f6d1b4f807a436ed"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: c_paaH3HAo9WCaNPkvDt8rklmcbqX5vbWWOEJwAE1vAPAcqmIgJpgA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 308 KB
100 KB 150ms
62ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee443682ccfe52652d0a578419f20ede35faedd10f55c4517f5298533cffe405

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 102154
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 04 Oct 2023 14:42:29 GMT

GET
H2 200 en.css
cihost.uberflip.com/cyberArk/master/build/en/ 512 KB
76 KB 142ms
8ms Stylesheet
text/css 2600:9000:20eb:6200:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6200:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eb9eccc0f2ecbdce8059415591ccaf399366e1471701e3c5876d8d0811156636

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 05:52:19 GMT
content-encoding: gzip
via: 1.1 c2a926ef1bafe1ab239d4761594a8098.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 06:39:12 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1694587147/ctime:1694587147/gid:127/gname:docker/md5:4fc47f5ffeee456db5f9fb60d7502f48/mode:33188/mtime:1694587147/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 31811
x-amz-server-side-encryption: AES256
etag: W/"4fc47f5ffeee456db5f9fb60d7502f48"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: iCc6C3DGTqnjq5EPmmAj-YfKesdg9K4ms12QCpKk3BhffCiU3j_5_Q==

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/ 46 KB
9 KB 50ms
20ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 7227218
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 8281
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-b752"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jE7KgJmBj%2B%2BDTjUTdISOOuyUvXQo4Mwmm46GVyxznwlvJnAIqdIpV24rKlIGkPw%2FkzYtHupXSb4c76dDi2EUfUaWFqhGBKj4b4n0MK33iccV2k57qYmNQGpo8Rte7W7IZ%2FFYAr4AOMLHrZgokpmlEfRo"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810e3112b8002c73-FRA
expires: Mon, 23 Sep 2024 14:42:28 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 134ms
47ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400&display=swap

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

834f991f763949d6143e42ae63133bd85f51b9c62dea1fd70d41b6a8d0ae97cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 04 Oct 2023 14:42:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 14:11:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Oct 2023 14:42:28 GMT

GET
H2 200 enlighterjs.min.css
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/ 78 KB
9 KB 23ms
22ms Stylesheet
text/css 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.css?ver=5.4.2

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Aug 2020 16:20:25 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2293900
etag: W/"5f4d2349-13634"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e31128fbb3617-FRA
expires: Thu, 03 Oct 2024 14:42:28 GMT

GET
H2 200 enlighterjs.min.js Show response
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/ 57 KB
17 KB 31ms
30ms Script
application/javascript 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.js?ver=5.4.2

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Aug 2020 16:20:25 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7611811
etag: W/"5f4d2349-e307"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e31128fbd3617-FRA
expires: Thu, 03 Oct 2024 14:42:28 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
674 B 135ms
49ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Mono&display=swap

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d99d2429e8e90014f3b5cb16a9bc0a773d0ddfb3d384c6e6b7f706236ae4848f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 04 Oct 2023 14:42:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 13:50:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Oct 2023 14:42:28 GMT

GET
H2 200 launch-e8e6adf0fe30.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/ 298 KB
88 KB 44ms
11ms Script
application/x-javascript 2a02:26f0:e600:589::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e600:589::1e80 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0d3f500b64811e681b0720672caeb681c5cd4b0a0e4f71978ddddce1a12dfb0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
last-modified: Tue, 27 Jun 2023 15:23:28 GMT
server: AkamaiNetStorage
etag: "e7e6ac9b3cbe9b1cd1f4118fdade6289:1687879408.708205"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 89689
expires: Wed, 04 Oct 2023 15:42:29 GMT

GET
H2 200 logo.svg
cihost.uberflip.com/cyberArk/OB-8671/build/assets/ 14 KB
5 KB 17ms
7ms Image
image/svg+xml 2600:9000:20eb:6200:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cihost.uberflip.com/cyberArk/OB-8671/build/assets/logo.svg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6200:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 952f35790a58d6c58cd01db0b7994f8b1e3f2d4328f8dd2ed423c01579d403c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 07:52:02 GMT
content-encoding: gzip
via: 1.1 c2a926ef1bafe1ab239d4761594a8098.cloudfront.net (CloudFront)
last-modified: Mon, 12 Dec 2022 14:33:49 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1670855619/ctime:1670855619/gid:123/gname:docker/md5:f86c6ef84b83b048b2a5521fb36ab761/mode:33188/mtime:1670855619/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 25118
x-amz-server-side-encryption: AES256
etag: W/"f86c6ef84b83b048b2a5521fb36ab761"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: iSrnpdvampRQHYjAOGAHDyjbX1ALpdn-r67fnv6JIG0w1IY_sKo37w==

GET
H2 200 WhyCA_Menu-LeftHandCallOut.png
www.cyberark.com/wp-content/uploads/2021/02/ 25 KB
26 KB 36ms
23ms Image
image/webp 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/02/WhyCA_Menu-LeftHandCallOut.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b96b944dbdb9c2afcdecae184e3bdc4717c30dc4f5d4624cfd1727461d6569fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 21199446
cf-polished: origFmt=png, origSize=39669
content-disposition: inline; filename="WhyCA_Menu-LeftHandCallOut.webp"
content-length: 25958
cf-bgj: imgq:85,h2pri
last-modified: Tue, 02 Feb 2021 20:17:47 GMT
server: cloudflare
etag: "6019b36b-9af5"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 810e3114ba093617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 Assets-Icons-Industries-Medical.png
www.cyberark.com/wp-content/uploads/2020/12/ 362 B
550 B 41ms
28ms Image
image/webp 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/12/Assets-Icons-Industries-Medical.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e6098f9e4e64f667bc006876813632d5ac79ac56e5284a95c9c821870907cad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 21199446
cf-polished: origFmt=png, origSize=997
content-disposition: inline; filename="Assets-Icons-Industries-Medical.webp"
content-length: 362
cf-bgj: imgq:85,h2pri
last-modified: Wed, 23 Dec 2020 22:10:13 GMT
server: cloudflare
etag: "5fe3c045-3e5"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 810e3114ba0a3617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 Products_Menu-LeftHandCallOut.png
www.cyberark.com/wp-content/uploads/2021/02/ 15 KB
15 KB 38ms
25ms Image
image/webp 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/02/Products_Menu-LeftHandCallOut.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08330120c6d9d4407fd599bae49187289878c557ed68e58d0e091fd5e1ac6c7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 21198830
cf-polished: origFmt=png, origSize=22261
content-disposition: inline; filename="Products_Menu-LeftHandCallOut.webp"
content-length: 15210
cf-bgj: imgq:85,h2pri
last-modified: Tue, 02 Feb 2021 20:10:12 GMT
server: cloudflare
etag: "6019b1a4-56f5"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 810e3114ba0c3617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 Privilege.svg
www.cyberark.com/wp-content/uploads//2021/02/ 3 KB
1 KB 36ms
24ms Image
image/svg+xml 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/Privilege.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b0e7a4bdf115afb8e8c5b9b671b0dc4441236f8cf56906d146b7d46a0ee14a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 20:54:15 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 21198830
etag: W/"6019bbf7-c52"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e3114ba0d3617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 Access.svg
www.cyberark.com/wp-content/uploads//2021/02/ 5 KB
2 KB 45ms
33ms Image
image/svg+xml 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/Access.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8e7fd76994e9fe7f19af8a2234efc259debc6e67de4ae8bf2f0e7471132bd02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:31:38 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1799583
etag: W/"6019c4ba-12ba"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e3114ba0e3617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 DevSecOps.svg
www.cyberark.com/wp-content/uploads//2021/02/ 6 KB
2 KB 34ms
22ms Image
image/svg+xml 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/DevSecOps.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b7152c2708e116677591b018f23ed2910c747e932f8985b704f1884d807990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:31:31 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 21198830
etag: W/"6019c4b3-185c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e3114ba113617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 finance.svg
www.cyberark.com/wp-content/uploads//2021/02/ 7 KB
3 KB 47ms
35ms Image
image/svg+xml 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/finance.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

234f5e6b36c41a209c87e64949d11927b6360603b94ce3511c53df5bac0f4c26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:33:34 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 21198830
etag: W/"6019c52e-1a41"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e3114ba123617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 insurance.svg
www.cyberark.com/wp-content/uploads//2021/02/ 3 KB
1 KB 44ms
32ms Image
image/svg+xml 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/insurance.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e70999bd0ed2afbb2967ca63898c752fc3e66ba8a86a4ac341723be85bb7319

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:34:37 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 21198830
etag: W/"6019c56d-c9f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e3114ba143617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 healthcare.svg
www.cyberark.com/wp-content/uploads//2021/02/ 4 KB
2 KB 38ms
26ms Image
image/svg+xml 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/healthcare.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a654dbffdb656aacce15df139a6d2701ccae809fe7baab1ec042714bb6336eb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:34:01 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 13938042
etag: W/"6019c549-10bb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e3114ba153617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 government.svg
www.cyberark.com/wp-content/uploads//2021/02/ 2 KB
1016 B 45ms
33ms Image
image/svg+xml 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/government.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

634358d77171f485bb1738fce1bf1e715e2cd0a94b2c4f3d5c6dafccd0d1031a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:34:22 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 9541275
etag: W/"6019c55e-881"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e3114ba163617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 Nav-Image-ServicesSupport-e1609108892195.png
www.cyberark.com/wp-content/uploads/2020/12/ 21 KB
24 KB 40ms
29ms Image
image/webp 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/12/Nav-Image-ServicesSupport-e1609108892195.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ba3a74eb74823f80c522391734fdeafebfbd2f284167568ad17e7d44b1618e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 13860964
cf-polished: origFmt=png, origSize=36292
content-disposition: inline; filename="Nav-Image-ServicesSupport-e1609108892195.webp"
content-length: 21460
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Sun, 27 Dec 2020 22:41:32 GMT
server: cloudflare
etag: "5fe90d9c-8dc4"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 810e3114ba203617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 TryBuy_Menu-LeftHandCallOut.png
www.cyberark.com/wp-content/uploads/2021/02/ 26 KB
26 KB 47ms
35ms Image
image/webp 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/02/TryBuy_Menu-LeftHandCallOut.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8aab45b2e3226eb83ceed37f3f622529d0a6ca0a82d8dd9a4d1fb8e46ba84f83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 21198830
cf-polished: origFmt=png, origSize=39090
content-disposition: inline; filename="TryBuy_Menu-LeftHandCallOut.webp"
content-length: 26540
cf-bgj: imgq:85,h2pri
last-modified: Tue, 02 Feb 2021 20:19:11 GMT
server: cloudflare
etag: "6019b3bf-98b2"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 810e3114ba213617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 Icons-Globe@2x.png
www.cyberark.com/wp-content/uploads/2020/12/ 456 B
4 KB 42ms
31ms Image
image/webp 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/12/Icons-Globe@2x.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45aca110620ac12009925cac1e38aa4e71426a2b83ee7f356010069b45539d56

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 11914523
cf-polished: origFmt=png, origSize=1147
content-disposition: inline; filename="Icons-Globe@2x.webp"
content-length: 456
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Wed, 30 Dec 2020 23:04:11 GMT
server: cloudflare
etag: "5fed076b-47b"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 810e3114ba243617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H3 200 ajax-loader-white-2x.gif
content.cdntwrk.com/img/hubs/ 1 KB
0 27ms
19ms Image
image/gif 99.86.4.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/ajax-loader-white-2x.gif?v=19a554b579c4
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 99.86.4.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-7.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 02:37:19 GMT
via: 1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
age: 389111
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 2707
last-modified: Wed, 27 Sep 2023 16:01:56 GMT
server: AmazonS3
etag: "5217392f882b27d35ec2e72946f2df7e"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: mscUiDaXTB_j-1AEqX79VeBJj-hZgeTYwRjmaI6g7r_sTdVCylbF4g==

GET
H3 200 chevron-down-64x64.png
content.cdntwrk.com/img/hubs/ 760 B
1 KB 23ms
15ms Image
image/png 99.86.4.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/chevron-down-64x64.png?v=78668873251b
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 99.86.4.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-7.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:46:44 GMT
via: 1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
age: 424546
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 760
last-modified: Wed, 27 Sep 2023 16:01:56 GMT
server: AmazonS3
etag: "26818bdf0706c780af4a52b44ea17fdc"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: pfzul3eEmPq8cHNVtJ883KsCMuvpte7gSHW2AXl_nKW6RXpqDzgvPQ==

GET
H2 200 photodune-728059-computer-on-a-table-l-e1474036476318.jpg
www.cyberark.com/wp-content/uploads/2016/09/ 164 KB
167 KB 257ms
247ms Image
image/webp 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2016/09/photodune-728059-computer-on-a-table-l-e1474036476318.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdd1478536d5677a187876111ef8dabacc3c0c0df323e6bb18aebf1929847a08

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com .ceros.com ceros.com .transistor.fm transistor.fm segreencolumn.com .segreencolumn.com cnv.event.prod.bidr.io simpli.fi .simpli.fi data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-polished: qual=85, origFmt=jpeg, origSize=314825
content-disposition: inline; filename="photodune-728059-computer-on-a-table-l-e1474036476318.webp"
content-length: 167832
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Sat, 07 Sep 2019 00:02:15 GMT
server: cloudflare
etag: "5d72f387-4cdc9"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 810e3114ba263617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET mediaproxy
content.cdntwrk.com/ 0
0

GET
H2 200 email-decode.min.js Show response
www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
814 B 9ms
9ms Script
application/javascript 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Fri, 29 Sep 2023 17:15:01 GMT
server: cloudflare
content-encoding: gzip
etag: W/"65170615-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 810e311358983617-FRA
expires: Fri, 06 Oct 2023 14:42:29 GMT

GET
H2 200 hubs_app.9b5118c2a50b1bc4f84d.js Show response
content.cdntwrk.com/js/hubs/ 1 MB
311 KB 8ms
7ms Script
application/javascript 99.86.4.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/js/hubs/hubs_app.9b5118c2a50b1bc4f84d.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-7.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e8f193afecddf4c5c687dbc31d9f4a7670063f213479b28945449ebd8644072a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 05:11:37 GMT
content-encoding: gzip
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 293452
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 27 Sep 2023 16:01:58 GMT
server: AmazonS3
etag: W/"7dc8e27200ef7918b8b5214e22446522"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: 8Sx_woQ_G1trEKMWRMi6y_I26z9Tai4WYRfBnRkt2cOjY4dCF9y9Fg==

GET
H2 200 en.bundle.js Show response
cihost.uberflip.com/cyberArk/master/build/en/ 296 KB
86 KB 9ms
8ms Script
text/javascript 2600:9000:20eb:6200:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.bundle.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6200:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 946706d3e681bdc8fd4ce0c4466cae27cb1ffa59cf02bb000a04d4a6bf5dca0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 05:52:20 GMT
content-encoding: gzip
via: 1.1 c2a926ef1bafe1ab239d4761594a8098.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 06:39:12 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1694587147/ctime:1694587147/gid:127/gname:docker/md5:11a399c3e3f0f3caa097792a5f069ffc/mode:33188/mtime:1694587147/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 31810
x-amz-server-side-encryption: AES256
etag: W/"11a399c3e3f0f3caa097792a5f069ffc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: _s77PDk2YHDVUNKN-DubfnhsIRTZNLu-Khy6VdY-3BhGXi4WzcNERw==

GET
H3 200 sha256.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/ 9 KB
4 KB 51ms
39ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/sha256.min.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1804299
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2977
last-modified: Mon, 04 May 2020 16:11:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec6-2339"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V8a7cjtnPWLdU%2F7i60ItgfWcJuelEta1e1CuQZCWJZSXzEWviH6tb%2BY4ulkuz04W%2Bc6J8%2BdojPtQiit8DLMU%2BD%2FPkAkcELlaN6eKzPbcDGBTFuZLQR4KRgoQUpc3FwTwvNB%2B8UDKFLVXZOG5i7dYnaAQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810e3113ef119bf8-FRA
expires: Mon, 23 Sep 2024 14:42:29 GMT

GET
H2 200 External.svg
cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/images/ 2 KB
1 KB 16ms
10ms Image
image/svg+xml 2600:9000:20eb:6200:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/images/External.svg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6200:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 49bdaf43b043fdd5e79f321a889502b341e83fb3d71caa9ec286369bcb205373

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 04:15:22 GMT
content-encoding: gzip
via: 1.1 c2a926ef1bafe1ab239d4761594a8098.cloudfront.net (CloudFront)
last-modified: Fri, 29 Jan 2021 17:35:02 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1611941654/ctime:1611941654/gid:117/gname:docker/md5:cd7c2cec63b67d7f1108cb091b478569/mode:33188/mtime:1611941654/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 38338
etag: W/"cd7c2cec63b67d7f1108cb091b478569"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: dxas5MVoTBOfN5aj3Ys71RFJgr6LiR9xbEX5MhrFt1iJBbWQzEResg==

GET
H2 200 External-darkblue.svg
cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/images/ 952 B
1 KB 15ms
10ms Image
image/svg+xml 2600:9000:20eb:6200:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/images/External-darkblue.svg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6200:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1f150486021d4182821249f13273a7a87862756e2b021e3d19121aaae6a2e09d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 22:25:15 GMT
via: 1.1 c2a926ef1bafe1ab239d4761594a8098.cloudfront.net (CloudFront)
last-modified: Fri, 29 Jan 2021 20:02:50 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1611950517/ctime:1611950517/gid:117/gname:docker/md5:98bf2668c3bae975ce6b211e1acc322f/mode:33188/mtime:1611950517/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 58635
etag: "98bf2668c3bae975ce6b211e1acc322f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 952
x-amz-cf-id: H0WFbo1A9RZ5b0927e6WdbmluvnMSqHPhC4Xn1Z4xqozM7pAY2l7Ug==

GET
H2 200 cyberark-logo-dark.svg
www.cyberark.com/wp-content/uploads/2021/01/ 4 KB
2 KB 46ms
40ms Image
image/svg+xml 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/01/cyberark-logo-dark.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67e2f25233ffe02ea0a70301e7440e6371d8943ca3f759b1d128b590e7e9419b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 25 Jun 2021 13:14:28 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 21199440
etag: W/"60d5d6b4-f6a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 810e3114ba273617-FRA
expires: Thu, 03 Oct 2024 14:42:29 GMT

GET
H2 200 css
fonts.googleapis.com/ 14 KB
946 B 49ms
47ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap

Requested by

Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e9686aeea0055ab0c2b1f0eba66dec9b6dd487b4ec34b0fc9106edc7cd3a52cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 13:54:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Oct 2023 14:42:29 GMT

GET
H2 200 css2
fonts.googleapis.com/ 667 KB
178 KB 50ms
50ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@100;300;400;500;700;900&display=swap

Requested by

Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

202956cc224ba9381b6a1167408b11dab6198fe87f3a3ed967324f4154aa30c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 14:21:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Oct 2023 14:42:29 GMT

GET
H2 200 ajax_ping Show response
www.cyberark.com/resources/hubsFront/ 49 B
320 B 161ms
161ms XHR
application/json 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_ping

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.9b5118c2a50b1bc4f84d.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/
referrer-policy: unsafe-url
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-frame-options: DENY
content-type: application/json
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-language: en
cf-ray: 810e3115cb4e3617-FRA
x-xss-protection: 1; mode=block

GET
H2 200 stats_temp_item_609326175x997390057b7ed96cceeeecbc073ebed96a9072fd80c18a3b14b684ae4250bd341696430548236a6c2fda5ba95791829b3ad434d7486e67b6633959455d88f08a0fe486bae9
www.cyberark.com/resources/hubsFront/signalMetricsTemp/ 0
161 B 166ms
165ms Image
text/html 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/resources/hubsFront/signalMetricsTemp/stats_temp_item_609326175x997390057b7ed96cceeeecbc073ebed96a9072fd80c18a3b14b684ae4250bd341696430548236a6c2fda5ba95791829b3ad434d7486e67b6633959455d88f08a0fe486bae9?t=1696430549430

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/
referrer-policy: unsafe-url
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-frame-options: DENY
content-type: text/html; charset=UTF-8
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-language: en
cf-ray: 810e3115fb6d3617-FRA
x-xss-protection: 1; mode=block

GET
H2 200 tag.aspx Show response
ml314.com/ 31 KB
11 KB 283ms
15ms Script
application/javascript 34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?49
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:50:38 GMT
content-encoding: br
age: 3111
x-guploader-uploadid: ADPycduikXn-RPJ7DHPU4tby7XYdQWjxjm9DiHZ1VMAv_DtMSN75voFZuQfful-ula8pQI3wiJhfV5TGUmP_9mNlqYCvpQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10526
last-modified: Mon, 10 Apr 2023 17:13:24 GMT
server: UploadServer
etag: W/"b0965f051977c0dd95ffe2c736cac352"
vary: Accept-Encoding
x-goog-generation: 1681146804366265
x-goog-hash: crc32c=wVdAwA==, md5=sJZfBRl3wN2V/+LHNsrDUg==
content-type: application/javascript
cache-id: AMS-5232d789
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 32213
accept-ranges: none

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 307ms
40ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:42:29 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET sprite-1x.png
content.cdntwrk.com/img/hubs/ 0
0

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: image/gif

GET uparrow.png
content.cdntwrk.com/img/hubs/ 0
0

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ 47 KB
48 KB 250ms
38ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 18:17:53 GMT
x-content-type-options: nosniff
age: 505476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48432
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Sep 2024 18:17:53 GMT

GET
H2 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/ 61 KB
61 KB 35ms
33ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62738b62849a46842f34013b8528886f10c8d0e1c9aec47d636e05d631e2f60e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5004416
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 62472
last-modified: Thu, 22 Jun 2023 11:02:19 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942a3b-f408"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIWCJMokG1j98H3bED%2F6L6ClHDi1jcAL%2BnzKeGvQkCGxKfXIeeqRlRRdEW29pTJdhOT5FfR1t546%2BFhgFAPdhd91bRs%2BmpTBLv97MUsHhWSw6NHQMG4rz5lsFp4CtOavKHEFoyPLWPuL0iGLrXqtIsQ1"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810e31166b702c73-FRA
expires: Mon, 23 Sep 2024 14:42:29 GMT

GET
H2 200 372722_2_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
26 KB 26ms
9ms Font
binary/octet-stream 2600:9000:20eb:6200:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_2_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6200:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f

Request headers

Referer: https://www.cyberark.com/
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 06:01:41 GMT
via: 1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 31307
x-cache: Hit from cloudfront
content-length: 26033
last-modified: Wed, 27 May 2020 16:17:01 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:83914a011477cb60998949144e2ac5aa/mode:33188/mtime:1590596208/uid:1001/uname:runner
etag: "83914a011477cb60998949144e2ac5aa"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: fPghn1H5jnEmx6HDWbMiyZh_K6V2b1Q4G7bazXcwZiQib5PJaFmgbA==

GET
H2 200 372722_4_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
25 KB 27ms
10ms Font
binary/octet-stream 2600:9000:20eb:6200:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_4_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6200:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4

Request headers

Referer: https://www.cyberark.com/
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 06:27:58 GMT
via: 1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 31307
x-cache: Hit from cloudfront
content-length: 25237
last-modified: Wed, 27 May 2020 16:17:01 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:da77e86db861301f9320c467d834e649/mode:33188/mtime:1590596208/uid:1001/uname:runner
etag: "da77e86db861301f9320c467d834e649"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: -lIWpCrCw9w_erpwUS954qbD7H79CbN9LCYN1AqXf7FFwL2sD66aeA==

GET
H2 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/ 63 KB
63 KB 19ms
18ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5567c5a47f8bbd27707bd2cffdb1679c292a07ccf09a8578e1b9eba7ab481cf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 9827917
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 64144
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-fa90"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tin1ISyIcruSz88tz8jLMCwamk7rtrYJLWZ4r2UrOR8ya8yJ28%2FSfR%2FVVds8y5uGSTKWQ1KuS6JVhEHT%2FiHDAW5bpkhGDo9DuQMIfL9dLRATS2KWNlYoWgFRgGF0fbo7cm3c%2B9Zr7uWGGiB1Hu5HO5Pf"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810e31166b742c73-FRA
expires: Mon, 23 Sep 2024 14:42:29 GMT

GET
H2 200 fontawesome-webfont.woff2
cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/fonts/ 75 KB
76 KB 26ms
11ms Font
binary/octet-stream 2600:9000:20eb:6200:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6200:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 07:39:45 GMT
via: 1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 31307
x-cache: Hit from cloudfront
content-length: 77160
last-modified: Wed, 27 Jan 2021 17:56:57 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1611770160/ctime:1611770160/gid:117/gname:docker/md5:af7ae505a9eed503f8b8e6982036873e/mode:33188/mtime:1611770160/uid:1001/uname:runner
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: JUvBygEdm8zzyan1nIQ7ovaH8tX8plu3KUYjz_sxemXoMmMeqpKb3A==

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 367 B
1 KB 192ms
32ms XHR
application/json 63.33.121.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=9AB97041603F3EDB0A495C66%40AdobeOrg&d_nsid=0&ts=1696430549583

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.33.121.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-121-220.eu-west-1.compute.amazonaws.com

Software

Resource Hash

80522fe911e2671f9e4eca6ad0e9f15298bce73eed0a9124fb47e15c5c1eb933

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v051-061ca5b1f.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: sLtpUp+BThQ=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.cyberark.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 310
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 34 KB
12 KB 12ms
12ms Script
application/x-javascript 2a02:26f0:e600:589::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e600:589::1e80 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12384
expires: Wed, 04 Oct 2023 15:42:29 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 3 KB
2 KB 13ms
13ms Script
application/x-javascript 2a02:26f0:e600:589::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e600:589::1e80 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
last-modified: Thu, 22 Sep 2022 16:16:49 GMT
server: AkamaiNetStorage
etag: "b89fcb8870ac40eecb6d3cc844d35389:1663863409.92483"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1598
expires: Wed, 04 Oct 2023 15:42:29 GMT

GET
H2 200 d24194f2-6101-4c07-b071-d2eb5d40f5e6.js Show response
j.6sc.co/j/ 854 B
1 KB 198ms
150ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/d24194f2-6101-4c07-b071-d2eb5d40f5e6.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b06ee181a056d674f14dc07a3cf5eaf2b4f85aa65def46ee9c33cffda18573bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-version-id: E_7p8DmUGF.SFGebCI0B6mb0uV3e3zDK
date: Wed, 04 Oct 2023 14:42:30 GMT
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 854
pragma: no-cache
last-modified: Thu, 07 Sep 2023 14:27:11 GMT
server: AmazonS3
etag: "b87bd20cfa5f7954aff6c87638984d17"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: we96ZbIb4PSJYWlch1JIgF8_YlR0fCUXuv1EYzz-hUIcK7XLPLZbwA==
expires: Wed, 04 Oct 2023 14:42:30 GMT

GET
H/1.1 200
OK rtp.js Show response
sjrtp6-cdn.marketo.com/rtp-api/v1/ 152 KB
42 KB 176ms
30ms Script
application/x-javascript 23.56.202.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.56.202.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-56-202-193.deploy.static.akamaitechnologies.com

Software

Jetty(9.4.45.v20220203) /

Resource Hash

aa65b2577c91e2a417e095cd4f53f3c6990e7d6fd7d4bc8088467b187f0a9bfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63113904
Content-Encoding: gzip
Date: Wed, 04 Oct 2023 14:42:30 GMT
Last-Modified: Wed, 20 Sep 2023 01:29:16 GMT
Server: Jetty(9.4.45.v20220203)
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: public, max-age=7
Connection: keep-alive
Content-Length: 42537

GET
H2 200 notice Show response
consent.trustarc.com/ 14 KB
6 KB 90ms
41ms Script
text/javascript 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

2cb894c9a3c85cc36f5e94beb7d5274aba5e4892f30f8b47bbbdf28921ffc7f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
cloudfront-viewer-country: DE
content-length: 5298
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: max-age=3600
cloudfront-viewer-country-region: HE
timing-allow-origin: *
x-amz-cf-id: WPWS1r_fjCoXotIu1cqYv3bftPxz2sKTomXmz2lDo6R8JS5gezDXVw==
expires: Wed, 04 Oct 2023 15:42:29 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 55ms
8ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 RCaadfaa88901e4f0e8cbb8050b0941051-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/683ce5bff559/ 538 B
585 B 30ms
30ms Script
application/x-javascript 2a02:26f0:e600:589::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/683ce5bff559/RCaadfaa88901e4f0e8cbb8050b0941051-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e600:589::1e80 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b9a5505379d682b4a03c5e80c0a6d599f3508b704a7bea679d2322359d799fea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: gzip
last-modified: Tue, 27 Jun 2023 15:23:30 GMT
server: AkamaiNetStorage
etag: "8216c5da83100bc83d9c81ccc827a844:1687879410.354412"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 328
expires: Wed, 04 Oct 2023 15:42:29 GMT

GET
H/1.1 200
OK dest5.html Show response
cyberark.demdex.net/ Frame 46DC 7 KB
3 KB 142ms
35ms Document
text/html 34.252.33.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cyberark.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.252.33.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-33-233.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v051-0d4a6bda6.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 21giEg/YQYo=
content-encoding: gzip
date: Wed, 4 Oct 2023 14:42:29 GMT
last-modified: Mon, 2 Oct 2023 10:01:39 GMT
vary: accept-encoding

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZR151QAAAIBdAwN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=64129264355987481412656443445332569891
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZR151QAAAIBdAwN-

42 B
942 B

40ms
39ms

Image
image/gif

63.33.121.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZR151QAAAIBdAwN-

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

HTTP/1.1

Server

63.33.121.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-33-121-220.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v051-03c530c41.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: lY7cPQDESRk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZR151QAAAIBdAwN-
Date: Wed, 04 Oct 2023 14:42:29 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
cyberark.tt.omtrdc.net/rest/v1/ 351 B
842 B 150ms
41ms XHR
application/json 66.235.152.107
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://cyberark.tt.omtrdc.net/rest/v1/delivery?client=cyberark&sessionId=c36ce2aa9c6a4c3484b4042560875e0f&version=2.10.2

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.107 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-66-235-152-107.data.adobedc.net

Software

jag /

Resource Hash

6b75ffd94f51446bfd6ba98a1c1666f783c433e22ba8f7f298bf80afada270fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: df550d56-175d-4f7c-9188-135a2ed6d708

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 134ms
38ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:44:21 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3489
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 04 Oct 2023 15:44:21 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
66 KB 51ms
50ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9920016

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

566f92087c12bf4a58e930a3b66ccd9ac7a1c3cefa1aa21059282fff0ab90bd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67336
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 04 Oct 2023 14:42:29 GMT

GET
H2 200 utsync.ashx Show response
ml314.com/ 62 B
309 B 41ms
39ms Script
application/javascript 34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=52079&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&pv=1696430549952_mesm9rdax&bl=en-us&cb=3965370&return=&ht=&d=&dc=&si=1696430549952_mesm9rdax&cid=production%7C%7C108540%7C%7C6824667%7C%7C609326175&s=1600x1200&rp=&v=2.5.3.49
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?49
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:29 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/javascript; charset=utf-8
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62
expires: 0

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 20 B
482 B 486ms
161ms Script
application/javascript 52.23.135.254
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=492023&v=2.5.3.49
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?49
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.23.135.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-135-254.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:42:30 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public
Connection: keep-alive
Content-Length: 138
Expires: Thu, 05 Oct 2023 14:42:30 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 15ms
14ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:42:29 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Fri, 12 Jan 2024 14:42:29 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 52ms
10ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1696430549975&id=t2_o2i62ves&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=741a0c3c-3ed1-490b-9cfe-2c3d695a59bf&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 v1.7-519 Show response
consent.trustarc.com/asset/notice.js/v/ 88 KB
26 KB 41ms
10ms Script
text/javascript 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-519

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

d33b3fb5c49abe228c616d446a52af74fe2f4aaffc222ab83bbb98647d1ed6c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:24:00 GMT
content-encoding: gzip
via: 1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 1110
x-cache: Hit from cloudfront
pragma: public
last-modified: Thu, 28 Sep 2023 06:04:29 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: mZiAuXc4PbHGAYwdi29vyUixddvTwO_1gMvK319uwA6ISnj2JvQq0A==
expires: Fri, 03 Nov 2023 14:24:00 GMT

GET
H2 200 get Show response
consent.trustarc.com/ Frame 10D8 2 KB
1 KB 11ms
10ms Document
text/html 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=crossdomain.html&domain=cyberark.com

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

093d12d8b3568fe7d205eab6a5ceb766772d6018aebe44d3e16f9e85fb7ab68e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2650
cache-control: max-age=2592000
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Wed, 04 Oct 2023 13:58:19 GMT
expires: Fri, 03 Nov 2023 13:58:19 GMT
pragma: public
strict-transport-security: max-age=31536000; includeSubDomains
timing-allow-origin: *
vary: Origin
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
x-amz-cf-id: Eeg6UIPaUtELQGWK8o-2qfTo1drA2YXwLqA5J9l8y29YQAdKl49sxQ==
x-amz-cf-pop: FRA2-C2
x-cache: Hit from cloudfront

GET
H2 200 log
consent.trustarc.com/ 43 B
428 B 46ms
44ms Image
image/gif 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/log?domain=cyberark.com&country=de&state=&behavior=expressed&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW&c=2d06&referer=https://www.cyberark.com

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: sJwMeWVXMH0DwyCuBHhKpS3l3MlWKRe4nthznMRqG8oyjJX51Rx9-A==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 RC215bf8f3db2048f5a863a53bd773832d-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/683ce5bff559/ 429 B
534 B 18ms
14ms Script
application/x-javascript 2a02:26f0:e600:589::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/683ce5bff559/RC215bf8f3db2048f5a863a53bd773832d-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e600:589::1e80 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 2beff6d8fd1ef61bccc96b015a4840d6d9f116e13e6462e785de45aca4561c5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
content-encoding: gzip
last-modified: Tue, 27 Jun 2023 15:23:30 GMT
server: AkamaiNetStorage
etag: "8216c5da83100bc83d9c81ccc827a844:1687879410.354412"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 277
expires: Wed, 04 Oct 2023 15:42:30 GMT

POST
H/1.1 200
OK visitWebPage
316-czp-275.mktoresp.com/webevents/ 2 B
318 B 1374ms
220ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://316-czp-275.mktoresp.com/webevents/visitWebPage?_mchNc=1696430550076&_mchCn=&_mchId=316-CZP-275&_mchTk=_mch-cyberark.com-1696430550075-52895&_mchHo=www.cyberark.com&_mchPo=&_mchRu=%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&_mchPc=https%3A&_mchVr=163&_mchEcid=9AB97041603F3EDB0A495C66%40AdobeOrg%3A6%3A59118183468943027843325944429904181390&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:42:31 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 12d96ac9-9295-4f0a-a5b3-07131f4d5cfb

GET
H2 200 6si.min.js Show response
j.6sc.co/ 51 KB
15 KB 233ms
232ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/d24194f2-6101-4c07-b071-d2eb5d40f5e6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Aug 2023 22:29:49 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64e7d9dd-cc38"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14993
expires: Wed, 04 Oct 2023 14:42:30 GMT

GET
H/1.1 200
OK jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/ 22 KB
4 KB 45ms
9ms Stylesheet
text/css 23.56.202.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-193.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:42:30 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Nov 2017 08:57:42 GMT
Server: AkamaiNetStorage
ETag: "7f5b0bee9b1f7af8413b351cbceca223:1510045062"
Vary: Accept-Encoding
Access-Control-Max-Age: 86400
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 3752

GET
H/1.1 200
OK trw Show response
sjrtp6.marketo.com/gw1/ 214 B
651 B 1116ms
161ms Script
application/x-javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/trw?aid=cyberarksoftware&trwv.uid=cyberarksoftware-1696430550173-e3f26afd&trwv.vc=1&trwsa.sid=cyberarksoftware-1696430550175-edf5b89f&trwsb.cpv=1&ctzo=+02:00&uri=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1696430550075-52895&pm=&viewedTypes=&rts=1696430550179

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

5e4619c1692dea318831af3a9b9b884596a2c71848f162ced1e44aef1994a08f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:42:31 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 214
Content-Type: application/x-javascript;charset=utf-8

GET
H/1.1 200
OK ga-integration-2.0.5.js Show response
rtp-static.marketo.com/rtp/libs/ 18 KB
6 KB 41ms
10ms Script
application/x-javascript 23.56.202.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-193.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:42:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Jun 2023 08:00:53 GMT
Server: AkamaiNetStorage
ETag: "18a7b0f60655900c0010a35d07b9da0f:1686816053.163727"
Vary: Accept-Encoding
Access-Control-Max-Age: 86400
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 5654

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
222 B 46ms
45ms XHR
text/plain 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=537558201&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&ul=en-us&de=UTF-8&dt=CyberArk%20Labs%3A%20From%20Safe%20Mode%20to%20Domain%20Compromise&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABAAAAACAEK~&jid=1919117893&gjid=724127678&cid=1683449643.1696430550&tid=UA-44168172-9&_gid=417600146.1696430550&_slc=1&gtm=45He3a20n715SFWTH&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&cd7=&z=87220210

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5cbd2c4ce1325baae0fa325bdd95a25a925b094d7e88fc6fcebb834a6906c5b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
350 B 55ms
18ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-44168172-9&cid=1683449643.1696430550&jid=1919117893&gjid=724127678&_gid=417600146.1696430550&_u=YGBAgEABAAAAAGAEK~&z=382671519

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 04 Oct 2023 14:42:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
consent-pref.trustarc.com/ Frame FCCB 5 KB
3 KB 86ms
43ms Document
text/html 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-519

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

4f683ac6bb92b36a1e2a103464835ad2b373d95a26bf14fd9038723c437773ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 14:42:30 GMT
etag: W/"5071-1695031818000"
expect-ct: max-age=86400; enforce;
last-modified: Mon, 18 Sep 2023 10:10:18 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-amz-cf-id: 49MB0nd8xsI_72skRq70VtJSx4MBDXX-7M46BHV95JNncAkLGA-FFA==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H2 200 noticemsg
consent.trustarc.com/ 43 B
427 B 41ms
41ms Image
image/gif 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/noticemsg?action=consent&domain=cyberark.com&behavior=expressed&country=de&language=en&rand=0.34825929079697393&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW&referer=https://www.cyberark.com

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: t7dwYAUbuqyTyY_IcZ5ARuynNiaB2wxhszwNgC5YtDfYvQdY5aBsgw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 259 KB
85 KB 59ms
59ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XTLTD7RKN5&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

58c0e3c856dfcf246a73ebf0289c24c07456d7c1efe4f5d1d4ea30e44a82bbd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87133
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 04 Oct 2023 14:42:30 GMT

GET
H/1.1 200
OK msg Show response
sjrtp6.marketo.com/gw1/ 0
426 B 1028ms
161ms Script
text/javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/msg?a=2&sid=cyberarksoftware-1696430550175-edf5b89f&aid=cyberarksoftware&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1696430550075-52895&viewedTypes=&0.6696241769303357&rts=1696430550262

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:42:31 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 161ms
75ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-44168172-9&cid=1683449643.1696430550&jid=1919117893&_u=YGBAgEABAAAAAGAEK~&z=1623213498

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 152ms
73ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-44168172-9&cid=1683449643.1696430550&jid=1919117893&_u=YGBAgEABAAAAAGAEK~&z=1623213498

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 defaultpreferencemanager.nocache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame FCCB 5 KB
3 KB 33ms
33ms Script
application/javascript 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

40f09d05b7d03a8040b0b4240f6ced1afd750683ae7fe0a692d541fb2dd835b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
content-encoding: gzip
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 18 Sep 2023 10:10:38 GMT
server: nginx
etag: W/"4867-1695031838000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: no-cache
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: iJv0Y_XbYBRC9jCHeaezqxxxQR6Hbyg2y0Z265C7HhUa4dfEu38faA==
expires: Wed, 04 Oct 2023 14:42:29 GMT

GET
H2 200 get Show response
consent-st.trustarc.com/ Frame FCCB 20 KB
5 KB 56ms
7ms Script
text/javascript 143.204.98.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-st.trustarc.com/get?name=combined_static_cm_minified.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.83 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-83.fra50.r.cloudfront.net

Software

Resource Hash

f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: public
date: Fri, 15 Sep 2023 16:39:18 GMT
content-encoding: gzip
via: 1.1 6b8ac2d6d64dc42007741d312e2d73aa.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA50-C1
age: 1634592
vary: Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: a5g4TkfqNkyUSb6Ox586l5gwSp4RT-boeogMM31k9YTPkaLQFSRNyA==
expires: Sun, 15 Oct 2023 16:39:18 GMT

GET
H2 200 loading.gif
consent-pref.trustarc.com/images/ Frame FCCB 3 KB
3 KB 9ms
7ms Image
image/gif 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/loading.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:55 GMT
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 3516
x-cache: Hit from cloudfront
content-length: 2608
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 18 Sep 2023 10:10:18 GMT
server: nginx
etag: W/"2608-1695031818000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/gif
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
accept-ranges: bytes
x-amz-cf-id: 7ID5erwAu__3ZNP_3750wBE-9PC1zzZuQiWKoXOdbQFphxwtZfY2yw==

GET
H2 200 ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 306F 140 KB
46 KB 9ms
9ms Document
text/html 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

9b1471306bec32a8588367dfcec1cb87510c3d43f61fe6d55affd35e4327cfae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 550999
cache-control: max-age=315360000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 28 Sep 2023 05:39:11 GMT
etag: W/"143537-1695031838000"
expect-ct: max-age=86400; enforce;
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 18 Sep 2023 10:10:38 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-amz-cf-id: 8-I2UKLZfvbYm54o_69wuHKdvTorJXBKiB52ic6TgYNh8rtHKFZpDw==
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame FCCB 1 KB
1 KB 36ms
35ms XHR
application/json 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

365c4e4e15bb05abb8135ba921b7ff58c93459e1b8eda9e1835c13ba7ecec1b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: ECBA64D47D8974536D1F2E1AEA5E9A54
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
content-encoding: gzip
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 481
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: lH7qJ2dhBPSxipsrjw7onQ9iIc1_cvgSYfTe0J3sQR-aSYSCAjjq5A==

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame FCCB 48 B
623 B 34ms
33ms XHR
application/json 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

db88be26e2424f2ee69686a8b06a07cc54d043e5382568147dc3a089e83079b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: ECBA64D47D8974536D1F2E1AEA5E9A54
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 48
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: lx39PXu32SXCvb5l4gGP8Ij1bFG7YXP6ax4zBbRe4kbDWhW2ETNI2Q==

POST
H2 204 collect
region1.analytics.google.com/g/ 0
255 B 50ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-XTLTD7RKN5&_ono=1&gtm=45je3a20&_p=537558201&_gaz=1&ul=en-us&sr=1600x1200&cid=1683449643.1696430550&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&dt=CyberArk%20Labs%3A%20From%20Safe%20Mode%20to%20Domain%20Compromise&sid=1696430550&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XTLTD7RKN5&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 20ms
18ms Ping
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-XTLTD7RKN5&cid=1683449643.1696430550&gtm=45je3a20&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XTLTD7RKN5&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 73ms
73ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-XTLTD7RKN5&cid=1683449643.1696430550&gtm=45je3a20&aip=1&z=686480297

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 EuPreferenceManager.css
consent-pref.trustarc.com/ Frame FCCB 30 KB
7 KB 8ms
8ms Stylesheet
text/css 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/EuPreferenceManager.css

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

7507cbea1fef1e42197e3cf74a0863a0a30a529ddc8f5e44e08659f1443b7fa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:25:31 GMT
content-encoding: gzip
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 1024
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 18 Sep 2023 10:10:18 GMT
server: nginx
etag: W/"30605-1695031818000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: no-cache
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: lCzTWpxuh8kK_gD0W5f_7Oa63yBrJdAqgN9SlnjefQRAw2mD9NArZQ==
expires: Wed, 04 Oct 2023 14:25:25 GMT

GET
H2 200 11.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/ECBA64D47D8974536D1F2E1AEA5E9A54/ Frame FCCB 266 KB
90 KB 8ms
8ms XHR
application/javascript 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/ECBA64D47D8974536D1F2E1AEA5E9A54/11.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

aeacb3d9f96bc83811b33a0e3adbdfb79b3caefc2ef1038d36ae375d68384a81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 05:39:23 GMT
content-encoding: gzip
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 550987
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 18 Sep 2023 10:10:38 GMT
server: nginx
etag: W/"272194-1695031838000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: LCHe7vtLxMxqq_aIHFGhzqkL73hoQSL1RL2blVE6k9CniiYHbv0D8A==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
577 B 28ms
7ms XHR
application/json 37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
an-x-request-uuid: 4f1be6d5-7d96-4c41-a44a-f15ed898f868
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.cyberark.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.175; 185.213.155.175; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 42ms
7ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.cyberark.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
310 B 68ms
10ms XHR
text/html 2a02:26f0:e600::170f:b2eb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e600::170f:b2eb Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b2e3fc362f86c882c8655f7d26cc8dde4c201cd22be17745cbff4357b2b8677d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:42:30 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a03:1b20:6:f011::5e
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1696430550498_386904807_95207258_22_802_8_21_219";dur=1
content-length: 20
expires: Wed, 04 Oct 2023 14:42:30 GMT

GET
H2 200 ajax_ping Show response
www.cyberark.com/resources/hubsFront/ 49 B
196 B 177ms
177ms XHR
application/json 104.16.14.87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_ping

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.9b5118c2a50b1bc4f84d.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.14.87 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/
referrer-policy: unsafe-url
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-frame-options: DENY
content-type: application/json
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-language: en
cf-ray: 810e311c6b263617-FRA
x-xss-protection: 1; mode=block

GET
H2 200 1.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/ECBA64D47D8974536D1F2E1AEA5E9A54/ Frame FCCB 20 KB
9 KB 7ms
7ms XHR
application/javascript 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/ECBA64D47D8974536D1F2E1AEA5E9A54/1.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

28068ec436543e7df8813861e8b375cf0ce00b412bd55c454e82b37c6388941d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 05:39:23 GMT
content-encoding: gzip
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 550987
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 18 Sep 2023 10:10:38 GMT
server: nginx
etag: W/"20720-1695031838000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: 4okdMf9kHzsfJSTPlkYxQPfHpm6aagX2Tu51O2SpLKX14xOCphmO0g==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 324ms
315ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=ce2a428b-d2e4-4e89-81d8-816ec6359914&session=34cc9e5d-a084-45e9-8ff0-96d2ded9a659&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22059bf2ba2b88e39bb3200769d2e411fc%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%7B%5C%5C%5C%22name%5C%5C%5C%22%3A%5C%5C%5C%22prod-cat%5C%5C%5C%22%7D%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22d24194f2-6101-4c07-b071-d2eb5d40f5e6%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A42%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Overview%20CyberArk%20Labs%20recently%20identified%20what%20it%20believes%20to%20be%20a%20significant%20risk%20related%20to%20Windows%20Safe%20Mode%2C%20which%20is%20built%20into%20all%20Windows%20Operating%20Systems%20(OS)%20on%20both%20PCs%20and%20servers....%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CyberArk%20Labs%3A%20From%20Safe%20Mode%20to%20Domain%20Compromise%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&pageViewId=cbd905c1-79ff-4bd3-8814-2dab3a8682e2&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&v=1.1.6

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 cookie_iframe.html Show response
prefmgr-cookie.truste-svc.net/cookie_js/ Frame BAEA 5 KB
2 KB 328ms
103ms Document
text/html 44.214.184.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.214.184.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-214-184-42.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://consent-pref.trustarc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 14:42:30 GMT
etag: W/"5014-1657163800000"
expect-ct: max-age=31536000
last-modified: Thu, 07 Jul 2022 03:16:40 GMT
permissions-policy: geolocation=(), microphone=(), payment=()
referrer-policy: origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame FCCB 914 B
991 B 36ms
36ms XHR
application/json 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

dfeecee70ce9544105ce0e0919a4cd09cf6e239cd588b991d8809b99e9873d40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: ECBA64D47D8974536D1F2E1AEA5E9A54
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
content-encoding: gzip
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 398
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: lqR_QKcMe_lKd5A8yawPaQxyEr-n0FFZVGlfZY5-FAV5GHzCrN_EVg==

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame FCCB 24 KB
6 KB 36ms
36ms XHR
application/json 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

3decbe1c69b0f91d975610f54b2615be61a887c20f8ade1049be9743168198aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: ECBA64D47D8974536D1F2E1AEA5E9A54
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
content-encoding: gzip
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 6052
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: i10OCrK1PFBLV9Tj0nESH63n3GJVxsfaXgsPgW1_-nbFBXRds8JUPQ==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 296ms
296ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=ce2a428b-d2e4-4e89-81d8-816ec6359914&session=34cc9e5d-a084-45e9-8ff0-96d2ded9a659&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3A6%3Af011%3A%3A5e%22%7D&isIframe=false&m=%7B%22description%22%3A%22Overview%20CyberArk%20Labs%20recently%20identified%20what%20it%20believes%20to%20be%20a%20significant%20risk%20related%20to%20Windows%20Safe%20Mode%2C%20which%20is%20built%20into%20all%20Windows%20Operating%20Systems%20(OS)%20on%20both%20PCs%20and%20servers....%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CyberArk%20Labs%3A%20From%20Safe%20Mode%20to%20Domain%20Compromise%22%2C%22prod-cat%22%3A%22%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fblog%2Fcyberark-labs-from-safe-mode-to-domain-compromise&pageViewId=cbd905c1-79ff-4bd3-8814-2dab3a8682e2&an_uid=0&webTagId=d24194f2-6101-4c07-b071-d2eb5d40f5e6&v=1.1.6

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 trustarc-logo-small.png
consent-pref.trustarc.com/images/ Frame FCCB 4 KB
5 KB 7ms
7ms Image
image/png 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/trustarc-logo-small.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:44:02 GMT
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 3509
x-cache: Hit from cloudfront
content-length: 4197
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 18 Sep 2023 10:10:18 GMT
server: nginx
etag: W/"4197-1695031818000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/png
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
accept-ranges: bytes
x-amz-cf-id: x4K35DUz1Y4wZHHpbtpe4XWEhgu_wC-Qk1LQHtHz0XSdrMNYnIqayA==

GET
H2 200 6.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/ECBA64D47D8974536D1F2E1AEA5E9A54/ Frame FCCB 7 KB
4 KB 7ms
7ms XHR
application/javascript 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/ECBA64D47D8974536D1F2E1AEA5E9A54/6.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/ECBA64D47D8974536D1F2E1AEA5E9A54.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c7d578426c9dfb0f1e4ef0685bbf7a8e2b63fea0b35280a22c408c9256c6c046

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 05:39:24 GMT
content-encoding: gzip
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 550987
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 18 Sep 2023 10:10:38 GMT
server: nginx
etag: W/"7454-1695031838000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: h98eW8xedoV79r7dAoZCFKAVrmGVJ9cDsWGGp-qFO9-Jf1IGXf4z8A==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 get
consent.trustarc.com/ Frame FCCB 219 KB
114 KB 24ms
23ms Font
font/ttf 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=OpenSans-Bold.ttf

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://consent-pref.trustarc.com/
Origin: https://consent-pref.trustarc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: public
date: Wed, 04 Oct 2023 13:45:06 GMT
content-encoding: gzip
via: 1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 3445
x-cache: Hit from cloudfront
content-type: font/ttf
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: NZlDwnrDuQb7paTP1gRDx16IdyYgLW8QzMp5NNYe6b7gAg9nls0Nkg==
expires: Fri, 03 Nov 2023 13:45:06 GMT

GET
H2 200 get
consent.trustarc.com/ Frame FCCB 127 KB
76 KB 24ms
23ms Font
font/ttf 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=OpenSans-Light.ttf

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

abca0004f2960ea162b161a82240a139fce6012733a76f3859febb9bed38b420

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://consent-pref.trustarc.com/
Origin: https://consent-pref.trustarc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: public
date: Wed, 04 Oct 2023 14:26:18 GMT
content-encoding: gzip
via: 1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 973
x-cache: Hit from cloudfront
content-type: font/ttf
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: wlpl_m1soOXobYDFRHdVVwh4qNsDSPmEQvJM4HWXMgtLLWBPhgRokw==
expires: Fri, 03 Nov 2023 14:26:18 GMT

GET
H2 200 get
consent.trustarc.com/ Frame FCCB 127 KB
77 KB 10ms
10ms Font
font/ttf 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=OpenSans-SemiBold.ttf

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

89275a1c66640733265b5be89864b6daefef1cc3f275566dd8fd29bd66601a83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://consent-pref.trustarc.com/
Origin: https://consent-pref.trustarc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: public
date: Wed, 04 Oct 2023 13:58:16 GMT
content-encoding: gzip
via: 1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 2655
x-cache: Hit from cloudfront
content-type: font/ttf
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: f1EnQ-84UnDnclX83hn59khSRAlhCL_QW-njIlMJ9scbjrHNhmmaGA==
expires: Fri, 03 Nov 2023 13:58:16 GMT

GET
H2 200 get
consent.trustarc.com/ Frame FCCB 127 KB
77 KB 18ms
17ms Font
application/octet-stream 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=OpenSans-Regular.ttf

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

8bcb1671142844b9c10b5247053d513b9110ad9e3ad7ec0b751d42c977611f83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://consent-pref.trustarc.com/
Origin: https://consent-pref.trustarc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: public
date: Wed, 04 Oct 2023 14:29:09 GMT
content-encoding: gzip
via: 1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 802
x-cache: Hit from cloudfront
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: MT2fRBaG_HdP0DWM6l9t1EsfVd0Lj6MZ4RNYp26X1bKmteLviRVTag==
expires: Fri, 03 Nov 2023 14:29:09 GMT

GET
H2 200 get
consent.trustarc.com/ Frame FCCB 5 KB
5 KB 11ms
11ms Image
image/png 13.225.78.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/get?name=CyberArk_H4C_logo.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-35.fra2.r.cloudfront.net

Software

Resource Hash

6df07acc4226892a09f5d94cfb28cd6f560b073f5fb5e4060fede31cba893989

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: public
date: Wed, 04 Oct 2023 13:49:09 GMT
content-encoding: gzip
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 3202
vary: Origin
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: GCdqBwgEu7954QJxcDFmUFbAQPG92xLhkw3_z178GXhYiAg8CDoKIw==
expires: Fri, 03 Nov 2023 13:49:09 GMT

GET
H2 200 cookie_inneriframe.html Show response
consent-pref.trustarc.com/ Frame 160F 2 KB
1 KB 8ms
8ms Document
text/html 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/cookie_inneriframe.html

Requested by

Host: prefmgr-cookie.truste-svc.net
URL: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=2d3284b7-101d-47c9-99dc-44923157cbb5&userType=NEW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://prefmgr-cookie.truste-svc.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2156
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 14:06:36 GMT
etag: W/"2008-1695031818000"
expect-ct: max-age=86400; enforce;
last-modified: Mon, 18 Sep 2023 10:10:18 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 d9bcd0a29e17b9290f8c9f1617335954.cloudfront.net (CloudFront)
x-amz-cf-id: nRQ3-1JjzqeirVIcVc-pohpa5uSjnbnKUIrUu-6QnTIU7hdYEArbKQ==
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H/1.1 200
OK msg Show response
sjrtp6.marketo.com/gw1/ 0
426 B 477ms
160ms Script
text/javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:42:31 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 193ms
193ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:31 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 211ms
211ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 197ms
197ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:33 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 198ms
198ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:34 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 237ms
237ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 228ms
228ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 277ms
277ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:37 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 205ms
205ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:38 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 191ms
190ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:39 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 301ms
300ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:40 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 331ms
330ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:43 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 309ms
308ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:46 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 245ms
244ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:49 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 200ms
200ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:52 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 355ms
355ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 195ms
195ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:42:58 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2016%2F09%2FAdvanced-threat-survey-1.jpg&size=1&version=1691514344&sig=3fd032afb30cc3d20f8ff5c7f5500841&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2016%2F09%2Felectric_nerc.jpg&size=1&version=1691514344&sig=9563aecef0feb7b327a57642e8caf616&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F09%2Fomer-Insider-threats-feature.jpg&size=1&version=1695999958&sig=68b0c6bf714314aa50ade5ca85070785&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F09%2Fmgm-attack-analysis-1.png&size=1&version=1695999936&sig=07536731a68affda89c5509e9616476f&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F09%2Fsecuring-workforce-access-scaled.jpeg&size=1&version=1695999936&sig=cd5d4c63c7ea637448fdfa88e843b180&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F09%2Fcloud-identity-security.jpg&size=1&version=1695414997&sig=53d64cc8587e43015cd2cec9d72ff574&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F09%2Fopen-source-software-scaled-e1694709670562.jpeg&size=1&version=1695150439&sig=2d3947fc8e976217bb31a99bd4997169&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F09%2Fcyberark-magic-quadrant-pam1.jpg&size=1&version=1694618306&sig=477a3f783aedecbf199f2f9d00cabfca&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F09%2Fsecuring-endpoints.png&size=1&version=1695150440&sig=c15e088656a000edc9f8e8ecf6cbaa33&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Fsec_cybersecurity_compliance.jpg&size=1&version=1694720125&sig=16d44ab33672b26636d7a26fc2c1bc25&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Fprivleged_access_pam.png&size=1&version=1693400570&sig=334c44423bfddc1de4a624525b9cc0d4&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Fglobal-cio-on-balancing-ai.jpg&size=1&version=1693400570&sig=898714229b6af702b357191e9945a16d&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Ffive-workforce-trends.jpg&size=1&version=1692746087&sig=bfd6a48b0424bba23838948c1e0f8d68&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2FCyberArk-ISO-Certified.jpg&size=1&version=1692745949&sig=4d15b3577445bcca1d454559df371d77&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Fidentitysecurity-public-cloud.png&size=1&version=1692747239&sig=bbf6a035a68c1a4034a38f428111cfce&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F08%2Flayer-cake.jpg&size=1&version=1691774469&sig=dc6974c319fee9b28d0c23ed19bbfeba&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F07%2Fzero-standing-privileges-zsp.jpg&size=1&version=1691514426&sig=7ee6be25848ab0d20ea6f46d656966af&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F07%2Fsecure-external-identities.jpg&size=1&version=1691514425&sig=d8eff82b6e3c4d12432d70e1d7731e98&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F07%2Ftsa-cybersecurity-compliance.jpg&size=1&version=1691514425&sig=6c341657ec73ee8d788ddd3c3cfd7713&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F07%2Fpayton-identity-influence-2.jpg&size=1&version=1691514425&sig=c7411df19f1f2cbc2af782d8b6aa4ca2&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F07%2Fsynthetic-identity-AI-ML.jpg&size=1&version=1691514425&sig=97cb00cb2eeaa9d6eb1b89e3eb4c46b7&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F06%2Fdata-sovereignty-scaled.jpeg&size=1&version=1691514425&sig=663a6cbd5b59c988298020ea44742f64&default=hubs%2Ftilebg-blogs.jpg

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/img/hubs/sprite-1x.png

Domain: content.cdntwrk.com
URL: https://content.cdntwrk.com/img/hubs/uparrow.png

Verdicts & Comments Add Verdict or Comment

154 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.cyberark.com/	1969-12-31 23:59:59	Name: _MGZ_ Value: d6ta41ig63j8mhs9v15da6j7jj
www.cyberark.com/	1970-01-20 23:59:26	Name: pdf_event Value: WyJbe1widXVpZFwiOjIyODg4MzAyMjF9LDE3Mjc5NjY1NDhdIiwiNTFlZTY0M2EwNzU2MmVlNTJlM2EwZDljYThiMDViODMiXQ%3D%3D
.cyberark.com/	1970-01-20 15:13:52	Name: __cf_bm Value: 349BQS6GLJ8d68hnh396cYuIVBS62QYqmLvkMjnJzAM-1696430548-0-AQ+kSZtIpm0qb89ae+Y8Tvwj8kY2QAVBYV5Cbd3peN4uiXtiL7uyU8aZm4J7IQH0vUpYCKnlWLn8l6VyfDnVVcM=
.www.cyberark.com/	1970-01-20 23:59:26	Name: _ufav Value: 43a526e868f8484fb47b557838b4f7f1
.www.cyberark.com/	1970-01-20 15:13:54	Name: _ufas Value: 44478f213b5d48c89e5954a70333931b
www.cyberark.com/	1970-01-20 15:13:52	Name: ufentry Value: 20231004.111229
.cyberark.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-20 19:33:02	Name: demdex Value: 64129264355987481412656443445332569891
.cyberark.com/	1970-01-20 17:23:26	Name: _gcl_au Value: 1.1.292611524.1696430550
.cyberark.com/	1969-12-31 23:59:59	Name: AMCVS_9AB97041603F3EDB0A495C66%40AdobeOrg Value: 1
.cyberark.com/	1970-01-20 17:23:26	Name: _rdt_uuid Value: 1696430549974.741a0c3c-3ed1-490b-9cfe-2c3d695a59bf
.cyberark.com/	1970-01-20 15:13:52	Name: TAsessionID Value: 2d3284b7-101d-47c9-99dc-44923157cbb5\|NEW
.cyberark.com/	1969-12-31 23:59:59	Name: notice_behavior Value: expressed,eu
.everesttech.net/	1970-01-20 23:59:26	Name: everest_g_v2 Value: g_surferid~ZR151QAAAIBdAwN-
.dpm.demdex.net/	1970-01-20 19:33:02	Name: dpm Value: 64129264355987481412656443445332569891
.cyberark.com/	1970-01-20 23:59:26	Name: _mkto_trk Value: id:316-CZP-275&token:_mch-cyberark.com-1696430550075-52895
.cyberark.com/	1970-01-21 00:49:50	Name: mbox Value: session#c36ce2aa9c6a4c3484b4042560875e0f#1696432411\|PC#c36ce2aa9c6a4c3484b4042560875e0f.37_0#1759675351
.cyberark.com/	1970-01-21 00:49:50	Name: AMCV_9AB97041603F3EDB0A495C66%40AdobeOrg Value: 179643557%7CMCIDTS%7C19635%7CMCMID%7C59118183468943027843325944429904181390%7CMCAAMLH-1697035349%7C6%7CMCAAMB-1697035349%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1696437749s%7CNONE%7CMCSYNCSOP%7C411-19642%7CvVersion%7C5.5.0
.cyberark.com/	1970-01-21 00:49:50	Name: trwv.uid Value: cyberarksoftware-1696430550173-e3f26afd%3A1
.cyberark.com/	1970-01-20 15:13:52	Name: trwsa.sid Value: cyberarksoftware-1696430550175-edf5b89f%3A1
.cyberark.com/	1970-01-21 00:49:50	Name: _ga Value: GA1.2.1683449643.1696430550
.cyberark.com/	1970-01-20 15:15:16	Name: _gid Value: GA1.2.417600146.1696430550
.cyberark.com/	1970-01-20 15:13:50	Name: _dc_gtm_UA-44168172-9 Value: 1
.cyberark.com/	1970-01-21 00:49:50	Name: _ga_XTLTD7RKN5 Value: GS1.2.1696430550.1.0.1696430550.60.0.0
www.cyberark.com/	1970-01-20 15:23:55	Name: _an_uid Value: 0
www.cyberark.com/	1970-01-21 00:49:50	Name: _gd_visitor Value: ce2a428b-d2e4-4e89-81d8-816ec6359914
www.cyberark.com/	1970-01-20 15:14:04	Name: _gd_session Value: 34cc9e5d-a084-45e9-8ff0-96d2ded9a659
.6sc.co/	1970-01-21 00:49:50	Name: 6suuid Value: bd641102153c3c00d6791d652d03000082de4200
prefmgr-cookie.truste-svc.net/	1970-01-20 15:13:50	Name: cookie_3rdparty Value: enabled

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.bundle.js Message: Specifying 'overflow: visible' on img, video and canvas tags may cause them to produce visual content outside of the element bounds. See https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md for details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

316-czp-275.mktoresp.com
alb.reddit.com
assets.adobedtm.com
b.6sc.co
c.6sc.co
cdnjs.cloudflare.com
cihost.uberflip.com
cm.everesttech.net
consent-pref.trustarc.com
consent-st.trustarc.com
consent.trustarc.com
content.cdntwrk.com
cyberark.demdex.net
cyberark.tt.omtrdc.net
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
in.ml314.com
ipv6.6sc.co
j.6sc.co
ml314.com
munchkin.marketo.net
prefmgr-cookie.truste-svc.net
region1.analytics.google.com
rtp-static.marketo.com
secure.adnxs.com
sjrtp6-cdn.marketo.com
sjrtp6.marketo.com
stats.g.doubleclick.net
www.cyberark.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.redditstatic.com
content.cdntwrk.com
104.16.14.87
13.225.78.35
143.204.98.83
151.101.193.140
192.28.146.116
192.28.147.68
2.17.100.193
2001:4860:4802:34::36
23.197.137.224
23.56.202.193
2600:9000:20eb:6200:12:53a8:95c0:93a1
2606:4700::6811:180e
2a00:1450:4001:803::200a
2a00:1450:4001:806::2008
2a00:1450:4001:813::2003
2a00:1450:4001:81c::200e
2a00:1450:4001:828::2003
2a00:1450:4001:82f::2004
2a00:1450:400c:c06::9b
2a02:26f0:e600:589::1e80
2a02:26f0:e600::170f:b2eb
2a04:4e42:400::396
34.111.234.236
34.252.33.233
37.252.173.215
44.214.184.42
52.18.247.63
52.222.236.115
52.23.135.254
63.33.121.220
66.235.152.107
99.86.4.7
08330120c6d9d4407fd599bae49187289878c557ed68e58d0e091fd5e1ac6c7f
093d12d8b3568fe7d205eab6a5ceb766772d6018aebe44d3e16f9e85fb7ab68e
0d3f500b64811e681b0720672caeb681c5cd4b0a0e4f71978ddddce1a12dfb0d
0e5c37b7bd9ef53ab17e162bba0d3cb3d683e153145537d2fe4a8571e9a94ed3
1ba3a74eb74823f80c522391734fdeafebfbd2f284167568ad17e7d44b1618e3
1f150486021d4182821249f13273a7a87862756e2b021e3d19121aaae6a2e09d
202956cc224ba9381b6a1167408b11dab6198fe87f3a3ed967324f4154aa30c0
234f5e6b36c41a209c87e64949d11927b6360603b94ce3511c53df5bac0f4c26
23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28068ec436543e7df8813861e8b375cf0ce00b412bd55c454e82b37c6388941d
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2beff6d8fd1ef61bccc96b015a4840d6d9f116e13e6462e785de45aca4561c5e
2cb894c9a3c85cc36f5e94beb7d5274aba5e4892f30f8b47bbbdf28921ffc7f5
2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a
365c4e4e15bb05abb8135ba921b7ff58c93459e1b8eda9e1835c13ba7ecec1b4
3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4
3decbe1c69b0f91d975610f54b2615be61a887c20f8ade1049be9743168198aa
40f09d05b7d03a8040b0b4240f6ced1afd750683ae7fe0a692d541fb2dd835b7
45aca110620ac12009925cac1e38aa4e71426a2b83ee7f356010069b45539d56
49bdaf43b043fdd5e79f321a889502b341e83fb3d71caa9ec286369bcb205373
4f683ac6bb92b36a1e2a103464835ad2b373d95a26bf14fd9038723c437773ee
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
5567c5a47f8bbd27707bd2cffdb1679c292a07ccf09a8578e1b9eba7ab481cf3
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
566f92087c12bf4a58e930a3b66ccd9ac7a1c3cefa1aa21059282fff0ab90bd9
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
58c0e3c856dfcf246a73ebf0289c24c07456d7c1efe4f5d1d4ea30e44a82bbd8
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5cbd2c4ce1325baae0fa325bdd95a25a925b094d7e88fc6fcebb834a6906c5b4
5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec
5e4619c1692dea318831af3a9b9b884596a2c71848f162ced1e44aef1994a08f
62738b62849a46842f34013b8528886f10c8d0e1c9aec47d636e05d631e2f60e
634358d77171f485bb1738fce1bf1e715e2cd0a94b2c4f3d5c6dafccd0d1031a
66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4
67e2f25233ffe02ea0a70301e7440e6371d8943ca3f759b1d128b590e7e9419b
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6b75ffd94f51446bfd6ba98a1c1666f783c433e22ba8f7f298bf80afada270fc
6df07acc4226892a09f5d94cfb28cd6f560b073f5fb5e4060fede31cba893989
6e6098f9e4e64f667bc006876813632d5ac79ac56e5284a95c9c821870907cad
7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a
74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595
7507cbea1fef1e42197e3cf74a0863a0a30a529ddc8f5e44e08659f1443b7fa6
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa
7b0e7a4bdf115afb8e8c5b9b671b0dc4441236f8cf56906d146b7d46a0ee14a8
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9
80522fe911e2671f9e4eca6ad0e9f15298bce73eed0a9124fb47e15c5c1eb933
834f991f763949d6143e42ae63133bd85f51b9c62dea1fd70d41b6a8d0ae97cd
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
88b4bd1c3c8e9af6516b562e9679955ff48479ee6a5771e97ef425d1c5425e1f
89275a1c66640733265b5be89864b6daefef1cc3f275566dd8fd29bd66601a83
8aab45b2e3226eb83ceed37f3f622529d0a6ca0a82d8dd9a4d1fb8e46ba84f83
8bcb1671142844b9c10b5247053d513b9110ad9e3ad7ec0b751d42c977611f83
91b7152c2708e116677591b018f23ed2910c747e932f8985b704f1884d807990
91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004
946706d3e681bdc8fd4ce0c4466cae27cb1ffa59cf02bb000a04d4a6bf5dca0a
952f35790a58d6c58cd01db0b7994f8b1e3f2d4328f8dd2ed423c01579d403c6
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9b1471306bec32a8588367dfcec1cb87510c3d43f61fe6d55affd35e4327cfae
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
9e70999bd0ed2afbb2967ca63898c752fc3e66ba8a86a4ac341723be85bb7319
a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362
a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed
a654dbffdb656aacce15df139a6d2701ccae809fe7baab1ec042714bb6336eb9
a7eed87c459caad61192086fc502bab814a9c52619c1f60baf012b2cd2c44143
aa65b2577c91e2a417e095cd4f53f3c6990e7d6fd7d4bc8088467b187f0a9bfa
abca0004f2960ea162b161a82240a139fce6012733a76f3859febb9bed38b420
aeacb3d9f96bc83811b33a0e3adbdfb79b3caefc2ef1038d36ae375d68384a81
b06ee181a056d674f14dc07a3cf5eaf2b4f85aa65def46ee9c33cffda18573bb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2e3fc362f86c882c8655f7d26cc8dde4c201cd22be17745cbff4357b2b8677d
b96b944dbdb9c2afcdecae184e3bdc4717c30dc4f5d4624cfd1727461d6569fa
b9a5505379d682b4a03c5e80c0a6d599f3508b704a7bea679d2322359d799fea
bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641
c7d578426c9dfb0f1e4ef0685bbf7a8e2b63fea0b35280a22c408c9256c6c046
cdd1478536d5677a187876111ef8dabacc3c0c0df323e6bb18aebf1929847a08
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d33b3fb5c49abe228c616d446a52af74fe2f4aaffc222ab83bbb98647d1ed6c5
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d99d2429e8e90014f3b5cb16a9bc0a773d0ddfb3d384c6e6b7f706236ae4848f
db88be26e2424f2ee69686a8b06a07cc54d043e5382568147dc3a089e83079b0
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfeecee70ce9544105ce0e0919a4cd09cf6e239cd588b991d8809b99e9873d40
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e8e7fd76994e9fe7f19af8a2234efc259debc6e67de4ae8bf2f0e7471132bd02
e8f193afecddf4c5c687dbc31d9f4a7670063f213479b28945449ebd8644072a
e9686aeea0055ab0c2b1f0eba66dec9b6dd487b4ec34b0fc9106edc7cd3a52cb
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
eb9eccc0f2ecbdce8059415591ccaf399366e1471701e3c5876d8d0811156636
ee443682ccfe52652d0a578419f20ede35faedd10f55c4517f5298533cffe405
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.cyberark.com Open in urlscan Pro 104.16.14.87 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

151 Requests

83 %HTTPS

41 %IPv6

25 Domains

35 Subdomains

32 IPs

5 Countries

2436 kBTransfer

6711 kBSize

29 Cookies

44 Outgoing links

Redirected requests

151 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cyberark.com Open in urlscan Pro
104.16.14.87 Public Scan

Screenshot
Live screenshot

Full Image

151
Requests

83 %
HTTPS

41 %
IPv6

25
Domains

35
Subdomains

32
IPs

5
Countries

2436 kB
Transfer

6711 kB
Size

29
Cookies

151 HTTP transactions
1 data transactions