www.cyberark.com Open in urlscan Pro
104.17.196.105 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Submission: On April 16 via manual (April 16th 2023, 1:36:57 pm UTC) from IL — Scanned from DE

Summary HTTP 279 Redirects Links 54 Behaviour Indicators

Summary

This website contacted 51 IPs in 6 countries across 39 domains to perform 279 HTTP transactions. The main IP is 104.17.196.105, located in and belongs to CLOUDFLARENET, US. The main domain is www.cyberark.com. The Cisco Umbrella rank of the primary domain is 333003.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 31st 2023. Valid for: a year.

This is the only time www.cyberark.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	104.17.196.105 104.17.196.105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
30	18.66.97.81 18.66.97.81	16509 (AMAZON-02) (AMAZON-02)
9	2600:9000:20e... 2600:9000:20eb:a000:12:53a8:95c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
7	2a02:26f0:350... 2a02:26f0:3500:587::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	34.111.234.236 34.111.234.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	23.38.53.173 23.38.53.173	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
4	2.19.39.121 2.19.39.121	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.66.97.37 18.66.97.37	16509 (AMAZON-02) (AMAZON-02)
10	13.225.78.53 13.225.78.53	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
6	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
3	52.51.141.47 52.51.141.47	16509 (AMAZON-02) (AMAZON-02)
1	54.236.171.84 54.236.171.84	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	52.222.236.74 52.222.236.74	16509 (AMAZON-02) (AMAZON-02)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
2	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
5	192.28.146.116 192.28.146.116	15224 (OMNITURE) (OMNITURE)
1	18.200.69.132 18.200.69.132	16509 (AMAZON-02) (AMAZON-02)
1	18.66.112.19 18.66.112.19	16509 (AMAZON-02) (AMAZON-02)
14	52.222.236.115 52.222.236.115	16509 (AMAZON-02) (AMAZON-02)
1 1	34.241.237.172 34.241.237.172	16509 (AMAZON-02) (AMAZON-02)
1	52.49.168.196 52.49.168.196	16509 (AMAZON-02) (AMAZON-02)
1	34.255.111.89 34.255.111.89	16509 (AMAZON-02) (AMAZON-02)
1	13.32.99.41 13.32.99.41	16509 (AMAZON-02) (AMAZON-02)
1	54.146.120.141 54.146.120.141	14618 (AMAZON-AES) (AMAZON-AES)
69	18.66.112.41 18.66.112.41	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
8	2.16.187.88 2.16.187.88	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	65.9.66.72 65.9.66.72	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
4	34.235.68.114 34.235.68.114	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:20e... 2600:9000:20eb:5400:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:bb9b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	15.236.117.205 15.236.117.205	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	35.174.21.180 35.174.21.180	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	13.225.83.200 13.225.83.200	16509 (AMAZON-02) (AMAZON-02)
12	34.193.113.164 34.193.113.164	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:8d:... 2a04:4e42:8d::720	54113 (FASTLY) (FASTLY)
279	51

46 104.17.196.105 (None, )

ASN13335 (CLOUDFLARENET, US)

www.cyberark.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 18.66.97.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-81.fra56.r.cloudfront.net

content.cdntwrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:20eb:a000:12:53a8:95c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cihost.uberflip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.234.236 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.38.53.173 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-38-53-173.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.19.39.121 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-39-121.deploy.static.akamaitechnologies.com

sjrtp6-cdn.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtp-static.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-37.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.225.78.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-53.fra2.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.51.141.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-141-47.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cyberark.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.236.171.84 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-171-84.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-74.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

316-czp-275.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.28.146.116 (United States)

ASN15224 (OMNITURE, US)

sjrtp6.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.200.69.132 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-69-132.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-19.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 52.222.236.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-115.fra56.r.cloudfront.net

consent-pref.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.241.237.172 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-237-172.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.168.196 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-168-196.eu-west-1.compute.amazonaws.com

cyberark.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.111.89 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-111-89.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-41.fra60.r.cloudfront.net

consent-st.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.146.120.141 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-146-120-141.compute-1.amazonaws.com

prefmgr-cookie.truste-svc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

69 18.66.112.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-41.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.16.187.88 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-187-88.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 65.9.66.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-72.fra56.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

9920016.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.235.68.114 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-68-114.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:5400:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:bb9b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.236.117.205 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

cyberark.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.174.21.180 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-21-180.compute-1.amazonaws.com

cs.choozle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.83.200 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-83-200.fra2.r.cloudfront.net

d1eoo1tco6rr5e.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.193.113.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-113-164.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
flow.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:8d::720 (United States)

ASN54113 (FASTLY, US)

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
69	driftt.com js.driftt.com — Cisco Umbrella Rank: 5237	781 KB
46	cyberark.com www.cyberark.com — Cisco Umbrella Rank: 333003	5 MB
30	cdntwrk.com content.cdntwrk.com — Cisco Umbrella Rank: 56162	2 MB
25	trustarc.com consent.trustarc.com — Cisco Umbrella Rank: 2849 consent-pref.trustarc.com — Cisco Umbrella Rank: 14663 consent-st.trustarc.com — Cisco Umbrella Rank: 27313	561 KB
12	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 6077 metrics.api.drift.com — Cisco Umbrella Rank: 5941 event.api.drift.com — Cisco Umbrella Rank: 6625 targeting.api.drift.com — Cisco Umbrella Rank: 6286 flow.api.drift.com — Cisco Umbrella Rank: 10857	11 KB
9	6sc.co j.6sc.co — Cisco Umbrella Rank: 5703 c.6sc.co — Cisco Umbrella Rank: 8420 ipv6.6sc.co — Cisco Umbrella Rank: 6051 b.6sc.co — Cisco Umbrella Rank: 4247	14 KB
9	marketo.com sjrtp6-cdn.marketo.com — Cisco Umbrella Rank: 88481 rtp-static.marketo.com — Cisco Umbrella Rank: 14211 sjrtp6.marketo.com — Cisco Umbrella Rank: 79641	91 KB
9	uberflip.com cihost.uberflip.com — Cisco Umbrella Rank: 82669	308 KB
7	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 453	104 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	20 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 359 www.linkedin.com — Cisco Umbrella Rank: 570 px4.ads.linkedin.com — Cisco Umbrella Rank: 5988	3 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2942	8 KB
4	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 2963	12 KB
4	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 80 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 9920016.fls.doubleclick.net — Cisco Umbrella Rank: 904668	3 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 39	181 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 206	137 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 73	963 B
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 204 cyberark.demdex.net — Cisco Umbrella Rank: 804410	5 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 636 script.hotjar.com — Cisco Umbrella Rank: 765 in.hotjar.com — Cisco Umbrella Rank: 2016	72 KB
3	ml314.com ml314.com — Cisco Umbrella Rank: 1701 in.ml314.com — Cisco Umbrella Rank: 8849	12 KB
2	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 583	409 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	259 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 158	136 KB
2	omtrdc.net cyberark.tt.omtrdc.net — Cisco Umbrella Rank: 743363 cyberark.sc.omtrdc.net — Cisco Umbrella Rank: 808956	1 KB
2	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 2229 content.hotjar.io — Cisco Umbrella Rank: 6215	418 B
2	google.de www.google.de — Cisco Umbrella Rank: 6074	562 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3200	7 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	135 KB
1	imgix.net driftt.imgix.net — Cisco Umbrella Rank: 13961	3 KB
1	cloudfront.net d1eoo1tco6rr5e.cloudfront.net	667 B
1	choozle.com cs.choozle.com — Cisco Umbrella Rank: 7190	123 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 816	375 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 708	5 KB
1	truste-svc.net prefmgr-cookie.truste-svc.net — Cisco Umbrella Rank: 27302	2 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1079	517 B
1	mktoresp.com 316-czp-275.mktoresp.com — Cisco Umbrella Rank: 711339	318 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1517	157 B
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1387	8 KB
1	gstatic.com fonts.gstatic.com	44 KB
279	39

	Domain	Requested by
69	js.driftt.com	www.cyberark.com js.driftt.com
46	www.cyberark.com	www.cyberark.com content.cdntwrk.com
30	content.cdntwrk.com	www.cyberark.com content.cdntwrk.com
14	consent-pref.trustarc.com	consent.trustarc.com consent-pref.trustarc.com www.cyberark.com prefmgr-cookie.truste-svc.net
10	consent.trustarc.com	www.cyberark.com consent.trustarc.com
9	cihost.uberflip.com	www.cyberark.com cihost.uberflip.com
7	assets.adobedtm.com	www.cyberark.com assets.adobedtm.com
6	b.6sc.co
6	www.google-analytics.com	www.googletagmanager.com www.cyberark.com
5	sjrtp6.marketo.com	sjrtp6-cdn.marketo.com rtp-static.marketo.com
4	targeting.api.drift.com	js.driftt.com
4	tags.srv.stackadapt.com	www.cyberark.com tags.srv.stackadapt.com
4	nexus.ensighten.com	www.googletagmanager.com nexus.ensighten.com
4	fonts.googleapis.com	www.cyberark.com cihost.uberflip.com
4	cdnjs.cloudflare.com	www.cyberark.com cdnjs.cloudflare.com
3	rtp-static.marketo.com	sjrtp6-cdn.marketo.com
2	flow.api.drift.com	js.driftt.com
2	event.api.drift.com	js.driftt.com
2	metrics.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	insight.adsrvr.org	1 redirects d1eoo1tco6rr5e.cloudfront.net
2	www.facebook.com
2	px.ads.linkedin.com	2 redirects
2	9920016.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	connect.facebook.net	www.cyberark.com connect.facebook.net
2	www.google.de	www.cyberark.com
2	www.google.com	www.cyberark.com
2	dpm.demdex.net	assets.adobedtm.com www.cyberark.com
2	munchkin.marketo.net	www.cyberark.com munchkin.marketo.net
2	ml314.com	www.cyberark.com ml314.com
2	www.googletagmanager.com	www.cyberark.com www.googletagmanager.com
1	driftt.imgix.net
1	d1eoo1tco6rr5e.cloudfront.net	nexus.ensighten.com
1	cs.choozle.com
1	adservice.google.com	9920016.fls.doubleclick.net
1	cyberark.sc.omtrdc.net	assets.adobedtm.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	j.6sc.co	www.cyberark.com
1	snap.licdn.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	prefmgr-cookie.truste-svc.net	www.cyberark.com
1	consent-st.trustarc.com	consent-pref.trustarc.com
1	content.hotjar.io	script.hotjar.com
1	cyberark.tt.omtrdc.net	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	cyberark.demdex.net	assets.adobedtm.com
1	vc.hotjar.io	script.hotjar.com
1	in.hotjar.com	script.hotjar.com
1	316-czp-275.mktoresp.com	munchkin.marketo.net
1	script.hotjar.com	static.hotjar.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	alb.reddit.com	www.cyberark.com
1	in.ml314.com	ml314.com
1	www.redditstatic.com	www.cyberark.com
1	static.hotjar.com	www.cyberark.com
1	sjrtp6-cdn.marketo.com	www.cyberark.com
1	fonts.gstatic.com	fonts.googleapis.com
279	61

This site contains links to these domains. Also see Links.

Domain
cyberark-customers.force.com
cyberark.com
labs.cyberark.com
careers.cyberark.com
www.conjur.org
docs.cyberark.com
www.facebook.com
twitter.com
www.linkedin.com
docs.microsoft.com
www.zerodayinitiative.com
unit42.paloaltonetworks.com
www.malwaretech.com
www.coresecurity.com
blog.tetrane.com
cyberx-labs.com
bbs.pediy.com
shodan.io
www.mcafee.com
lp.cyberark.com
investors.cyberark.com
www.youtube.com

Subject Issuer	Validity	Valid
www.cyberark.com Cloudflare Inc ECC CA-3	`2023-03-31` - `2024-03-29`	a year	crt.sh
content.cdntwrk.com Amazon RSA 2048 M01	`2022-10-24` - `2023-11-22`	a year	crt.sh
*.uberflip.com Amazon RSA 2048 M01	`2023-02-20` - `2023-08-03`	5 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
ml314.com GTS CA 1D4	`2023-04-09` - `2023-07-08`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.marketo.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.trustarc.com Amazon RSA 2048 M01	`2023-02-27` - `2023-06-15`	4 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-12` - `2023-10-08`	6 months	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
*.ml314.com Amazon RSA 2048 M02	`2023-02-27` - `2023-12-14`	10 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-05-14`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
*.truste-svc.net Amazon RSA 2048 M02	`2023-02-28` - `2023-06-21`	4 months	crt.sh
drift.com Amazon RSA 2048 M02	`2023-03-01` - `2023-09-21`	7 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-23` - `2023-04-23`	3 months	crt.sh
6sc.co R3	`2023-03-11` - `2023-06-09`	3 months	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-07` - `2023-10-14`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-02-27` - `2023-11-07`	8 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-02-24` - `2023-08-06`	5 months	crt.sh
*.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.choozle.com Amazon RSA 2048 M02	`2023-03-01` - `2023-06-16`	4 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.imgix.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-03-05` - `2024-04-05`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Frame ID: 7467CC4127FE59C9361CFED6947AE105
Requests: 173 HTTP requests in this frame

Frame: https://consent.trustarc.com/get?name=crossdomain.html&domain=cyberark.com
Frame ID: FF824580E0188463A4F97310F64DE0B1
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
Frame ID: 000A58AB9245FA3A1500CDA5B65619FE
Requests: 18 HTTP requests in this frame

Frame: https://cyberark.demdex.net/dest5.html?d_nsid=0
Frame ID: 35195B9303B53D90B8AFFA4568CEEBB3
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html
Frame ID: 1A3176FAD686E30DC8224C2092C9AAB3
Requests: 1 HTTP requests in this frame

Frame: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
Frame ID: F789845E83761C6E6E17BF90FE25F553
Requests: 1 HTTP requests in this frame

Frame: https://9920016.fls.doubleclick.net/activityi;dc_pre=CNz4mtbCrv4CFdDLOwIdIOYAxA;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=35689056.1681652211;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
Frame ID: 4D091B234347049DC02842C20BB31303
Requests: 2 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/cookie_inneriframe.html
Frame ID: 953FFB69C21264BA047EAE763C6FE1F2
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
Frame ID: 8F78D1E22E7EB6144F6A5FA114B1EC7B
Requests: 40 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
Frame ID: E732BB531A561F3B33A1E33837776B9A
Requests: 35 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
Frame ID: F2D90AE591EFCE9AF23557C7054DA665
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 9FB2FCCD16B4729B075DA573759E39D9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Explain Like I’m 5: Remote Desktop Protocol (RDP)

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

279
Requests

99 %
HTTPS

38 %
IPv6

39
Domains

61
Subdomains

51
IPs

6
Countries

9411 kB
Transfer

15813 kB
Size

53
Cookies

54 Outgoing links

These are links going to different origins than the main page.

URL: https://cyberark-customers.force.com/mplace/s/
Title: Marketplace

Search URL Search Domain Scan URL

URL: https://cyberark.com/partners/
Title: Partners

Search URL Search Domain Scan URL

URL: https://cyberark.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://labs.cyberark.com/
Title: CyberArk Labs

Search URL Search Domain Scan URL

URL: https://careers.cyberark.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.conjur.org/
Title: Conjur Secrets Manager Open Source

Search URL Search Domain Scan URL

URL: https://cyberark-customers.force.com/s/
Title: Technical Community

Search URL Search Domain Scan URL

URL: https://docs.cyberark.com/
Title: Product Documentation

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Explain%20Like%20I%E2%80%99m%205:%20Remote%20Desktop%20Protocol%20(RDP)&url=https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp&title=Explain%20Like%20I%E2%80%99m%205:%20Remote%20Desktop%20Protocol%20(RDP)&summary=Table%20of%20Contents%20Introduction%20RDP%20Connection%20Connection%20Sequence%20|%20Basic%20Input%20and%20Output%20Channels%20in%20RDP%20|%20Data%20Compression%20RDP%20Security%20|%20Recent%20RDP%20Vulnerabilities%20Conclusion%20References%20%C2%A0...
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20%28RDP%29&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&via=CyberArk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&title=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20%28RDP%29&summary=Table%20of%20Contents%20Introduction%20RDP%20Connection%20Connection%20Sequence%20%7C%20Basic%20Input%20and%20Output%20Channels%20in%20RDP%20%7C%20Data%20Compression%20RDP%20Security%20%7C%20Recent%20RDP%20Vulnerabilities%20Conclusion%20References%20%C2%A0...
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/5073f4ed-1e93-45e1-b039-6e30c385867c
Title: [MS-RDPBCGR]

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpele/3d3f160a-3ab3-4dfb-ba4e-47c27cd79409
Title: [MS-RDPELE]

Search URL Search Domain Scan URL

URL: https://www.zerodayinitiative.com/blog/2019/5/27/cve-2019-0708-a-comprehensive-analysis-of-a-remote-desktop-services-vulnerability
Title: https://www.zerodayinitiative.com/blog/2019/5/27/cve-2019-0708-a-comprehensive-analysis-of-a-remote-desktop-services-vulnerability

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/exploitation-of-windows-cve-2019-0708-bluekeep-three-ways-to-write-data-into-the-kernel-with-rdp-pdu/
Title: https://unit42.paloaltonetworks.com/exploitation-of-windows-cve-2019-0708-bluekeep-three-ways-to-write-data-into-the-kernel-with-rdp-pdu/

Search URL Search Domain Scan URL

URL: https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html
Title: https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep.html

Search URL Search Domain Scan URL

URL: https://www.coresecurity.com/blog/low-level-reversing-bluekeep-vulnerability-cve-2019-0708
Title: https://www.coresecurity.com/blog/low-level-reversing-bluekeep-vulnerability-cve-2019-0708

Search URL Search Domain Scan URL

URL: https://blog.tetrane.com/2020/01/22/bluekeep.html
Title: https://blog.tetrane.com/2020/01/22/bluekeep.html

Search URL Search Domain Scan URL

URL: https://www.malwaretech.com/2019/08/dejablue-analyzing-a-rdp-heap-overflow.html
Title: https://www.malwaretech.com/2019/08/dejablue-analyzing-a-rdp-heap-overflow.html

Search URL Search Domain Scan URL

URL: https://cyberx-labs.com/blog/analyzing-the-dejablue-heap-overflow-vulnerability/#_Toc28622447
Title: https://cyberx-labs.com/blog/analyzing-the-dejablue-heap-overflow-vulnerability/#_Toc28622447

Search URL Search Domain Scan URL

URL: https://bbs.pediy.com/thread-256766.htm
Title: https://bbs.pediy.com/thread-256766.htm

Search URL Search Domain Scan URL

URL: https://shodan.io/
Title: shodan.io

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpemt/4d98f550-6b0d-4d5f-89f5-2ac8616246a2
Title: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpemt/4d98f550-6b0d-4d5f-89f5-2ac8616246a2

Search URL Search Domain Scan URL

URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rdp-security-explained/
Title: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rdp-security-explained/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Check%20out%20what%27s%20happening%20at%20CyberArk%21&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2F&via=CyberArk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2F&title=English%20%E2%80%93%20CyberArk%20Software%20Inc%27s&summary=Check%20out%20what%27s%20happening%20at%20CyberArk%21
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://lp.cyberark.com/Stay-in-touch.html
Title: Tell Me How

Search URL Search Domain Scan URL

URL: https://cyberark.com/services-support/contact-support/
Title: Contact Support

Search URL Search Domain Scan URL

URL: https://cyberark.com/services-support/professional-services/training-certification/
Title: Training & Certification

Search URL Search Domain Scan URL

URL: https://cyberark.com/customer-support/
Title: Customer Support

Search URL Search Domain Scan URL

URL: https://cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-software-service/
Title: EPM SaaS Register / Login

Search URL Search Domain Scan URL

URL: https://cyberark.com/product-security/
Title: Product Security

Search URL Search Domain Scan URL

URL: https://cyberark.com/resources
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://cyberark.com/blueprint/
Title: CyberArk Blueprint

Search URL Search Domain Scan URL

URL: https://cyberark.com/discover-privileged-accounts-exist-cyberark-dna/
Title: Scan Your Network

Search URL Search Domain Scan URL

URL: https://cyberark-customers.force.com/partner/s/login/
Title: Partner Community

Search URL Search Domain Scan URL

URL: https://cyberark.com/partner-finder/
Title: Partner Finder

Search URL Search Domain Scan URL

URL: https://cyberark.com/partners/cyberark-partner-network/#become-a-partner
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://cyberark.com/partners/alliance-partners/
Title: Alliance Partner

Search URL Search Domain Scan URL

URL: https://investors.cyberark.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://cyberark.com/company/management-team/
Title: Management Team

Search URL Search Domain Scan URL

URL: https://cyberark.com/company/board-of-directors/
Title: Board of Directors

Search URL Search Domain Scan URL

URL: https://cyberark.com/newsroom/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://cyberark.com/company/#office-locations
Title: Office Locations

Search URL Search Domain Scan URL

URL: https://twitter.com/CyberArk

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CyberArk

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyber-ark-software

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/cyberarksoftware

Search URL Search Domain Scan URL

URL: https://cyberark.com/terms-conditions/
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://cyberark.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 131

https://cm.everesttech.net/cm/dd?d_uuid=11655364435885616693795235394914297207 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZDv59AAAAK2jCgN-

Request Chain 156

https://9920016.fls.doubleclick.net/activityi;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=35689056.1681652211;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp HTTP 302
https://9920016.fls.doubleclick.net/activityi;dc_pre=CNz4mtbCrv4CFdDLOwIdIOYAxA;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=35689056.1681652211;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp

Request Chain 171

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1681652212756&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D17906%26time%3D1681652212756%26url%3Dhttps%253A%252F%252Fwww.cyberark.com%252Fresources%252Fthreat-research-blog%252Fexplain-like-i-m-5-remote-desktop-protocol-rdp%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1681652212756&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1681652212756&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&liSync=true&e_ipv6=AQKuwqXPDT9JRAAAAYeKSGWlu4WNNI-dO6H3TCrdxI9yKpCpsZG5dMQSyeV3ii9yOptEWwWu_Bsu

Request Chain 192

https://insight.adsrvr.org/tags/0v1kpom/u9beit9/iframe HTTP 303
https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe

279 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request explain-like-i-m-5-remote-desktop-protocol-rdp Show response
www.cyberark.com/resources/threat-research-blog/ 297 KB
57 KB 357ms
290ms Document
text/html 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03c30c924e1d2b73c2022269369a90c3c4093aa74e2fd1b7e71de0d3708e655c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 7b8cd1ca697d914a-FRA
content-encoding: gzip
content-language: en
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/;
content-type: text/html; charset=UTF-8
date: Sun, 16 Apr 2023 13:36:50 GMT
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
referrer-policy: unsafe-url
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 lato.css
content.cdntwrk.com/css/google-fonts/ 6 KB
962 B 79ms
20ms Stylesheet
text/css 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/css/google-fonts/lato.css?v=075928935a99
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88b4bd1c3c8e9af6516b562e9679955ff48479ee6a5771e97ef425d1c5425e1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 16:29:04 GMT
content-encoding: gzip
via: 1.1 22993faf725ff29c940e58cb14ddf668.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 248872
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 04 Apr 2023 17:16:40 GMT
server: AmazonS3
etag: W/"37291223d8c6a87c6435a8740e28f134"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: OKkGgvhwbbO6E1CglpLU-peaK7usIGBUQqj4XwtTHfQRgrUka0FpTA==

GET
H2 200 hubs.c2e7f618985911ea7708.css
content.cdntwrk.com/css/hubs/ 262 KB
44 KB 84ms
25ms Stylesheet
text/css 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/css/hubs/hubs.c2e7f618985911ea7708.css
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 19871f24c2b42833f98f404c3f404c0cbc99f02c70e590303e9f269948d2a056

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 02:38:21 GMT
content-encoding: gzip
via: 1.1 22993faf725ff29c940e58cb14ddf668.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 298710
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 04 Apr 2023 17:16:40 GMT
server: AmazonS3
etag: W/"b09f031ad46988d7d0c89e35980f0bec"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: wc-3GwHcsifFS8PEBSG7prZl3zwN5p6gfQOrzhkrgmjptcQtnRUVBA==

GET
H2 200 en.css
cihost.uberflip.com/cyberArk/master/build/en/ 512 KB
76 KB 98ms
26ms Stylesheet
text/css 2600:9000:20eb:a000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 918e8441bee23ad58f7206b828f06c95a47a8e3ba6ae2e29b6483c610e06e470

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 14:08:11 GMT
content-encoding: gzip
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
last-modified: Mon, 10 Apr 2023 14:03:49 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1681135423/ctime:1681135423/gid:123/gname:docker/md5:a4014bd22c32ffc9c3ddcdb8fd230299/mode:33188/mtime:1681135423/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 84520
x-amz-server-side-encryption: AES256
etag: W/"a4014bd22c32ffc9c3ddcdb8fd230299"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: x9UD03eVyQE6sJH_a2jz3CiqrFoWu0LY1pDhMh3v3YFl5Zl63jxo2g==

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/ 46 KB
9 KB 87ms
30ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 855507
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8281
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-b752"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Zo%2F3MUQc0iqXrvieQa9RoCGuxkcwLyuJcdFlGuiqurde13aJi3WgtsJwGhatvmUVN0jxOUVyHMuNxR%2FX2n4MIhRVmWLwNwO0RyponuyryG7lgcjRRUv7Tz2uqVDLa5jpMntznBAyxwftk5isLwYpelD"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7b8cd1ccbdd25ba4-FRA
expires: Fri, 05 Apr 2024 13:36:50 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 84ms
31ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400&display=swap

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

603d4ccbae71b317445d37367d9b3e6544c1b0b067ee23081de98892ed804dfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 13:22:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 16 Apr 2023 13:36:50 GMT

GET
H2 200 enlighterjs.min.css
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/ 78 KB
9 KB 45ms
43ms Stylesheet
text/css 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.css?ver=5.4.2

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Aug 2020 16:20:25 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24439977
etag: W/"5f4d2349-13634"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1cc5c5a914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 enlighterjs.min.js Show response
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/ 57 KB
17 KB 41ms
40ms Script
application/javascript 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.js?ver=5.4.2

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Aug 2020 16:20:25 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24439976
etag: W/"5f4d2349-e307"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1cc5c5c914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
639 B 92ms
40ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Mono&display=swap

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0c1735c33aba99b149285a77aaee7d910df64f400e834b6a71c57655ad7bcda8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 11:45:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 16 Apr 2023 13:36:50 GMT

GET
H2 200 launch-e8e6adf0fe30.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/ 297 KB
88 KB 171ms
34ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8605ba9973ec0ff450733faf2d77e8e07fa354bc4c0f6aff6c41c5e4c25835bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
last-modified: Mon, 29 Aug 2022 19:24:06 GMT
server: AkamaiNetStorage
etag: "e79abf2aca255f9494826b6e1a167f68:1661801046.765405"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 89686
expires: Sun, 16 Apr 2023 14:36:51 GMT

GET
H2 200 logo.svg
cihost.uberflip.com/cyberArk/OB-8671/build/assets/ 14 KB
5 KB 27ms
20ms Image
image/svg+xml 2600:9000:20eb:a000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cihost.uberflip.com/cyberArk/OB-8671/build/assets/logo.svg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 952f35790a58d6c58cd01db0b7994f8b1e3f2d4328f8dd2ed423c01579d403c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 05:14:42 GMT
content-encoding: gzip
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
last-modified: Mon, 12 Dec 2022 14:33:49 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1670855619/ctime:1670855619/gid:123/gname:docker/md5:f86c6ef84b83b048b2a5521fb36ab761/mode:33188/mtime:1670855619/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 30168
x-amz-server-side-encryption: AES256
etag: W/"f86c6ef84b83b048b2a5521fb36ab761"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: 2-176arOa3RmBBoHxLwCcccYwrmLSvDEEQcCwLnxyjM1SQNKZfYD3w==

GET
H2 200 WhyCA_Menu-LeftHandCallOut.png
www.cyberark.com/wp-content/uploads/2021/02/ 25 KB
26 KB 44ms
37ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/02/WhyCA_Menu-LeftHandCallOut.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b96b944dbdb9c2afcdecae184e3bdc4717c30dc4f5d4624cfd1727461d6569fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 24437166
cf-polished: origFmt=png, origSize=39669
content-disposition: inline; filename="WhyCA_Menu-LeftHandCallOut.webp"
content-length: 25958
cf-bgj: imgq:85,h2pri
last-modified: Tue, 02 Feb 2021 20:17:47 GMT
server: cloudflare
etag: "6019b36b-9af5"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1ce1eeb914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 Assets-Icons-Industries-Medical.png
www.cyberark.com/wp-content/uploads/2020/12/ 362 B
4 KB 53ms
46ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/12/Assets-Icons-Industries-Medical.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e6098f9e4e64f667bc006876813632d5ac79ac56e5284a95c9c821870907cad

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 230984
cf-polished: origFmt=png, origSize=997
content-disposition: inline; filename="Assets-Icons-Industries-Medical.webp"
content-length: 362
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Wed, 23 Dec 2020 22:10:13 GMT
server: cloudflare
etag: "5fe3c045-3e5"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1ce1eee914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 Products_Menu-LeftHandCallOut.png
www.cyberark.com/wp-content/uploads/2021/02/ 15 KB
15 KB 49ms
43ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/02/Products_Menu-LeftHandCallOut.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a6e748e376ec78d830131deaf6c5dbfa2e5ce4a32e30b609aa7700345d4491a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 24437165
cf-polished: origFmt=png, origSize=22261
content-disposition: inline; filename="Products_Menu-LeftHandCallOut.webp"
content-length: 15210
cf-bgj: imgq:85,h2pri
last-modified: Tue, 02 Feb 2021 20:10:12 GMT
server: cloudflare
etag: "6019b1a4-56f5"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1ce1ef0914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 Privilege.svg
www.cyberark.com/wp-content/uploads//2021/02/ 3 KB
1 KB 49ms
42ms Image
image/svg+xml 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/Privilege.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b0e7a4bdf115afb8e8c5b9b671b0dc4441236f8cf56906d146b7d46a0ee14a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 20:54:15 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24429648
etag: W/"6019bbf7-c52"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1ce1ef1914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 Access.svg
www.cyberark.com/wp-content/uploads//2021/02/ 5 KB
2 KB 51ms
45ms Image
image/svg+xml 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/Access.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8e7fd76994e9fe7f19af8a2234efc259debc6e67de4ae8bf2f0e7471132bd02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:31:38 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24404839
etag: W/"6019c4ba-12ba"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1ce1ef2914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 DevSecOps.svg
www.cyberark.com/wp-content/uploads//2021/02/ 6 KB
2 KB 48ms
41ms Image
image/svg+xml 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/DevSecOps.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b7152c2708e116677591b018f23ed2910c747e932f8985b704f1884d807990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:31:31 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24404839
etag: W/"6019c4b3-185c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1ce1ef3914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 finance.svg
www.cyberark.com/wp-content/uploads//2021/02/ 7 KB
3 KB 55ms
48ms Image
image/svg+xml 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/finance.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

234f5e6b36c41a209c87e64949d11927b6360603b94ce3511c53df5bac0f4c26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:33:34 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2343644
etag: W/"6019c52e-1a41"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1ce1ef4914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 insurance.svg
www.cyberark.com/wp-content/uploads//2021/02/ 3 KB
1 KB 52ms
45ms Image
image/svg+xml 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/insurance.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e70999bd0ed2afbb2967ca63898c752fc3e66ba8a86a4ac341723be85bb7319

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:34:37 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 219153
etag: W/"6019c56d-c9f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1ce1ef5914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 healthcare.svg
www.cyberark.com/wp-content/uploads//2021/02/ 4 KB
2 KB 48ms
42ms Image
image/svg+xml 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/healthcare.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a654dbffdb656aacce15df139a6d2701ccae809fe7baab1ec042714bb6336eb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:34:01 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24404837
etag: W/"6019c549-10bb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1ce1ef6914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 government.svg
www.cyberark.com/wp-content/uploads//2021/02/ 2 KB
1 KB 47ms
41ms Image
image/svg+xml 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads//2021/02/government.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

634358d77171f485bb1738fce1bf1e715e2cd0a94b2c4f3d5c6dafccd0d1031a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 02 Feb 2021 21:34:22 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24429648
etag: W/"6019c55e-881"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1ce1ef7914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 Nav-Image-ServicesSupport-e1609108892195.png
www.cyberark.com/wp-content/uploads/2020/12/ 21 KB
21 KB 70ms
64ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/12/Nav-Image-ServicesSupport-e1609108892195.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0637a5486005822934814400cc9f0989ead659268f2add3521f63f1b49876913

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 24404842
cf-polished: origFmt=png, origSize=36292
content-disposition: inline; filename="Nav-Image-ServicesSupport-e1609108892195.webp"
content-length: 21468
cf-bgj: imgq:85,h2pri
last-modified: Sun, 27 Dec 2020 22:41:32 GMT
server: cloudflare
etag: "5fe90d9c-8dc4"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1ce3f28914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 TryBuy_Menu-LeftHandCallOut.png
www.cyberark.com/wp-content/uploads/2021/02/ 26 KB
26 KB 66ms
60ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/02/TryBuy_Menu-LeftHandCallOut.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8aab45b2e3226eb83ceed37f3f622529d0a6ca0a82d8dd9a4d1fb8e46ba84f83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2344180
cf-polished: origFmt=png, origSize=39090
content-disposition: inline; filename="TryBuy_Menu-LeftHandCallOut.webp"
content-length: 26540
cf-bgj: imgq:85,h2pri
last-modified: Tue, 02 Feb 2021 20:19:11 GMT
server: cloudflare
etag: "6019b3bf-98b2"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1ce3f2c914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 Icons-Globe@2x.png
www.cyberark.com/wp-content/uploads/2020/12/ 456 B
617 B 71ms
65ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/12/Icons-Globe@2x.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45aca110620ac12009925cac1e38aa4e71426a2b83ee7f356010069b45539d56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 302062
cf-polished: origFmt=png, origSize=1147
content-disposition: inline; filename="Icons-Globe@2x.webp"
content-length: 456
cf-bgj: imgq:85,h2pri
last-modified: Wed, 30 Dec 2020 23:04:11 GMT
server: cloudflare
etag: "5fed076b-47b"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1ce3f2d914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H3 200 ajax-loader-white-2x.gif
content.cdntwrk.com/img/hubs/ 3 KB
3 KB 28ms
23ms Image
image/gif 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/ajax-loader-white-2x.gif?v=19a554b579c4
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1cd0852f3077f1b059e16529d8de16acb490990d6cb796dd74873de0bfd8a91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 07:09:22 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
age: 368878
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 2707
last-modified: Tue, 04 Apr 2023 17:16:47 GMT
server: AmazonS3
etag: "5217392f882b27d35ec2e72946f2df7e"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: wvpwUaU0m4T2Oy39rbi4aTjjccXvvFQggxS1QVSITgnrA-n-uiaQMQ==

GET
H3 200 chevron-down-64x64.png
content.cdntwrk.com/img/hubs/ 760 B
1 KB 28ms
24ms Image
image/png 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/chevron-down-64x64.png?v=78668873251b
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 04:13:20 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
age: 206814
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 760
last-modified: Tue, 04 Apr 2023 17:16:47 GMT
server: AmazonS3
etag: "26818bdf0706c780af4a52b44ea17fdc"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: J5w2gVGbulEm-tMJzrD140csR6_A2tSMmWkMqqJQHmbsSv2ROIIPxw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 278 KB
92 KB 104ms
47ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e43f4377ab42351cc2787d4d3188411faaf30536a9db6b07dd1daa0b29678025

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93271
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 16 Apr 2023 13:36:50 GMT

GET
H3 200 mediaproxy
content.cdntwrk.com/ 10 KB
10 KB 31ms
27ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F04%2FAdobeStock_263194016-scaled.jpeg&size=1&version=1670613376&sig=5b73f3856133ed4784b27b5f59f651ff&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: c0c5b8f37bb612b6cd3e5be43d3d269d05eb0a8e10d98f71e9534f4eb6a8c3ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:21:49 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 20:21:40 GMT
age: 11034900
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="AdobeStock_263194016-scaled.webp"
alt-svc: h3=":443"; ma=86400
content-length: 10014
x-amz-cf-id: EKq4NIHbeR2HrCAMwzJDxXfruaovkIZoaJWb9gbqIU3EDWiaSYJJFQ==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 15 KB
15 KB 54ms
50ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F03%2FHorror-Movie-Hand-scaled.jpg&size=1&version=1670613377&sig=84a0dd488b79093cbe4bb91fcd7d47e5&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 0354a8cb0789d6c86e691769b9783d1f61423a77cc90274826f9368a507a41ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 20:21:49 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 20:21:40 GMT
age: 11034900
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="Horror-Movie-Hand-scaled.webp"
alt-svc: h3=":443"; ma=86400
content-length: 15060
x-amz-cf-id: bULVlP4gXzqf3JhQA2TZ-kaNGxucMj9u9CPYN7MlkB89deZ6Xm9ACw==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 149 KB
149 KB 49ms
45ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F04%2Fheader-image-.png&size=1&version=1681397587&sig=4325015a9785673edee01e17729d0ee0&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 7be1b3df507b34b7d05c60510836564455b0f85be0871e96e48201e4947d4cfd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 14:53:43 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Thu, 13 Apr 2023 14:53:33 GMT
age: 254587
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="header-image-.webp"
alt-svc: h3=":443"; ma=86400
content-length: 152128
x-amz-cf-id: M39ZKH6r2y53K4nHR9RJdQ9MJ_houh4bdsc6BwosaIXu8I5ifFyPmw==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 245 KB
246 KB 55ms
51ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F02%2Fpersistence-header-image.jpg&size=1&version=1677766810&sig=f58b62d5454cd4974987fe5363b327fe&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: ab342cf55dbb1241ef27cc92303a4266de2f8ec5734d4f7f97285c8562079ab9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 14:21:49 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Thu, 02 Mar 2023 14:21:39 GMT
age: 3885301
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="persistence-header-image.webp"
alt-svc: h3=":443"; ma=86400
content-length: 251184
x-amz-cf-id: vw8DORJXJ57wZqwFVVABvNjyXO3jPrqiUl5dfJakEDQm9Q5mLsRv9A==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 92 KB
92 KB 55ms
51ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F02%2Ftr-phishing-service-hero.jpg&size=1&version=1676559006&sig=e3b8da3980ddb7a203d056ad549a66ea&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: c1457d6417251decf61b55c38e54c05f42f0d3855d31dbf51699728b2131aefd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 14:52:00 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Thu, 16 Feb 2023 14:51:50 GMT
age: 5093090
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="tr-phishing-service-hero.webp"
alt-svc: h3=":443"; ma=86400
content-length: 94086
x-amz-cf-id: 8sJ1fM9aKqZwmLg01dHEM14KnFMJjNZT_R9F2iU3U8XOpYLgDjdnuA==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 91 KB
92 KB 55ms
52ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F02%2Flinux-kernel-hero.png&size=1&version=1675804266&sig=b38f28df761ab599d819c43b3a750f18&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 8642675885c3a57a6673d673550ef1b5cb983e7b8232e00cf7d804cbe6a1f034

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 21:13:33 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Tue, 07 Feb 2023 21:13:23 GMT
age: 5847796
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="linux-kernel-hero.webp"
alt-svc: h3=":443"; ma=86400
content-length: 93428
x-amz-cf-id: N3NYVcMfk1XCtvdRhueZ8g2d8tStxnGq_s-kGsxH-ix0ksZHAvN25A==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 201 KB
202 KB 55ms
51ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F02%2Fdocker-desktop-privilege-escalation-1.jpg&size=1&version=1681110445&sig=59da08bca4043f5fdade4a1df2c083dd&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 6f756350e67238ef627d83acd8c4697791eaade9b8304e92f0b0b611920a7fde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 07:17:01 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Mon, 10 Apr 2023 07:16:51 GMT
age: 541189
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="docker-desktop-privilege-escalation-1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 206302
x-amz-cf-id: 85p9heJHLlFdW7jrzGvIcqU4ODmq6pz8NfelSVaYdcbajL4aAWdLNw==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 54 KB
54 KB 54ms
50ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F01%2Fhero-tr-digital-world-map.jpg&size=1&version=1674241376&sig=cab47dd963036e95f6e34a701cfa63c3&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 22b1c85f75f783d44346fb97d5787ac2b94daf955a1ceae3148186427c1073a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 19:03:08 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 20 Jan 2023 19:02:59 GMT
age: 7410821
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="hero-tr-digital-world-map.webp"
alt-svc: h3=":443"; ma=86400
content-length: 55250
x-amz-cf-id: mD8oQV27UVduk8kNXdEbDsaPk8xEcsaZ5007yr63bXUm1fgC0T_oaQ==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 153 KB
153 KB 52ms
48ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2023%2F01%2Fhero-tr-hand-microchip.jpg&size=1&version=1675792992&sig=fec5851a7168d2ecd27a4376767cd3ac&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 0a64de85c54d385a9fa2234abc2d55791ec47c60bfcf52291ddb28aa67dfaede

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 18:06:45 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Tue, 07 Feb 2023 18:06:37 GMT
age: 5859003
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="hero-tr-hand-microchip.webp"
alt-svc: h3=":443"; ma=86400
content-length: 156618
x-amz-cf-id: FOBy67bCOV60DN0U2Ze-sgekrsQZ73PQqBpuKRBpauN54AqpuADMJw==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 23 KB
23 KB 49ms
45ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F12%2Fthreat-research-blog-hero.jpeg&size=1&version=1674146217&sig=81a1f74036223d1c6cf10cda4f2f5dcb&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: c31420493d6eb30dc84e63c79a997a5caeafdde0574b0a342c415bfd627b2d1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 16:37:32 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Thu, 19 Jan 2023 16:37:22 GMT
age: 7505958
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="threat-research-blog-hero.webp"
alt-svc: h3=":443"; ma=86400
content-length: 23680
x-amz-cf-id: h34gYTtmHAN72NtVwe6vAlsXSlZ7mwRAg75F2MTapEGI92HESRoKGg==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 59 KB
59 KB 52ms
48ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F12%2Fthreat-research-hero.jpeg&size=1&version=1674146398&sig=97b392d160d69be4d818b27279e4cb24&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 1aa7996197b13bddd9d45a179b5943219fb646007061d4b9209bdbd8c9aea142

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 19 Jan 2023 16:42:37 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Thu, 19 Jan 2023 16:42:27 GMT
age: 7505653
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="threat-research-hero.webp"
alt-svc: h3=":443"; ma=86400
content-length: 60020
x-amz-cf-id: kzDCQnH7RPuQxmdff522WsgEzM7VOM-vwtuvLr__U3gJu4kGbEtZaw==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 48 KB
49 KB 52ms
48ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F11%2Fthreat-research-hero.jpg&size=1&version=1670613376&sig=d21da66a3eb1d4874189b403079aaebd&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 7b7012dcb12ee2f3b165215c4766a7d393c8ca3e3da7a0621f4de062769ccf60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:48:34 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:48:24 GMT
age: 11036896
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="threat-research-hero.webp"
alt-svc: h3=":443"; ma=86400
content-length: 49376
x-amz-cf-id: ppRVmT_TLtFLxTD4WxOW9NSw5wb4mjCYlEgIcvieYlpb6fPb-w9Vmg==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 39 KB
39 KB 31ms
27ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F10%2FDragon-hero-trb.jpg&size=1&version=1670613376&sig=432f1ffb8d03b829e7fcfa71c6e490c8&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 0ec76d5244f87755e6d0d20e9b9bb3e4a893de6a9de2bb2f3dbdbfa80bcbc7ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:48:34 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:48:24 GMT
age: 11036896
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="Dragon-hero-trb.webp"
alt-svc: h3=":443"; ma=86400
content-length: 39652
x-amz-cf-id: SB_XZ9HS58Y0Of1GNnDAoqB-nWEBWCflwj6lSt7fSX2e1HjZb6_DJg==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 88 KB
89 KB 52ms
49ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F09%2FAdobeStock_191432286.jpeg&size=1&version=1670613376&sig=19cc1a58ebc5938bfbd896c018d4cb98&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 0402955fd97b3d37addd83e8075bcfe5d43af7f042135aebf2efc346d1c51c93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 07:00:26 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Tue, 21 Mar 2023 07:00:16 GMT
age: 2270184
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="AdobeStock_191432286.webp"
alt-svc: h3=":443"; ma=86400
content-length: 90452
x-amz-cf-id: YUKLC9ZcN1S8agivsgKqtMeOJNcmyP_GAgBdxKsUi1THR8rpulo00A==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 33 KB
33 KB 28ms
24ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F08%2Fcontainer.jpeg&size=1&version=1670613376&sig=b36db7d2f31496cfee0550bc4ebe1793&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 1fd56a753d2fc5aa18fc391ad597ad008c5c5a3c1af0c9c55e9294271ce4bc95

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:48:34 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:48:25 GMT
age: 11036895
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="container.webp"
alt-svc: h3=":443"; ma=86400
content-length: 33500
x-amz-cf-id: qX6sIgXkMFntk0KQNB_5JSue-mejMDwCXbRfb0IMSKEoOFv_fagj9Q==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 13 KB
14 KB 31ms
27ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F08%2Fhero-blog.jpeg&size=1&version=1670613376&sig=2af7e65a9a465d506a4f34fb1ae928ba&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 76b378075dc07b1caa45424756cca2440fda08f8276c814effd5c738409fa06d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:48:34 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:48:24 GMT
age: 11036895
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="hero-blog.webp"
alt-svc: h3=":443"; ma=86400
content-length: 13544
x-amz-cf-id: Rw12gYvRafVv8p-9CFmji8sU5uMjt8di6wUbQMnUJrwGDNl_n-rlmw==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 48 KB
49 KB 32ms
28ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F07%2Floader.jpeg&size=1&version=1670613375&sig=465976de8debf0c786a8a48f767fe26c&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 25037e6b7c282bb93eb40d6af413e84acd76dd8a264ccfae5f71d910eb5a1035

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:53:50 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:53:40 GMT
age: 11036580
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="loader.webp"
alt-svc: h3=":443"; ma=86400
content-length: 49656
x-amz-cf-id: i63---Ddp1evjszrxXdVBGxL4hpPIsMLUYqjpBpO3FE1MQQHnaQTpQ==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 12 KB
12 KB 31ms
28ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F06%2Fdrain-pipe.jpeg&size=1&version=1670613376&sig=35e981a68198dea01794a954f97b76b0&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: c4075c29ce6b37940eff3682e883612aabc2b78e8ccfa4b9af84b9a90e4a7470

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:53:50 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:53:40 GMT
age: 11036580
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="drain-pipe.webp"
alt-svc: h3=":443"; ma=86400
content-length: 12466
x-amz-cf-id: f1YSnWoYUqo3Hh6sTdjwyBR7yhFn9ZT2KoAXzc_bI9ktIsGTlbY35A==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 12 KB
13 KB 32ms
29ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F05%2FBlue-1-header-image.png&size=1&version=1670613375&sig=255ce2ad9154b89ab98126090e0d97cb&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: cd2f6642d9c618ac73dedc1b90c09f5d8d2652130b858758afa695b96400597c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:53:50 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:53:40 GMT
age: 11036580
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="Blue-1-header-image.webp"
alt-svc: h3=":443"; ma=86400
content-length: 12768
x-amz-cf-id: qU6jb9cdx0Jkb3itmUhk0Xv7xOwQAnz8Xg24uwz2nXV-l1BRdOxR5A==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 36 KB
36 KB 30ms
27ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F05%2Fneedle-haystack.png&size=1&version=1670613375&sig=40d390bfea367aadb378fef04efdc0e8&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 860b18e91a3582792f23c9b2c9dbd64036c5545777e8bdbb81e6e76d2a926e4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:53:49 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:53:40 GMT
age: 11036580
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="needle-haystack.webp"
alt-svc: h3=":443"; ma=86400
content-length: 36738
x-amz-cf-id: gli93so0K-FNK6upC8ra9HKilbZHm6cqTgCvlrtRlUYGIHYC1xrSGw==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 24 KB
25 KB 52ms
49ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F05%2Fbug-driver-hero.jpg&size=1&version=1670613375&sig=ae6c24e080650ef56ef0af9eb3f80d3a&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: f8798515190cb314410c765a8b22859988890100550865fcea07aaa000cc3608

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:53:50 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:53:40 GMT
age: 11036580
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="bug-driver-hero.webp"
alt-svc: h3=":443"; ma=86400
content-length: 24974
x-amz-cf-id: FLCklyabY8duxlsVrmelj7WzpPr_ZhaUVV6_c8nlxqb8Mhv45i1o3A==

GET
H3 200 mediaproxy
content.cdntwrk.com/ 33 KB
33 KB 32ms
29ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2022%2F03%2FConti-Group-Leak.png&size=1&version=1670613376&sig=1b3adc1aaf28b85f9b637ec85ea97415&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 7017acd2219db2073793fed0fe5cc1c96ae4f1883e9abebf4e0cfaf73474843c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 19:53:50 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 19:53:40 GMT
age: 11036580
x-amz-cf-pop: FRA56-P2
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=1234567890
content-disposition: inline; filename="Conti-Group-Leak.webp"
alt-svc: h3=":443"; ma=86400
content-length: 33882
x-amz-cf-id: JLodD3g4HWNLI2MaYQuR9LinKZuX73Ly2blnNfulzkYtVyZwpCEP6g==

GET
H2 200 email-decode.min.js Show response
www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
792 B 23ms
23ms Script
application/javascript 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Thu, 06 Apr 2023 15:48:48 GMT
server: cloudflare
content-encoding: gzip
etag: W/"642ee9e0-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7b8cd1ccfd43914a-FRA
expires: Tue, 18 Apr 2023 13:36:50 GMT

GET
H2 200 hubs_app.c2e7f618985911ea7708.js Show response
content.cdntwrk.com/js/hubs/ 1 MB
311 KB 25ms
23ms Script
application/javascript 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/js/hubs/hubs_app.c2e7f618985911ea7708.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 83c24cdc38d0e64c40ade6b6fe8aa3d935b7bb9daa553242aeb78b0a9a187fc0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 03:43:04 GMT
content-encoding: gzip
via: 1.1 22993faf725ff29c940e58cb14ddf668.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 487138
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 22 Mar 2023 18:16:58 GMT
server: AmazonS3
etag: W/"b734f33df5c46905bf341179a26a7ad3"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
x-amz-cf-id: ER_0zm_zbJx7uzW0DiuqXXilGNqP7X482EK-36Vpw3V8q5nknjzxyw==

GET
H2 200 en.bundle.js Show response
cihost.uberflip.com/cyberArk/master/build/en/ 298 KB
70 KB 26ms
26ms Script
text/javascript 2600:9000:20eb:a000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.bundle.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea15ed59b6d8057751d02fe2b62dd358659dee4a5af26ae82b59291ed5a626f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 06:44:24 GMT
content-encoding: gzip
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
last-modified: Thu, 30 Mar 2023 14:54:09 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1680188044/ctime:1680188044/gid:123/gname:docker/md5:da02abf92977ff51c5c4aa0ade8fe6fc/mode:33188/mtime:1680188044/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 25862
x-amz-server-side-encryption: AES256
etag: W/"da02abf92977ff51c5c4aa0ade8fe6fc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: 6Z3d3omp-nas8PJhxTc6UcZ9y0cNcPj80TFHLX3I5AuYzk-UWctljw==

GET
H3 200 sha256.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/ 9 KB
4 KB 54ms
29ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/sha256.min.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 13466342
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2977
last-modified: Mon, 04 May 2020 16:11:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec6-2339"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXZJKqpJs1tctF883dmijzO774WSlqRqUezK301ADr4aiUOYl%2BBYQC4F%2B0KqPpy6wmV07k2YeR8gxv3FYngnlGNISGDT9BnyK4ikMApbsmOOeiT9VkKUU0TM9hB%2F%2Bk6QD5u9kkNuiuD46WGnZreYkoRx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7b8cd1ce2c0fbb47-FRA
expires: Fri, 05 Apr 2024 13:36:50 GMT

GET
H2 200 External.svg
cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/images/ 2 KB
1 KB 24ms
21ms Image
image/svg+xml 2600:9000:20eb:a000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/images/External.svg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 49bdaf43b043fdd5e79f321a889502b341e83fb3d71caa9ec286369bcb205373

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 07:42:55 GMT
content-encoding: gzip
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
last-modified: Fri, 29 Jan 2021 17:35:02 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1611941654/ctime:1611941654/gid:117/gname:docker/md5:cd7c2cec63b67d7f1108cb091b478569/mode:33188/mtime:1611941654/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 22043
etag: W/"cd7c2cec63b67d7f1108cb091b478569"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-id: jutbJKCp_yr5Y3oq94WyUnp4XBYaSVCFLwKwhoT6IctVbsrI691TYA==

GET
H2 200 External-darkblue.svg
cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/images/ 952 B
1 KB 25ms
21ms Image
image/svg+xml 2600:9000:20eb:a000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/images/External-darkblue.svg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1f150486021d4182821249f13273a7a87862756e2b021e3d19121aaae6a2e09d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 07:42:55 GMT
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
last-modified: Fri, 29 Jan 2021 20:02:50 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1611950517/ctime:1611950517/gid:117/gname:docker/md5:98bf2668c3bae975ce6b211e1acc322f/mode:33188/mtime:1611950517/uid:1001/uname:runner
x-amz-cf-pop: FRA2-C1
age: 21260
etag: "98bf2668c3bae975ce6b211e1acc322f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 952
x-amz-cf-id: RR6TAvlioJvs04vobrDBwhUwlicaH2qwVaz3LhcY5hEyQNjYW4YBcA==

GET
H2 200 cyberark-logo-dark.svg
www.cyberark.com/wp-content/uploads/2021/01/ 4 KB
2 KB 69ms
66ms Image
image/svg+xml 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2021/01/cyberark-logo-dark.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67e2f25233ffe02ea0a70301e7440e6371d8943ca3f759b1d128b590e7e9419b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 25 Jun 2021 13:14:28 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 24440247
etag: W/"60d5d6b4-f6a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7b8cd1ce3f2f914a-FRA
expires: Mon, 15 Apr 2024 13:36:50 GMT

GET
H2 200 css
fonts.googleapis.com/ 14 KB
887 B 31ms
30ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap

Requested by

Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b9254bbd972e39fae9a8131f960de877fac0f3df0d989a8d116aad66072dce1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 13:22:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 16 Apr 2023 13:36:50 GMT

GET
H2 200 css2
fonts.googleapis.com/ 667 KB
178 KB 70ms
68ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@100;300;400;500;700;900&display=swap

Requested by

Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

11ae2b723975e982ee010ad2af2b599a771cd4abed6075d102d1968dbc6a2317

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 16 Apr 2023 13:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 13:36:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 16 Apr 2023 13:36:50 GMT

GET
H2 200 ajax_ping Show response
www.cyberark.com/resources/hubsFront/ 49 B
321 B 181ms
181ms XHR
application/json 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_ping

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.c2e7f618985911ea7708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/;
referrer-policy: unsafe-url
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-frame-options: DENY
content-type: application/json
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-language: en
cf-ray: 7b8cd1cef86e914a-FRA
x-xss-protection: 1; mode=block

GET
H2 200 stats_temp_item_609808062x8cf4f2978e93095b029208e1b479d2a3cab40ea3cfbc6fefba8fa6d068a9252d1681652210c7a358b68235b4b15ec5b060d80f6ccf67b23f77256c58a1afdf6a8fe3d03c12
www.cyberark.com/resources/hubsFront/signalMetricsTemp/ 0
162 B 428ms
428ms Image
text/html 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/resources/hubsFront/signalMetricsTemp/stats_temp_item_609808062x8cf4f2978e93095b029208e1b479d2a3cab40ea3cfbc6fefba8fa6d068a9252d1681652210c7a358b68235b4b15ec5b060d80f6ccf67b23f77256c58a1afdf6a8fe3d03c12?t=1681652211036

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/;
referrer-policy: unsafe-url
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-frame-options: DENY
content-type: text/html; charset=UTF-8
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-language: en
cf-ray: 7b8cd1cf18a2914a-FRA
x-xss-protection: 1; mode=block

GET
H2 200 tag.aspx Show response
ml314.com/ 31 KB
11 KB 83ms
24ms Script
application/javascript 34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?163
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:03:26 GMT
content-encoding: br
age: 2005
x-guploader-uploadid: ADPycdsH-tRQCtb8Tkyy5m7mNo0JW9ShpjuDqC5mKjfoYtQXkjpTNqK3ZVeYKDQxu8BHS-QwKd6DWmVedumNQ3alJtlC2g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10526
last-modified: Mon, 10 Apr 2023 17:13:24 GMT
server: UploadServer
etag: W/"b0965f051977c0dd95ffe2c736cac352"
vary: Accept-Encoding
x-goog-generation: 1681146804366265
x-goog-hash: crc32c=wVdAwA==, md5=sJZfBRl3wN2V/+LHNsrDUg==
content-type: application/javascript
cache-id: FRA-fa985ced
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 32213
accept-ranges: none

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 81ms
21ms Script
application/x-javascript 23.38.53.173
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.173 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-38-53-173.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ef2ca5ac3d9cf4d005d7294562694e44b40efd2c194722721a52743c2f43f1a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:51 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Mar 2023 02:09:07 GMT
Server: AkamaiNetStorage
ETag: "fefdb331ffca929fc0e661337b64ed4f:1678241347.158405"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 741

GET
H3 200 sprite-1x.png
content.cdntwrk.com/img/hubs/ 59 KB
59 KB 21ms
21ms Image
image/png 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/sprite-1x.png
Requested by: Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/css/hubs/hubs.c2e7f618985911ea7708.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a249bcffb2d8e92a3bdff919def43b14841803ad93b80ffa864db1090e007594

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://content.cdntwrk.com/css/hubs/hubs.c2e7f618985911ea7708.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 03:51:03 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
age: 207949
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 60511
last-modified: Tue, 04 Apr 2023 17:16:48 GMT
server: AmazonS3
etag: "9e7227669aa01cd19bcc27e802668929"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: hCvKSN4QVN0MP51qR-NYeE1YJbNw4FoAIVWOkLVWhwcbqTtcS4ea6Q==

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 uparrow.png
content.cdntwrk.com/img/hubs/ 194 B
544 B 21ms
20ms Image
image/png 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/uparrow.png
Requested by: Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/css/hubs/hubs.c2e7f618985911ea7708.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1fb7ee27fdfb34869f89aa51d9af1cf86ecc6800ab591ec3ca78f155742200b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://content.cdntwrk.com/css/hubs/hubs.c2e7f618985911ea7708.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 07:13:08 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
age: 507822
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 194
last-modified: Wed, 22 Mar 2023 18:16:56 GMT
server: AmazonS3
etag: "e5bbd7205c8f2ff1cd6c9f777f31da64"
access-control-max-age: 0
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: RW5PcHRGSVCiYwfCC6DHAIswu6oB9WMPhXkefw7qUDZC79SXoGk33g==

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 79ms
19ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 10:31:04 GMT
x-content-type-options: nosniff
age: 443147
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Apr 2024 10:31:04 GMT

GET
H2 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/ 61 KB
61 KB 50ms
50ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62738b62849a46842f34013b8528886f10c8d0e1c9aec47d636e05d631e2f60e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 237303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 62472
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-f408"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQnu1MyyYfxCT2ysb1HyZqzc%2BtsevosDbfhlC7jUhs7HWP469P0Jdssgcc8cIvr5ilkba1bfMZ6wrAJuPCo5R9YOHxytlhByOxFklTg6SSBX6YJnFy9eK%2BtqFK9Bz5kJsTrN8TJOdw6TcMXrdxUwzUBg"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7b8cd1cf48c95ba4-FRA
expires: Fri, 05 Apr 2024 13:36:51 GMT

GET
H2 200 372722_2_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
26 KB 63ms
21ms Font
binary/octet-stream 2600:9000:20eb:a000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_2_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f

Request headers

Referer: https://www.cyberark.com/
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 06:44:27 GMT
via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 24745
x-cache: Hit from cloudfront
content-length: 26033
last-modified: Wed, 27 May 2020 16:17:01 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:83914a011477cb60998949144e2ac5aa/mode:33188/mtime:1590596208/uid:1001/uname:runner
etag: "83914a011477cb60998949144e2ac5aa"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: EbTm-6IuCGa1ybtgBdwxHt5_5ZTJGClngGlklhxbqc5cUzoDSy8DvA==

GET
H2 200 372722_4_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
25 KB 63ms
21ms Font
binary/octet-stream 2600:9000:20eb:a000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_4_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4

Request headers

Referer: https://www.cyberark.com/
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 07:22:09 GMT
via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 23201
x-cache: Hit from cloudfront
content-length: 25237
last-modified: Wed, 27 May 2020 16:17:01 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:da77e86db861301f9320c467d834e649/mode:33188/mtime:1590596208/uid:1001/uname:runner
etag: "da77e86db861301f9320c467d834e649"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: FlqFqbJS7m-RACLcada6ZjAr9cad9AC8-hAEexjDaVcYCVqQ_6FtMA==

GET
H2 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/ 63 KB
63 KB 27ms
27ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5567c5a47f8bbd27707bd2cffdb1679c292a07ccf09a8578e1b9eba7ab481cf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2124510
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 64144
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-fa90"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P814dQ2rGX5OfGcny%2FH6eqC9JowLqMfC9WX3odrLOnOt7OwbxSOT65badX0vOeGybZ6luJzHTR3vuBLn9fR2jK90EgzQWV%2FQiWeSRFGVmM9S%2FGhEoZC0MJoecY0Wix5Z1Dms%2BLxSpx9CO09CAi0CXAzB"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7b8cd1cf48ce5ba4-FRA
expires: Fri, 05 Apr 2024 13:36:51 GMT

GET
H2 200 372722_1_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
26 KB 63ms
22ms Font
binary/octet-stream 2600:9000:20eb:a000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_1_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d4761d421bbf2f059126b9ce4f5e0a9f7bc83b046a58162780a2b9c3ab8c9a56

Request headers

Referer: https://www.cyberark.com/
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 07:22:09 GMT
via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 23201
x-cache: Hit from cloudfront
content-length: 26041
last-modified: Wed, 27 May 2020 16:17:01 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:0601eae673330329b340003d42fc1c36/mode:33188/mtime:1590596208/uid:1001/uname:runner
etag: "0601eae673330329b340003d42fc1c36"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: jzKDYz8W1IElLZuNexvdQOC0Thl8mIZkdLlJjZCACcC6hgeXt48jZQ==

GET
H2 200 fontawesome-webfont.woff2
cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/fonts/ 75 KB
76 KB 63ms
23ms Font
binary/octet-stream 2600:9000:20eb:a000:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberark-migration-tv2/OB-CyberArk_Migration_Tv2/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a000:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 02:27:22 GMT
via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 40170
x-cache: Hit from cloudfront
content-length: 77160
last-modified: Wed, 27 Jan 2021 17:56:57 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1611770160/ctime:1611770160/gid:117/gname:docker/md5:af7ae505a9eed503f8b8e6982036873e/mode:33188/mtime:1611770160/uid:1001/uname:runner
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: o-E1iiwCisQgjerf1rmL0J3s6YKLc8CelV4fUseRe2IKTdCwSZfYOA==

GET
H3 200 aHViPTEwODU0MCZjbWQ9YmFja2dyb3VuZF9pbWFnZSZ2ZXJzaW9uPTE2NjUwODg4ODkmc2lnPTM1ZTA5Y2FhODQ3YmRlYTdhMDE4OGYzZjRjNTE2MjU1
content.cdntwrk.com/files/ 93 KB
93 KB 23ms
23ms Image
image/webp 18.66.97.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9YmFja2dyb3VuZF9pbWFnZSZ2ZXJzaW9uPTE2NjUwODg4ODkmc2lnPTM1ZTA5Y2FhODQ3YmRlYTdhMDE4OGYzZjRjNTE2MjU1
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 18.66.97.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-81.fra56.r.cloudfront.net
Software: /
Resource Hash: 619ddc1d756bc60de4717303471873db6bbc6da6106ad99231472aecdb6c3040

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 18:59:24 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Thu, 18 Feb 2021 22:21:19 GMT
age: 2054246
x-amz-cf-pop: FRA56-P2
etag: "1613686879-be99bf6a6e12dc968d17e108eb199e37"
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=15552000
content-disposition: inline; filename="background_image.webp"
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: yA8aZAiDW8AhE2dKHwJioLhwsj0Y2ySp4fGbM-FQfuYb9ND49XICSQ==

POST
H2 200 ajax_updateMAPUsers Show response
www.cyberark.com/resources/hubsFront/ 126 B
381 B 224ms
223ms XHR
application/json 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_updateMAPUsers

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.c2e7f618985911ea7708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b98e0f76f97857fce1b3fbd8e9ed5775988e85fffd71dcc2422f8d012378ea34

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/;
referrer-policy: unsafe-url
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-frame-options: DENY
content-type: application/json
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-language: en
cf-ray: 7b8cd1cfc9ca914a-FRA
x-xss-protection: 1; mode=block

GET
H2 200 rdp_blocks_new-2048x1123.png
www.cyberark.com/wp-content/uploads/2020/04/ 419 KB
423 KB 42ms
38ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/rdp_blocks_new-2048x1123.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b98b810e882a161a4c72961692c7656a21ea60adfbc170b83542f27634b3c146

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 51634
cf-polished: origFmt=png, origSize=802474
content-disposition: inline; filename="rdp_blocks_new-2048x1123.webp"
content-length: 429462
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Tue, 07 Apr 2020 13:58:05 GMT
server: cloudflare
etag: "5e8c86ed-c3eaa"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1cfd9e6914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 1-what_is_rdp-768x190.png
www.cyberark.com/wp-content/uploads/2020/04/ 61 KB
64 KB 227ms
224ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/1-what_is_rdp-768x190.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

178b4553ba5170d84cc952713a8422e73becc81a7bcef75849f7f8792b13231b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-polished: origFmt=png, origSize=94102
content-disposition: inline; filename="1-what_is_rdp-768x190.webp"
content-length: 62382
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:48:03 GMT
server: cloudflare
etag: "5e8b6b53-16f96"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1cfd9ea914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 2-not_symmetric-768x368.png
www.cyberark.com/wp-content/uploads/2020/04/ 7 KB
10 KB 200ms
197ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/2-not_symmetric-768x368.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

926c6e0971989eae77fc46af238c338422f1b3c78ab6f7be041780f39565762d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-polished: origFmt=png, origSize=14667
content-disposition: inline; filename="2-not_symmetric-768x368.webp"
content-length: 6942
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:49:22 GMT
server: cloudflare
etag: "5e8b6ba2-394b"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1cfd9eb914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 3-protocol_stack-768x239.png
www.cyberark.com/wp-content/uploads/2020/04/ 13 KB
16 KB 206ms
203ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/3-protocol_stack-768x239.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dd51bb8d7542f9ed2ab94992b297a898a0ba2114532b841239592fc0d197cf1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-polished: origFmt=png, origSize=24431
content-disposition: inline; filename="3-protocol_stack-768x239.webp"
content-length: 12862
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:50:33 GMT
server: cloudflare
etag: "5e8b6be9-5f6f"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1cfd9ed914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 4-connection_stages-768x473.png
www.cyberark.com/wp-content/uploads/2020/04/ 25 KB
28 KB 218ms
215ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/4-connection_stages-768x473.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fe769962777eeac6efad950fcfcdf4fabae8acb0288550771e44ca752c7d003

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-polished: origFmt=png, origSize=47308
content-disposition: inline; filename="4-connection_stages-768x473.webp"
content-length: 25128
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:53:40 GMT
server: cloudflare
etag: "5e8b6ca4-b8cc"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1cfd9ee914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 5-connection_initiation-768x170.png
www.cyberark.com/wp-content/uploads/2020/04/ 9 KB
12 KB 206ms
204ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/5-connection_initiation-768x170.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

227424fc43294f94db4ac0b4cab640f6cd03a4c1e1b6439a380a7bf5363f15ac

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-polished: origFmt=png, origSize=17855
content-disposition: inline; filename="5-connection_initiation-768x170.webp"
content-length: 9448
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:55:33 GMT
server: cloudflare
etag: "5e8b6d15-45bf"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1cfd9ef914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H/1.1 200
OK rtp.js Show response
sjrtp6-cdn.marketo.com/rtp-api/v1/ 152 KB
42 KB 287ms
86ms Script
application/x-javascript 2.19.39.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.19.39.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-19-39-121.deploy.static.akamaitechnologies.com

Software

Jetty(9.4.45.v20220203) /

Resource Hash

35d1a46cbc331f5cdd588a8f79c39079ef075ace791115c9c0c48c02d67f0ff0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63113904
Content-Encoding: gzip
Date: Sun, 16 Apr 2023 13:36:51 GMT
Last-Modified: Sat, 15 Apr 2023 06:31:05 GMT
Server: Jetty(9.4.45.v20220203)
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: public, max-age=270
Connection: keep-alive
Content-Length: 42499

GET
H2 200 hotjar-1200039.js Show response
static.hotjar.com/c/ 9 KB
4 KB 178ms
113ms Script
application/javascript 18.66.97.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1200039.js?sv=6

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.37 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-37.fra56.r.cloudfront.net

Software

Resource Hash

08674fcf28788bda144a170cf418d008781c9a20f784b3644b9de73d66513903

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Sun, 16 Apr 2023 13:36:51 GMT
via: 1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/d8a0ecafb17669ce291950363b6ae0dc
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: Z9skWM1gR2pgpF6TCHtSeqhbPnSbjhYMNPntaoz3ubDrXzYWeGp8tQ==

GET
H2 200 notice Show response
consent.trustarc.com/ 13 KB
5 KB 117ms
60ms Script
text/javascript 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

0525227372ed27950e183889955710f42b5ef4e82d28367cae087c51cf9c16aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
cloudfront-viewer-country: DE
content-length: 5012
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: max-age=3600
timing-allow-origin: *
x-amz-cf-id: ePlSKRcFoFuTZrUNLuykwT_XDcvXsWl-3_yhjoFo7UYpv8MqwBDQuA==
expires: Sun, 16 Apr 2023 14:36:51 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 88ms
29ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Mon, 23 Jan 2023 21:56:14 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "03d5db9dfd00a5719bb4c9261e6fa1bb"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7356

GET
H2 200 7-channel_connection-1.png
www.cyberark.com/wp-content/uploads/2020/04/ 10 KB
13 KB 57ms
56ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/7-channel_connection-1.png

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.c2e7f618985911ea7708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08abb7430862bcd0101048333e95994ed3399a79e80744c3b15405a56584953c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 168440
cf-polished: origFmt=png, origSize=37384
content-disposition: inline; filename="7-channel_connection-1.webp"
content-length: 10138
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Tue, 07 Apr 2020 14:09:01 GMT
server: cloudflare
etag: "5e8c897d-9208"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a78914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 16-rdp_bluekeep_bsod.gif
www.cyberark.com/wp-content/uploads/2020/04/ 219 KB
219 KB 49ms
48ms Image
image/gif 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/16-rdp_bluekeep_bsod.gif

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.c2e7f618985911ea7708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

daf035f87991a000267981dab4aed1ed22d73b4ac31eef780c0a2958f74ba665

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168440
cf-polished: status=not_needed
content-length: 223941
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:44:37 GMT
server: cloudflare
etag: "5e8b7895-36ac5"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1d05a7b914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 rdp_blocks_new.png
www.cyberark.com/wp-content/uploads/2020/04/ 3 MB
3 MB 89ms
85ms Image
image/png 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/rdp_blocks_new.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ab58cadcff9594c08b6bd8c00a1a34ab1a40140b08f0270b03b5edc393ca9c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168441
cf-polished: origSize=3478056, status=webp_bigger
content-length: 3472980
cf-bgj: imgq:85,h2pri
last-modified: Tue, 07 Apr 2020 13:57:58 GMT
server: cloudflare
etag: "5e8c86e6-351228"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1d05a80914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 1-what_is_rdp-1024x253.png
www.cyberark.com/wp-content/uploads/2020/04/ 104 KB
108 KB 41ms
37ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/1-what_is_rdp-1024x253.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c9b296524382941636b88d087aceae8dcefe8ee75ef302d35f798c65d18f401

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 51633
cf-polished: origFmt=png, origSize=156116
content-disposition: inline; filename="1-what_is_rdp-1024x253.webp"
content-length: 106544
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:48:03 GMT
server: cloudflare
etag: "5e8b6b53-261d4"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a87914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 2-not_symmetric-1024x491.png
www.cyberark.com/wp-content/uploads/2020/04/ 9 KB
10 KB 56ms
53ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/2-not_symmetric-1024x491.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

379e8bf83d46ce3fd61a9c2e3141b0dbc84d14883438ed1f5fa715c39d61f9d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 670144
cf-polished: origFmt=png, origSize=19762
content-disposition: inline; filename="2-not_symmetric-1024x491.webp"
content-length: 9602
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:49:22 GMT
server: cloudflare
etag: "5e8b6ba2-4d32"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1d05a89914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 3-protocol_stack-1024x318.png
www.cyberark.com/wp-content/uploads/2020/04/ 17 KB
20 KB 51ms
48ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/3-protocol_stack-1024x318.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

532d3b1558f2b46fe97935533a1e7cc976df1ff1f56b00e6d49aa781e2390fce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 168440
cf-polished: origFmt=png, origSize=33176
content-disposition: inline; filename="3-protocol_stack-1024x318.webp"
content-length: 17036
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:50:33 GMT
server: cloudflare
etag: "5e8b6be9-8198"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a8a914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 4-connection_stages-1024x631.png
www.cyberark.com/wp-content/uploads/2020/04/ 35 KB
39 KB 46ms
43ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/4-connection_stages-1024x631.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d2483d50c6a2bee46160e80343eb6c8d1bb5c6ab07e25e18463360d3b8b301d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 168440
cf-polished: origFmt=png, origSize=69063
content-disposition: inline; filename="4-connection_stages-1024x631.webp"
content-length: 36274
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:53:40 GMT
server: cloudflare
etag: "5e8b6ca4-10dc7"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a8b914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 5-connection_initiation-1024x226.png
www.cyberark.com/wp-content/uploads/2020/04/ 12 KB
16 KB 44ms
41ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/5-connection_initiation-1024x226.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f36c78a67f348ce26ec286b07474951bf1941c2190629d00601d856906df7d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 670144
cf-polished: origFmt=png, origSize=24555
content-disposition: inline; filename="5-connection_initiation-1024x226.webp"
content-length: 12700
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 17:55:33 GMT
server: cloudflare
etag: "5e8b6d15-5feb"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a8d914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 6-basic_settings_exchange-1024x226.png
www.cyberark.com/wp-content/uploads/2020/04/ 11 KB
14 KB 53ms
50ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/6-basic_settings_exchange-1024x226.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a9710846e3c8985cddc3752f803e7f5b52966cc963c02162b07f3567103bf3c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 670144
cf-polished: origFmt=png, origSize=21105
content-disposition: inline; filename="6-basic_settings_exchange-1024x226.webp"
content-length: 11012
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:02:54 GMT
server: cloudflare
etag: "5e8b6ece-5271"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a8f914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 8-security_commencement-1024x185.png
www.cyberark.com/wp-content/uploads/2020/04/ 7 KB
10 KB 53ms
50ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/8-security_commencement-1024x185.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3cdc0cddef5a4c5497ed2a62f362aeea1e9f801c49f8dc88b1edb5afcbd3efa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 168440
cf-polished: origFmt=png, origSize=13397
content-disposition: inline; filename="8-security_commencement-1024x185.webp"
content-length: 7050
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:06:08 GMT
server: cloudflare
etag: "5e8b6f90-3455"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a90914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 9-secure_settings_exchange-1024x185.png
www.cyberark.com/wp-content/uploads/2020/04/ 5 KB
6 KB 51ms
49ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/9-secure_settings_exchange-1024x185.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fb0d5d3a6a52dcfc96818baa044e02d86be6793bc86265f2f69d965e2850678

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168440
cf-polished: origFmt=png, origSize=10537
content-disposition: inline; filename="9-secure_settings_exchange-1024x185.webp"
content-length: 5486
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:07:03 GMT
server: cloudflare
etag: "5e8b6fc7-2929"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1d05a92914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 10-licensing-1024x221.png
www.cyberark.com/wp-content/uploads/2020/04/ 5 KB
9 KB 52ms
49ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/10-licensing-1024x221.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7e60c5283bc11f60d34626741d2d3f68d323570232331103b0a93e1e25363d8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 168440
cf-polished: origFmt=png, origSize=11322
content-disposition: inline; filename="10-licensing-1024x221.webp"
content-length: 5548
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:12:43 GMT
server: cloudflare
etag: "5e8b711b-2c3a"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a93914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 11-capabilities_exchange-1024x288.png
www.cyberark.com/wp-content/uploads/2020/04/ 12 KB
15 KB 91ms
88ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/11-capabilities_exchange-1024x288.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33bf20dfaba046936f9c2100c1fceda74cd7aa9c319d011a31588599634ddd58

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 670144
cf-polished: origFmt=png, origSize=23170
content-disposition: inline; filename="11-capabilities_exchange-1024x288.webp"
content-length: 11792
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:29:07 GMT
server: cloudflare
etag: "5e8b74f3-5a82"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a94914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 12-connection_finilization-1024x594.png
www.cyberark.com/wp-content/uploads/2020/04/ 29 KB
32 KB 91ms
89ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/12-connection_finilization-1024x594.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f3600bed9e87d4a2b64c37e71a0a55fd48ed18cb39f500250fc245d0b79566f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 168440
cf-polished: origFmt=png, origSize=59951
content-disposition: inline; filename="12-connection_finilization-1024x594.webp"
content-length: 29454
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:30:11 GMT
server: cloudflare
etag: "5e8b7533-ea2f"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a95914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 12-connection_finilization-1-1024x594.png
www.cyberark.com/wp-content/uploads/2020/04/ 29 KB
29 KB 85ms
83ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/12-connection_finilization-1-1024x594.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f3600bed9e87d4a2b64c37e71a0a55fd48ed18cb39f500250fc245d0b79566f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 670144
cf-polished: origFmt=png, origSize=59951
content-disposition: inline; filename="12-connection_finilization-1-1024x594.webp"
content-length: 29454
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:32:06 GMT
server: cloudflare
etag: "5e8b75a6-ea2f"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1d05a97914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 14-channels_structure-1024x922.png
www.cyberark.com/wp-content/uploads/2020/04/ 19 KB
19 KB 44ms
42ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/14-channels_structure-1024x922.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

387886be70bfc9d040c0021abf3c70296b681fb2a8ee764d6576cfbd09023913

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168440
cf-polished: origFmt=png, origSize=44268
content-disposition: inline; filename="14-channels_structure-1024x922.webp"
content-length: 19486
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:35:35 GMT
server: cloudflare
etag: "5e8b7677-acec"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1d05a98914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 15-double_pointer-1024x838.png
www.cyberark.com/wp-content/uploads/2020/04/ 19 KB
19 KB 87ms
85ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/15-double_pointer-1024x838.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa8f7142a58970cc3f64a4070c0e0a93678e73c4f872ebaf57a3f3a3bc2ea1d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 670144
cf-polished: origFmt=png, origSize=45989
content-disposition: inline; filename="15-double_pointer-1024x838.webp"
content-length: 19580
cf-bgj: imgq:85,h2pri
last-modified: Mon, 06 Apr 2020 18:41:26 GMT
server: cloudflare
etag: "5e8b77d6-b3a5"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7b8cd1d05a9a914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 17-dejablue-1-1024x922.png
www.cyberark.com/wp-content/uploads/2020/04/ 24 KB
28 KB 55ms
53ms Image
image/webp 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/17-dejablue-1-1024x922.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e5cad07ff6bd575c9db436ac6a16d1cbba8711cab6b73f25e96fe3b33ef3528

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net .everesttech.net everesttech.net .demdex.net demdex.net .adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net .typekit.net typekit.net .akamaihd.net akamaihd.net s3.amazonaws.com .amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com .adnxs.com adnxs.com .baidu.com baidu.com .btttag.com btttag.com .bluekai.com bluekai.com .bootstrapcdn.com bootstrapcdn.com .cdntwrk.com cdntwrk.com .choozle.com choozle.com .cloudflare.com cloudflare.com .cloudfront.net cloudfront.net .cyberark.com cyberark.com g.doubleclick.net .doubleclick.net doubleclick.net fls.doubleclick.net .driftt.com driftt.com .ensighten.com ensighten.com .facebook.com .facebook.net facebook.com facebook.net .fontawesome.com fontawesome.com .google.ae .google.al .google.am .google.at .google.az .google.ba .google.be .google.bg .google.bj .google.bs .google.by .google.ca .google.cd .google.ch .google.ci .google.cl .google.cm .google.cn .google.com .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.ge .google.gr .google.hn .google.hr .google.hu .google.ie .google.im .google.iq .google.is .google.it .google.je .google.jo .google.kz .google.lk .google.lt .google.lu .google.lv .google.mg .google.mk .google.ml .google.mn .google.mu .google.nl .google.no .google.pl .google.pt .google.ro .google.rs .google.ru .google.sc .google.se .google.sk .google.sn .google.sr .google.tg .google.tn .google.tt .gstatic.com .translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com .googleapis.com googleapis.com .cloudfunctions.net cloudfunctions.net .googletagmanager.com googletagmanager.com .google-analytics.com google-analytics.com .herokuapp.com herokuapp.com .hotjar.com .hotjar.io hotjar.com hotjar.io .jquery.com jquery.com .jsdelivr.net jsdelivr.net .linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io .licdn.com licdn.com .marketo.com .marketo.net .mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com .microsoft.com microsoft.com .moz.com moz.com .myfonts.net myfonts.net .newrelic.com .nr-data.net newrelic.com nr-data.net .openx.net openx.net .rlcdn.com rlcdn.com .reddit.com .redditstatic.com reddit.com redditstatic.com .rubiconproject.com rubiconproject.com .krxd.net krxd.net .stackadapt.com srv.stackadapt.com stackadapt.com .adsrvr.org adsrvr.org .trustarc.com trustarc.com .twitter.com twitter.com .6sc.co .litix.io 6sc.co litix.io .unpkg.com unpkg.com .wistia.com wistia.com .wpengine.com wpengine.com analytics.yahoo.com .googleadservices.com .duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com data: blob:; upgrade-insecure-requests;
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 51633
cf-polished: origFmt=png, origSize=52691
content-disposition: inline; filename="17-dejablue-1-1024x922.webp"
content-length: 25032
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Tue, 07 Apr 2020 13:49:46 GMT
server: cloudflare
etag: "5e8c84fa-cdd3"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()
accept-ranges: bytes
cf-ray: 7b8cd1d05a9c914a-FRA
expires: Mon, 15 Apr 2024 13:36:51 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 92ms
29ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 16 Apr 2023 12:35:42 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 3669
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Sun, 16 Apr 2023 14:35:42 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 367 B
1 KB 437ms
47ms XHR
application/json 52.51.141.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=9AB97041603F3EDB0A495C66%40AdobeOrg&d_nsid=0&ts=1681652211313

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.51.141.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-51-141-47.eu-west-1.compute.amazonaws.com

Software

Resource Hash

50d2cdea15cc99d234529e8ff76abae445f8a3b2f510b8254a5daa96d018f40f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v047-05d8bf7f2.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: UukHh4sdQ70=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.cyberark.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 309
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 33 KB
12 KB 44ms
44ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12163
expires: Sun, 16 Apr 2023 14:36:51 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 3 KB
2 KB 48ms
48ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

unused62: 8096267
date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Sun, 16 Apr 2023 14:36:51 GMT

GET
H2 200 RC215bf8f3db2048f5a863a53bd773832d-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/add392480f56/ 429 B
543 B 49ms
49ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/add392480f56/RC215bf8f3db2048f5a863a53bd773832d-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 4c1ba239941c5018015ceb57916a5983ea6505b50216aefb817ccfb94654a339

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
last-modified: Mon, 29 Aug 2022 19:24:07 GMT
server: AkamaiNetStorage
etag: "8a5863b81d71a91e12f88208e32a9978:1661801047.772377"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 277
expires: Sun, 16 Apr 2023 14:36:51 GMT

GET
H2 200 utsync.ashx Show response
ml314.com/ 62 B
309 B 63ms
62ms Script
application/javascript 34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=52079&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&pv=1681652211353_51qd242su&bl=en-us&cb=193770&return=&ht=&d=&dc=&si=1681652211353_51qd242su&cid=production%7C%7C108540%7C%7C6824673%7C%7C609808062&s=1600x1200&rp=&v=2.5.3.49
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?163
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:50 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/javascript; charset=utf-8
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62
expires: 0

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 20 B
482 B 558ms
177ms Script
application/javascript 54.236.171.84
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=1632023&v=2.5.3.49
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?163
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.171.84 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-171-84.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:51 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public
Connection: keep-alive
Content-Length: 138
Expires: Mon, 17 Apr 2023 13:36:51 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 113 KB
44 KB 46ms
45ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9920016

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2988864102eccf40fa52c3212935133555dcde4d59cde626f794694afdeecabf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44783
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 16 Apr 2023 13:36:51 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 32ms
32ms Script
application/x-javascript 23.38.53.173
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.173 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-38-53-173.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:51 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4677
Expires: Tue, 25 Jul 2023 13:36:51 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
157 B 181ms
118ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1681652211417&id=t2_o2i62ves&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=8efc5045-60d0-4370-a002-5ffc3b0e110b&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_65e23bc4
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 v1.7-242 Show response
consent.trustarc.com/asset/notice.js/v/ 78 KB
24 KB 81ms
26ms Script
text/javascript 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-242

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

71e6f7e8ad6d244adec69de1d48517ebdebb92a11f9d72652033641a8002d5f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Origin: https://www.cyberark.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 12:53:48 GMT
content-encoding: gzip
via: 1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 2583
x-cache: Hit from cloudfront
pragma: public
last-modified: Wed, 5 Apr 2023 06:32:21 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: Vo0YP2DKU1GpsI0BDIVE3UzbC-kjYfmHPr61qEk7oFdSMKtaECYOvw==
expires: Tue, 16 May 2023 12:53:48 GMT

GET
H2 200 get Show response
consent.trustarc.com/ Frame FF82 7 KB
2 KB 274ms
274ms Document
text/html 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=crossdomain.html&domain=cyberark.com

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 925
cache-control: max-age=2592000
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sun, 16 Apr 2023 13:21:26 GMT
expires: Tue, 16 May 2023 13:21:26 GMT
pragma: public
strict-transport-security: max-age=31536000; includeSubDomains
timing-allow-origin: *
vary: Origin
via: 1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
x-amz-cf-id: UHI7rI0OugZwpKVNZfm5yOxkhIX-yu2uPlePHQTdZtW311RVhdfbQA==
x-amz-cf-pop: FRA2-C2
x-cache: Hit from cloudfront

GET
H2 200 log
consent.trustarc.com/ 43 B
429 B 60ms
59ms Image
image/gif 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/log?domain=cyberark.com&country=de&state=&behavior=expressed&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW&c=9c13

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:51 GMT
via: 1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: yN9U-FaRX4OizJTFxNxaPTxkFuLs-HKqMV39Nv9sk3YYzygvaNG6oA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
350 B 87ms
29ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-44168172-9&cid=164968571.1681652211&jid=326962141&gjid=307368411&_gid=291664804.1681652211&_u=YGBAgEABAAAAAEAEK~&z=1255031959

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 16 Apr 2023 13:36:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 23ms
22ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1826980072&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&ul=en-us&de=UTF-8&dt=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABAAAAAAAEK~&jid=326962141&gjid=307368411&cid=164968571.1681652211&tid=UA-44168172-9&_gid=291664804.1681652211&gtm=45He34c0n715SFWTH&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&cd7=&z=650001066

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 18:05:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 70299
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RCaadfaa88901e4f0e8cbb8050b0941051-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/add392480f56/ 538 B
594 B 45ms
45ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/add392480f56/RCaadfaa88901e4f0e8cbb8050b0941051-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 727f7329c8911115e5a8991cc12a421ac0d22c761f2f2c737d8e7be425c5ea7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
last-modified: Mon, 29 Aug 2022 19:24:07 GMT
server: AkamaiNetStorage
etag: "8a5863b81d71a91e12f88208e32a9978:1661801047.772377"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 328
expires: Sun, 16 Apr 2023 14:36:51 GMT

GET
H2 200 modules.f0ba8b655d2d90cf7a94.js Show response
script.hotjar.com/ 263 KB
68 KB 95ms
35ms Script
application/javascript 52.222.236.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.f0ba8b655d2d90cf7a94.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1200039.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.74 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-74.fra56.r.cloudfront.net

Software

Resource Hash

662fc4f3f0124740414378b357488f186cca9937e1c2bd16da6a34c903d2d690

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 17:34:10 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 158561
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 68904
last-modified: Fri, 14 Apr 2023 17:34:09 GMT
etag: "1443ed6147bd2b60dbf4236cc16806eb"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: p3GHidb7Tu5QgTBEZHOBxvAeMnehwIknIEUG2BtWlxyJUQUeIPIGfQ==

POST
H/1.1 200
OK visitWebPage
316-czp-275.mktoresp.com/webevents/ 2 B
318 B 858ms
171ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://316-czp-275.mktoresp.com/webevents/visitWebPage?_mchNc=1681652211455&_mchCn=&_mchId=316-CZP-275&_mchTk=_mch-cyberark.com-1681652211454-50369&_mchHo=www.cyberark.com&_mchPo=&_mchRu=%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:52 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 6ca7c2aa-77de-4277-a4db-b46473918846

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 111ms
57ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-44168172-9&cid=164968571.1681652211&jid=326962141&_u=YGBAgEABAAAAAEAEK~&z=283913873

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 109ms
57ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-44168172-9&cid=164968571.1681652211&jid=326962141&_u=YGBAgEABAAAAAEAEK~&z=283913873

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ajax_ping Show response
www.cyberark.com/resources/hubsFront/ 49 B
132 B 183ms
182ms XHR
application/json 104.17.196.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_ping

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.c2e7f618985911ea7708.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.196.105 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-security-policy: frame-ancestors 'self' https://www.cyberark.com/;
referrer-policy: unsafe-url
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-frame-options: DENY
content-type: application/json
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-language: en
cf-ray: 7b8cd1d23d64914a-FRA
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/ 22 KB
4 KB 78ms
23ms Stylesheet
text/css 2.19.39.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.39.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-39-121.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:51 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Nov 2017 08:57:42 GMT
Server: AkamaiNetStorage
ETag: "7f5b0bee9b1f7af8413b351cbceca223:1510045062"
Vary: Accept-Encoding
Access-Control-Max-Age: 86400
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 3752

GET
H/1.1 200
OK trw Show response
sjrtp6.marketo.com/gw1/ 202 B
639 B 861ms
167ms Script
application/x-javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/trw?aid=cyberarksoftware&trwv.uid=cyberarksoftware-1681652211561-cea054cb&trwv.vc=1&trwsa.sid=cyberarksoftware-1681652211562-7e4e4370&trwsb.cpv=1&ctzo=-00:00&uri=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1681652211454-50369&pm=&viewedTypes=&rts=1681652211564

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

a02215e865c2949ab838df058f262ddc8d5361d613eeb881f97be60f1f1dc4bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:52 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 202
Content-Type: application/x-javascript;charset=utf-8

GET
H/1.1 200
OK ga-integration-2.0.4.js Show response
rtp-static.marketo.com/rtp/libs/ 17 KB
6 KB 73ms
22ms Script
application/x-javascript 2.19.39.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.4.js
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.39.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-39-121.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 278cd45917f5fee0e5710b34f2c03a3652544fe5a6ccea56cbbd0bd7324bf5e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:51 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jun 2021 07:56:23 GMT
Server: AkamaiNetStorage
ETag: "cfd84ea6865e772828527b0485a0eb7e:1622706982.648039"
Vary: Accept-Encoding
Access-Control-Max-Age: 86400
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 5540

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1200039/ 147 B
322 B 176ms
58ms XHR
application/json 18.200.69.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1200039/visit-data?sv=6
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.f0ba8b655d2d90cf7a94.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.200.69.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-69-132.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 63c66737828453882371cb2b1c7b36629104ebe929566bb4bd42ca3872fcde9c

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 204 1200039 Show response
vc.hotjar.io/sessions/ 0
257 B 115ms
50ms XHR
text/plain 18.66.112.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/1200039?s=0.25&r=0.05589892361601234
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.f0ba8b655d2d90cf7a94.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-19.fra56.r.cloudfront.net
Software: Python/3.8 aiohttp/3.8.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
via: 1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
server: Python/3.8 aiohttp/3.8.4
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: V2eRN9vlYkR_Q8D-Em_ANInXM72eSsxPpr2u9nR81ZBmelZc2auy5g==

GET
H/1.1 200
OK msg Show response
sjrtp6.marketo.com/gw1/ 0
426 B 755ms
167ms Script
text/javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/msg?a=2&sid=cyberarksoftware-1681652211562-7e4e4370&aid=cyberarksoftware&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1681652211454-50369&viewedTypes=&0.6454699707309424&rts=1681652211671

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:52 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H2 200 / Show response
consent-pref.trustarc.com/ Frame 000A 5 KB
3 KB 109ms
50ms Document
text/html 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-242

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

5d59d71fa30604e26c815b2bcfea777bef1564467e2ff9b1b4dc45ca2ee0f6fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 16 Apr 2023 13:36:51 GMT
etag: W/"5147-1679956504000"
expect-ct: max-age=86400; enforce;
last-modified: Mon, 27 Mar 2023 22:35:04 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-amz-cf-id: kdEQJFqHvyLPu1y17sSSGqkJD7epsaJJmdsqa5cGL7KIp8lc6CXAdA==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H2 200 noticemsg
consent.trustarc.com/ 43 B
429 B 54ms
52ms Image
image/gif 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/noticemsg?action=consent&domain=cyberark.com&behavior=expressed&country=de&language=en&rand=0.018431412898834543&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:51 GMT
via: 1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: H8No3XLg9MiOHTY33i-HyvtC0OWzFSykvxk6caTLbjh8GAAd7kX5WA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK dest5.html Show response
cyberark.demdex.net/ Frame 3519 7 KB
3 KB 196ms
47ms Document
text/html 52.51.141.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cyberark.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.51.141.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-51-141-47.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v047-08859470e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: s6CdM0FlTUM=
content-encoding: gzip
date: Sun, 16 Apr 2023 13:36:51 GMT
last-modified: Wed, 12 Apr 2023 09:58:14 GMT
vary: accept-encoding

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZDv59AAAAK2jCgN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=11655364435885616693795235394914297207
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZDv59AAAAK2jCgN-

42 B
942 B

47ms
47ms

Image
image/gif

52.51.141.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZDv59AAAAK2jCgN-

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

HTTP/1.1

Server

52.51.141.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-51-141-47.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v047-0338f7234.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: e2VqMfPyS20=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZDv59AAAAK2jCgN-
Date: Sun, 16 Apr 2023 13:36:52 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
cyberark.tt.omtrdc.net/rest/v1/ 351 B
848 B 171ms
53ms XHR
application/json 52.49.168.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cyberark.tt.omtrdc.net/rest/v1/delivery?client=cyberark&sessionId=08d9933d5f3145c4b95e062a75a8d5b9&version=2.9.0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.49.168.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-49-168-196.eu-west-1.compute.amazonaws.com

Software

Resource Hash

8d1e4764af37e9d4636f5bdf281c4c9a32974c91b83292294bfd77b2eca63a3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.cyberark.com
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: d52acba101708710f330ee4f70ebf740

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 244ms
89ms XHR
application/json 34.255.111.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.f0ba8b655d2d90cf7a94.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.255.111.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-111-89.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 05281d4232c9c6c542e94f294ee0610c8ea5f6ecd9c4ef605573df970aaabdf4

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 16 Apr 2023 13:36:52 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H2 200 defaultpreferencemanager.nocache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 000A 5 KB
3 KB 48ms
47ms Script
application/javascript 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

9db8ca4fe22c19748cc9c569db7e79c6a40597c596a2a2a4bc9eada5a94dcabf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Mar 2023 22:35:22 GMT
server: nginx
etag: W/"4867-1679956522000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: no-cache
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: S64qJSSY6WHmihqJLIUK_zGV-kUn6nc3dpzyW42UZWtnNjHW1LmOng==
expires: Sun, 16 Apr 2023 13:36:50 GMT

GET
H2 200 get Show response
consent-st.trustarc.com/ Frame 000A 20 KB
5 KB 76ms
19ms Script
text/javascript 13.32.99.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-st.trustarc.com/get?name=combined_static_cm_minified.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-41.fra60.r.cloudfront.net

Software

Resource Hash

f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: public
date: Sat, 18 Mar 2023 01:51:32 GMT
content-encoding: gzip
via: 1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P3
age: 2547919
vary: Origin
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: b9UXAB9EKJX6QIBUk7jRZrG5W3BdgGA_zBQSJ4BkbYdsVWaHVinJcA==
expires: Mon, 17 Apr 2023 01:51:32 GMT

GET
H2 200 loading.gif
consent-pref.trustarc.com/images/ Frame 000A 3 KB
3 KB 21ms
21ms Image
image/gif 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/loading.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 12:47:56 GMT
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 2935
x-cache: Hit from cloudfront
content-length: 2608
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Mar 2023 22:35:04 GMT
server: nginx
etag: W/"2608-1679956504000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/gif
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
accept-ranges: bytes
x-amz-cf-id: bTl0kaPLIWmfHtOnnLnRvkI0be64rQmFqsEaP5qHtoxbl20NWGhjpQ==

GET
H2 200 1EDE22425A763C6EC9079A2C4345C495.cache.html Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 1A31 139 KB
46 KB 26ms
26ms Document
text/html 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

584f7fff91741fa7c77312344120c52db984a9de5a686b2a4ef95d950a4b5eb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1068309
cache-control: max-age=315360000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 04:51:42 GMT
etag: W/"142492-1679956522000"
expect-ct: max-age=86400; enforce;
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 27 Mar 2023 22:35:22 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-amz-cf-id: _b5Nngzk_EzBIqgqY7XaiHdU8NvRuakaK-zApu6mjddDBTq57VmwRA==
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 000A 969 B
1 KB 46ms
46ms XHR
application/json 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

2bfe0bfebc6bf40e5f73c03389ba8285505bc2f45d739d1efd5ca830f940a51d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 1EDE22425A763C6EC9079A2C4345C495
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
content-encoding: gzip
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 468
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: bk1i0KgKKUfCoR5VtiwD29zNZzcKv0Ww_2jUK7ksil3uTHGKMRMMkg==

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 000A 48 B
623 B 48ms
48ms XHR
application/json 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

a0d6a83a27c03fd1e1d7f60c77b690cd4a15718468227bd234cfa61d1135e85a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 1EDE22425A763C6EC9079A2C4345C495
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Sun, 16 Apr 2023 13:36:51 GMT
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 48
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: PrnFBVSUyhK3fPN3sxIkzasRdbquRjTIl83yIsTnH1WQ9r_xGxUPsw==

GET
H2 200 EuPreferenceManager.css
consent-pref.trustarc.com/ Frame 000A 28 KB
7 KB 22ms
21ms Stylesheet
text/css 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/EuPreferenceManager.css

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

11304b88bdf5cd5f42513b9aa8bd3206653770f4f125b852285db812c731cf24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:04:01 GMT
content-encoding: gzip
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 1976
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Mar 2023 22:35:04 GMT
server: nginx
etag: W/"29043-1679956504000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: no-cache
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: h1XBGrseh5qkHH0zT3Spb-tS6YdHiFuUzMjqUgpVmEVEx2f4IZZtrQ==
expires: Sun, 16 Apr 2023 13:03:54 GMT

GET
H2 200 10.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/1EDE22425A763C6EC9079A2C4345C495/ Frame 000A 254 KB
87 KB 23ms
22ms XHR
application/javascript 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/1EDE22425A763C6EC9079A2C4345C495/10.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

1a0befe65702652b841f3faff55904eb25aa7a5c6597624ba6093ef1a665eee9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 04 Apr 2023 04:51:42 GMT
content-encoding: gzip
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 1068309
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Mar 2023 22:35:22 GMT
server: nginx
etag: W/"259970-1679956522000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: ByoXVl4jOHMIjdElobge7TldYTP9QL9QUl_m67UOj9rupfdFXU2WTA==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/1EDE22425A763C6EC9079A2C4345C495/ Frame 000A 19 KB
8 KB 22ms
22ms XHR
application/javascript 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/1EDE22425A763C6EC9079A2C4345C495/1.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

bf8cddf3132a2c30a1c9e114ac9d84ccf7af6d4c2a42393898b7fc43b79d8423

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 04 Apr 2023 04:51:42 GMT
content-encoding: gzip
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 1068310
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Mar 2023 22:35:22 GMT
server: nginx
etag: W/"19832-1679956522000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: 6fTE4wpBW88JwYIwcaM72JvcwVFkv5Ot6_ifGEa4K2MKTot0ypCwnA==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cookie_iframe.html Show response
prefmgr-cookie.truste-svc.net/cookie_js/ Frame F789 5 KB
2 KB 359ms
115ms Document
text/html 54.146.120.141
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.146.120.141 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-146-120-141.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://consent-pref.trustarc.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sun, 16 Apr 2023 13:36:52 GMT
etag: W/"5014-1657163800000"
expect-ct: max-age=31536000
last-modified: Thu, 07 Jul 2022 03:16:40 GMT
permissions-policy: geolocation=(), microphone=(), payment=()
referrer-policy: origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 000A 843 B
956 B 47ms
47ms XHR
application/json 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

9880b1057df4dc2ce1fc004ef4a595c36bb258deb902610a945938196df166e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 1EDE22425A763C6EC9079A2C4345C495
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Sun, 16 Apr 2023 13:36:52 GMT
content-encoding: gzip
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 364
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: nF5CAbz0Gp7jFtZ0xoiOBK5U5CD3JfS4bgNDmY0E7HC2R7Bf0gUdFQ==

POST
H2 200 truste Show response
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 000A 24 KB
6 KB 100ms
99ms XHR
application/json 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/truste

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

3decbe1c69b0f91d975610f54b2615be61a887c20f8ade1049be9743168198aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation: 1EDE22425A763C6EC9079A2C4345C495
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: text/x-gwt-rpc; charset=UTF-8

Response headers

date: Sun, 16 Apr 2023 13:36:52 GMT
content-encoding: gzip
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-disposition: attachment
content-length: 6052
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
server: nginx
expect-ct: max-age=86400; enforce;
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: BmEadU-x5i9XmzP9VUuOw70-jXd1qqps3KrgzVhSpaAsIikaXNncdw==

GET
H2 200 trustarc-logo-small.png
consent-pref.trustarc.com/images/ Frame 000A 4 KB
5 KB 22ms
21ms Image
image/png 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent-pref.trustarc.com/images/trustarc-logo-small.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:03:22 GMT
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 2010
x-cache: Hit from cloudfront
content-length: 4197
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Mar 2023 22:35:04 GMT
server: nginx
etag: W/"4197-1679956504000"
expect-ct: max-age=86400; enforce;
vary: Origin
content-type: image/png
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
accept-ranges: bytes
x-amz-cf-id: piCD2wvbMzCFCAu21KriJFXva1pq1G0Oqfa3B3mkQ6Hvr1Bsm2gH4g==

GET
H/1.1 200
OK msg Show response
sjrtp6.marketo.com/gw1/ 0
426 B 167ms
167ms Script
text/javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:52 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H2 200 RC5266e3ee597a459fbc388f1132b7e943-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/add392480f56/ 521 B
595 B 35ms
35ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/add392480f56/RC5266e3ee597a459fbc388f1132b7e943-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b014e4d5562d444e36750cc30291deded03d12aa2ed6680a65129131577aef4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:52 GMT
content-encoding: gzip
last-modified: Mon, 29 Aug 2022 19:24:07 GMT
server: AkamaiNetStorage
etag: "8a5863b81d71a91e12f88208e32a9978:1661801047.772377"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 329
expires: Sun, 16 Apr 2023 14:36:52 GMT

GET
H/1.1 200
OK jquery-custom-ui.min.js Show response
rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/ 126 KB
35 KB 30ms
30ms Script
application/x-javascript 2.19.39.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/jquery-custom-ui.min.js
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.39.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-39-121.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:52 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Jan 2018 12:54:21 GMT
Server: AkamaiNetStorage
ETag: "5a9f8dd85d85afd20544bd437a505338:1515502461"
Vary: Accept-Encoding
Access-Control-Max-Age: 86400
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 35484

GET
H2 200 ey22i6m9p82y.js Show response
js.driftt.com/include/1681652400000/ 220 KB
62 KB 239ms
156ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1681652400000/ey22i6m9p82y.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

18a9f7f4f194aabf5ba501f648392f1711b1b684c246d887e3dc88c88f134360

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-amz-version-id: pRqqU1J3iE36NvP2y9aOGWgcVO_fSFPr
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Sun, 16 Apr 2023 13:36:52 GMT
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 14 Apr 2023 16:49:18 GMT
server: istio-envoy
etag: W/"ff1c60c355b28504872fdfbbe4caeed5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hXeK8UyuweJD9kAhRwH7BHvkvQfyA_yyKhK1R8Pgsj4cJpkido1Xww==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/ 3 KB
2 KB 110ms
60ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?random=1681652212611&cv=11&fst=1681652212611&bg=ffffff&guid=ON&async=1&gtm=45He34c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&hn=www.googleadservices.com&frm=0&tiba=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)&auid=35689056.1681652211&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a24661354b5da6a831310ea1286dad735369c231fe4f64f0dd745952af41615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1268
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 110ms
34ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=79013
accept-ranges: bytes
content-length: 4777

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 107 KB
28 KB 67ms
23ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0ec06672fe3c64b5f9a2734153c38dc3aac1a84dd0c656447e4f393339608db6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 16 Apr 2023 13:36:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27909
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: c25WnrP87oq0rHhRzAePwoxXrWU7t2inJsbExiJaA6lB7ORfvglxfgtDyrxsTYEyiFucPHaf84HV6cEVbMAgMQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 33 KB
11 KB 115ms
35ms Script
application/javascript 2.16.187.88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-187-88.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 04 Apr 2023 21:13:35 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "642c92ff-8319"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10492
expires: Sun, 16 Apr 2023 13:36:52 GMT

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/choozle/14963/ 28 KB
9 KB 110ms
22ms Script
application/javascript 65.9.66.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-72.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 6151f62c314340a55f5cc5fb650538f2325f9516b69da4e3feb300515fc4072e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 01:01:05 GMT
x-amz-version-id: TyBQf2qSagJta4AIHKpeV6mRRAvIotjd
content-encoding: br
via: 1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 1600548
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 10 Sep 2021 17:02:44 GMT
server: CloudFront
etag: W/"374a48ffc505abf84a47ee66770c76f3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: LV3QE4cggJYNiUpiIytoWNvkJjOD0kCOo9tGe7e1wGPnjU5hDTxB5Q==

GET
H2

200

activityi;dc_pre=CNz4mtbCrv4CFdDLOwIdIOYAxA;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=35689056.1681652211;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-re... Show response
9920016.fls.doubleclick.net/ Frame 4D09
Redirect Chain

https://9920016.fls.doubleclick.net/activityi;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=35689056.1681652211;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-...
https://9920016.fls.doubleclick.net/activityi;dc_pre=CNz4mtbCrv4CFdDLOwIdIOYAxA;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=35689056.1681652211;~oref=https%3A%2F%2Fwww....

475 B
622 B

63ms
62ms

Document
text/html

142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9920016.fls.doubleclick.net/activityi;dc_pre=CNz4mtbCrv4CFdDLOwIdIOYAxA;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=35689056.1681652211;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9920016

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

cf2d229d954110b22e9d4f2587d5b31b785ebd9c0c97ecba9035625f91c49e08

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 283
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 16 Apr 2023 13:36:52 GMT
expires: Sun, 16 Apr 2023 13:36:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 16 Apr 2023 13:36:52 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9920016.fls.doubleclick.net/activityi;dc_pre=CNz4mtbCrv4CFdDLOwIdIOYAxA;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=35689056.1681652211;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 17 KB
6 KB 533ms
135ms Script
text/javascript 34.235.68.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.68.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-68-114.compute-1.amazonaws.com
Software: /
Resource Hash: 686b85a48179611261d73877a7375fa4aaa1708b4b71ab46c904526c4ba7df8f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 16 Apr 2023 13:36:53 GMT
Cache-Control: max-age=5
Content-Encoding: gzip
Connection: keep-alive
Content-Length: 5401
Content-Type: text/javascript

GET
H2 200 RCa5164e12c82447adb2cd80d0c9b8bb38-source.min.js Show response
assets.adobedtm.com/789d877fe9a8/09207f0a9c44/add392480f56/ 504 B
591 B 35ms
34ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/add392480f56/RCa5164e12c82447adb2cd80d0c9b8bb38-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/789d877fe9a8/09207f0a9c44/launch-e8e6adf0fe30.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a35f66e3c735f802aa18c069ed416ba8d2a7acd10e6c03d0d39af2cd1d2ec95a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:52 GMT
content-encoding: gzip
last-modified: Mon, 29 Aug 2022 19:24:07 GMT
server: AkamaiNetStorage
etag: "8a5863b81d71a91e12f88208e32a9978:1661801047.772377"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 325
expires: Sun, 16 Apr 2023 14:36:52 GMT

GET
H/1.1 200
OK visitor Show response
sjrtp6.marketo.com/gw1/rtp/api/v1_1/ 760 B
1 KB 665ms
167ms XHR
application/json 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/rtp/api/v1_1/visitor?sid=cyberarksoftware-1681652211562-7e4e4370&aid=cyberarksoftware&1681652212665

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.4.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

daa26070c8c2e752180ee9cc2572bf4e9760eddfd77681a14c0bfddfee3b385d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma: No-cache
Date: Sun, 16 Apr 2023 13:36:53 GMT
Strict-Transport-Security: max-age=63113904
Last-Modified: Sun Apr 16 08:36:53 CDT 2023
Server: Jetty(9.4.45.v20220203)
Vary: Origin
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: https://www.cyberark.com
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Access-Control-Allow-Credentials: true
Connection: close
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sgm Show response
sjrtp6.marketo.com/gw1/ga/ 742 B
1 KB 670ms
167ms XHR
text/json 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/ga/sgm?sid=cyberarksoftware-1681652211562-7e4e4370&1681652212666

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.4.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

4abc143ac16a6d4e4fd9588528a4f861d0d58fc474ecd0402d5724e97b086fa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:53 GMT
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Content-Type: text/json;charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Length: 742

GET
H2 200 6.cache.js Show response
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/1EDE22425A763C6EC9079A2C4345C495/ Frame 000A 7 KB
4 KB 21ms
21ms XHR
application/javascript 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/1EDE22425A763C6EC9079A2C4345C495/6.cache.js

Requested by

Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/1EDE22425A763C6EC9079A2C4345C495.cache.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

70e7a5f72aaafa5289512d853ea12a4070eca0ca885dc3274d8fae385348ed33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 04 Apr 2023 04:51:56 GMT
content-encoding: gzip
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P4
age: 1068296
x-cache: Hit from cloudfront
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 27 Mar 2023 22:35:22 GMT
server: nginx
etag: W/"7220-1679956522000"
expect-ct: max-age=86400; enforce;
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=315360000
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id: oZbIGAi15S4k3q5nUyG7ImqjaOxPNPxgyg2aavNWBe8Kycx1zXT4dg==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 get
consent.trustarc.com/ Frame 000A 219 KB
114 KB 51ms
51ms Font
font/ttf 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=OpenSans-Bold.ttf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://consent-pref.trustarc.com/
Origin: https://consent-pref.trustarc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: public
date: Sun, 16 Apr 2023 12:55:00 GMT
content-encoding: gzip
via: 1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 2512
x-cache: Hit from cloudfront
content-type: font/ttf
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: QAo9Ve37YtskPbxTMc4tE0-YvbFe49CnNdTDGvmrBAipnn7r5vTvqg==
expires: Tue, 16 May 2023 12:55:00 GMT

GET
H2 200 get
consent.trustarc.com/ Frame 000A 127 KB
76 KB 26ms
26ms Font
font/ttf 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=OpenSans-Light.ttf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

abca0004f2960ea162b161a82240a139fce6012733a76f3859febb9bed38b420

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://consent-pref.trustarc.com/
Origin: https://consent-pref.trustarc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: public
date: Sun, 16 Apr 2023 12:36:58 GMT
content-encoding: gzip
via: 1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 3594
x-cache: Hit from cloudfront
content-type: font/ttf
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: s-8I6NABaxk0MowSIWjgN04ZwG5_crzRvsIQLFknVbyBu_yMTFpaXg==
expires: Tue, 16 May 2023 12:36:58 GMT

GET
H2 200 get
consent.trustarc.com/ Frame 000A 127 KB
77 KB 64ms
64ms Font
font/ttf 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=OpenSans-SemiBold.ttf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

89275a1c66640733265b5be89864b6daefef1cc3f275566dd8fd29bd66601a83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://consent-pref.trustarc.com/
Origin: https://consent-pref.trustarc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: public
date: Sun, 16 Apr 2023 12:36:58 GMT
content-encoding: gzip
via: 1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 3594
x-cache: Hit from cloudfront
content-type: font/ttf
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: 0XjSGc4XAM62JfGZM0j4AGyFgFJqL66VeFr_-WueJR4YJzaM8VXtCw==
expires: Tue, 16 May 2023 12:36:58 GMT

GET
H2 200 get
consent.trustarc.com/ Frame 000A 127 KB
77 KB 26ms
26ms Font
application/octet-stream 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=OpenSans-Regular.ttf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

8bcb1671142844b9c10b5247053d513b9110ad9e3ad7ec0b751d42c977611f83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://consent-pref.trustarc.com/
Origin: https://consent-pref.trustarc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: public
date: Sun, 16 Apr 2023 13:27:04 GMT
content-encoding: gzip
via: 1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 588
x-cache: Hit from cloudfront
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: hCxxR7Ti9lbRMYgTN-_y5-BnGYJLykUc8PZctlZoKpCj3WwAQqkZKg==
expires: Tue, 16 May 2023 13:27:04 GMT

GET
H2 200 get
consent.trustarc.com/ Frame 000A 5 KB
5 KB 23ms
23ms Image
image/png 13.225.78.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/get?name=CyberArk_H4C_logo.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-53.fra2.r.cloudfront.net

Software

Resource Hash

6df07acc4226892a09f5d94cfb28cd6f560b073f5fb5e4060fede31cba893989

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://consent-pref.trustarc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: public
date: Sun, 16 Apr 2023 12:36:58 GMT
content-encoding: gzip
via: 1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA2-C2
age: 3594
vary: Origin
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: jXlN9EudOMHcYoIUIGAZoZi_690hMFSodGscwTdiD0oImYSIInaJ-A==
expires: Tue, 16 May 2023 12:36:58 GMT

GET
H2 200 286320195733404 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 24ms
24ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/286320195733404?v=2.9.101&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b30ab08550f6b662f7284419533bcd2394c237060f7e129d9a0586b81a0aabbc

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 16 Apr 2023 13:36:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110263
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: hiB1lKKM8XcdyN6cRvvFYKWsXZiZATYjk0O0lgJKk9kMZFPRakYgySJXwseCs4Gn8CZ2dnNLmFIhfxbRcpWigw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1071691665/ 42 B
154 B 33ms
32ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1071691665/?random=1681652212611&cv=11&fst=1681650000000&bg=ffffff&guid=ON&async=1&gtm=45He34c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&frm=0&tiba=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)&fmt=3&is_vtc=1&random=3515454868&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1071691665/ 42 B
154 B 35ms
34ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1071691665/?random=1681652212611&cv=11&fst=1681650000000&bg=ffffff&guid=ON&async=1&gtm=45He34c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&frm=0&tiba=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)&fmt=3&is_vtc=1&random=3515454868&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/17906/domain/cyberark.com/ 36 B
375 B 105ms
25ms XHR
application/json 2600:9000:20eb:5400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/17906/domain/cyberark.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:5400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:30:45 GMT
content-encoding: gzip
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 367
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: 6NbU21myP7F-4vmIrKoDgZT2fVYc77QrcG8RKJZg_C9a3yBzr_EgoQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1681652212756&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D17906%26time%3D1681652212756%26url%3Dhttps%253A%252F%252Fwww.cyberark.com%252Fres...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1681652212756&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&li...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1681652212756&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&l...

0
267 B

246ms
171ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1681652212756&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&liSync=true&e_ipv6=AQKuwqXPDT9JRAAAAYeKSGWlu4WNNI-dO6H3TCrdxI9yKpCpsZG5dMQSyeV3ii9yOptEWwWu_Bsu
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:53 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 991FF349951145EEAC9A4DD5C3C53BD9 Ref B: FRAEDGE1213 Ref C: 2023-04-16T13:36:53Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX5dCrRSjthQgdY35MxNg==

Redirect headers

date: Sun, 16 Apr 2023 13:36:52 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 36FF5DF828DB4FB5BDCD16E3BF0F5836 Ref B: FRAEDGE1121 Ref C: 2023-04-16T13:36:53Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&time=1681652212756&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&liSync=true&e_ipv6=AQKuwqXPDT9JRAAAAYeKSGWlu4WNNI-dO6H3TCrdxI9yKpCpsZG5dMQSyeV3ii9yOptEWwWu_Bsu
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX5dCrM5XzUysotre3TuA==

GET
H2 200 cookie_inneriframe.html Show response
consent-pref.trustarc.com/ Frame 953F 2 KB
1 KB 21ms
21ms Document
text/html 52.222.236.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-pref.trustarc.com/cookie_inneriframe.html

Requested by

Host: prefmgr-cookie.truste-svc.net
URL: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.115 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-115.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://prefmgr-cookie.truste-svc.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 450
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 16 Apr 2023 13:29:25 GMT
etag: W/"2008-1679956504000"
expect-ct: max-age=86400; enforce;
last-modified: Mon, 27 Mar 2023 22:35:04 GMT
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Origin
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-amz-cf-id: mCo3j_BabR_ryeeJYcmQhEVedA5lyJljdfScq_xTrSOHnXCGKuhiow==
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1

GET
H2 200 / Show response
c.6sc.co/ 7 B
203 B 107ms
99ms XHR
text/html 2.16.187.88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-187-88.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:52 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.cyberark.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 23 B
316 B 228ms
41ms XHR
text/html 2a02:26f0:6c00::210:bb9b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:bb9b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f7dee2a88356549b15d6145e3170e69825aa94d38e4809fc690142eb69481484

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:52 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.cyberark.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:2:240:3247::8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467125_34651031_680245871_23_834_59_0";dur=1
content-length: 23
expires: Sun, 16 Apr 2023 13:36:52 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
495 B 250ms
241ms Image
image/gif 2.16.187.88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=e002ed9e-1324-45a4-8d53-7e9ea9bd8088&session=bb0d0a77-e87c-4324-893e-cf30d3ab477a&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sun%2C%2016%20Apr%202023%2013%3A36%3A52%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2016%20Apr%202023%2013%3A36%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22059bf2ba2b88e39bb3200769d2e411fc%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2016%20Apr%202023%2013%3A36%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2016%20Apr%202023%2013%3A36%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Table%20of%20Contents%20Introduction%20RDP%20Connection%20Connection%20Sequence%20%7C%20Basic%20Input%20and%20Output%20Channels%20in%20RDP%20%7C%20Data%20Compression%20RDP%20Security%20%7C%20Recent%20RDP%20Vulnerabilities%20Conclusion%20References%20%C2%A0...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&pageViewId=1e5f1282-9333-470f-85d6-33679e306df8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-187-88.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/choozle/14963/ 408 B
715 B 48ms
47ms Script
text/javascript 65.9.66.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/14963/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/choozle/14963/code/&publishedOn=Fri%20Sep%2010%2017:02:39%20GMT%202021&ClientID=923&PageID=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-72.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 76e843994bba14afbf1c558e8503db5aa7fa6ffd8eb7f220c110a82d28756138

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:52 GMT
via: 1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
content-length: 408
x-amz-cf-id: 3xWvWUJ3ZgPqH0Ec0VGDUC4s1wcjQuyd35OA5t-jjNjZR3F42A3n7A==
expires: Sun, 16 Apr 2023 13:36:51 GMT

POST
H2 200 s88260088011759 Show response
cyberark.sc.omtrdc.net/b/ss/cyberarkproduction/1/JS-2.22.4-LCUM/ 43 B
389 B 175ms
33ms XHR
image/gif 15.236.117.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cyberark.sc.omtrdc.net/b/ss/cyberarkproduction/1/JS-2.22.4-LCUM/s88260088011759

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.117.205 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-117-205.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:52 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 Apr 2023 13:36:52 GMT
server: jag
etag: 3611320627238436864-4619376500428865850
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.cyberark.com
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 15 Apr 2023 13:36:52 GMT

GET
H2 200 662433978d45e21970b804bbfa51742f.js Show response
nexus.ensighten.com/choozle/14963/code/ 1 KB
1 KB 23ms
23ms Script
application/javascript 65.9.66.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/14963/code/662433978d45e21970b804bbfa51742f.js?conditionId0=4910939&conditionId1=4910940
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-72.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: e2007f491cf8805ceb2604c0b9aeb1adc383791b679f523665fb75a8aad1ea1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 10:29:19 GMT
x-amz-version-id: .HDgNBMtyeldon8XYKIFOVut_y90kYAl
content-encoding: gzip
via: 1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 961654
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 17 Aug 2021 20:02:58 GMT
server: CloudFront
etag: W/"1a30bb178f0ba4caee2d0a69ed0c5627"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 2DdAF-DPxUYcD-3Reqrpi19ludVX4UOwS1xEnvzhqzG0RxHOSzTCvA==

GET
H2 200 7e3bcccbe9be6061a65a6eb142929580.js Show response
nexus.ensighten.com/choozle/14963/code/ 2 KB
853 B 23ms
23ms Script
application/javascript 65.9.66.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/14963/code/7e3bcccbe9be6061a65a6eb142929580.js?conditionId0=421905
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-72.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 9186ad0839410bf3d20f3c5b242b36027562baac85ffb8cba18b50b6e4d7945d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:47:56 GMT
x-amz-version-id: 2qpHT3Mfre2gibxJy2uyesrW3J5FKny0
content-encoding: gzip
via: 1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 2263737
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 17 Aug 2021 20:01:10 GMT
server: CloudFront
etag: W/"45d815f98cb1ba2123f41b1c2cacac1e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: Wiv5UsAcniSeBw5XESj7U6XRa_4_eMOPY-7eNJqTkDuBSxZWC9WIog==

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 111ms
65ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=286320195733404&ev=PageView&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&rl=&if=false&ts=1681652212825&sw=1600&sh=1200&v=2.9.101&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1681652212824.1283533174&it=1681652212737&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 16 Apr 2023 13:36:52 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 dc_pre=CNz4mtbCrv4CFdDLOwIdIOYAxA;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=*;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i...
adservice.google.com/ddm/fls/z/ Frame 4D09 42 B
401 B 156ms
56ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNz4mtbCrv4CFdDLOwIdIOYAxA;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=*;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp

Requested by

Host: 9920016.fls.doubleclick.net
URL: https://9920016.fls.doubleclick.net/activityi;dc_pre=CNz4mtbCrv4CFdDLOwIdIOYAxA;src=9920016;type=websi0;cat=websi0;ord=7565225970327;gtm=45fe34c0;auiddc=35689056.1681652211;~oref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9920016.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 16 Apr 2023 13:36:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 24646
cs.choozle.com/dp/chz/ 35 B
123 B 530ms
115ms Image
image/gif 35.174.21.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.choozle.com/dp/chz/24646?d=www.cyberark.com&cb=6442951368
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.21.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-174-21-180.compute-1.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H2 200 core Show response
js.driftt.com/ Frame 8F78 2 KB
1 KB 125ms
124ms Document
text/html 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1681652400000/ey22i6m9p82y.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7c07468e93987855fdd0310e9df137ea5c67223afd357404a2bfc59127d1ae94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 16 Apr 2023 13:36:53 GMT
etag: W/"331b14704f7ed2d46ff561dfb4aca5e9"
last-modified: Fri, 14 Apr 2023 16:49:09 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-id: WVQTfRLMuyv_IIMgeWYG4fxF3wgSo4L2wneRzQKIkizWItNMJnNV9g==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: vZmVhlvSpQssZs3AcL4nQ7ceofvKzitU
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 36

GET
H2 200 chat Show response
js.driftt.com/core/ Frame E732 2 KB
1 KB 125ms
125ms Document
text/html 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1681652400000/ey22i6m9p82y.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7c07468e93987855fdd0310e9df137ea5c67223afd357404a2bfc59127d1ae94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 16 Apr 2023 13:36:53 GMT
etag: W/"331b14704f7ed2d46ff561dfb4aca5e9"
last-modified: Fri, 14 Apr 2023 16:49:09 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-id: OMCOfRRNHwjfLU4U0guESkFYhvwa_-Ws8oDkLjzgAs2Bl8p9cFUAdg==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: vZmVhlvSpQssZs3AcL4nQ7ceofvKzitU
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 209ms
208ms Image
image/gif 2.16.187.88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=059bf2ba2b88e39bb3200769d2e411fc&svisitor=null&visitor=e002ed9e-1324-45a4-8d53-7e9ea9bd8088&session=bb0d0a77-e87c-4324-893e-cf30d3ab477a&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A2%3A240%3A3247%3A%3A8%22%7D&isIframe=false&m=%7B%22description%22%3A%22Table%20of%20Contents%20Introduction%20RDP%20Connection%20Connection%20Sequence%20%7C%20Basic%20Input%20and%20Output%20Channels%20in%20RDP%20%7C%20Data%20Compression%20RDP%20Security%20%7C%20Recent%20RDP%20Vulnerabilities%20Conclusion%20References%20%C2%A0...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&pageViewId=1e5f1282-9333-470f-85d6-33679e306df8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-187-88.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 runtime~main.9cf07f53.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 6 KB
3 KB 23ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7a036fbf5fa092cecb320befb8e95214b3d89fb1655fefb5431b7142aed3d919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 16:49:08 GMT
x-amz-version-id: MGQKV0z6lUwdx9NfKXUtF0lttcjkFw8A
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 161265
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 14 Apr 2023 12:43:58 GMT
server: istio-envoy
etag: W/"d72116d4ec13209e2527b5ee4008a90e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lwKVcUnjzpyxbQ_h9vAKRmSzRaQyBZ2DtbBgMiebawMECs5j-yiGuw==

GET
H2 200 10.f16292bd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 35 KB
13 KB 28ms
28ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.f16292bd.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

958a03c833d9116f7ab9a5ee503f7b0360b9291b268bfb77128a8f0e19238613

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 21:09:20 GMT
x-amz-version-id: G_6NClC87z4YKUQ5LgwT1mGmKMQH18YO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3860853
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 02 Mar 2023 19:44:19 GMT
server: istio-envoy
etag: W/"cdb5f42b656ab6b237aa50c24c0d8474"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AB6SYqXfhUqxbTn47VcBy8ubv7OzQXgYfsFZKtqYicaSgjOhhbK0Rw==

GET
H2 200 main~493df0b3.02edd878.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 7 KB
3 KB 31ms
31ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.02edd878.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

95245f488fc923a05392ac8ca5985ac00d44b0603ba7b987d103475181268d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 21:09:20 GMT
x-amz-version-id: 87FFf1W3slXBBhSM9uSBEFOJpW9fpOh5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3860853
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 02 Mar 2023 19:44:23 GMT
server: istio-envoy
etag: W/"552f770e8c42c3e418dbe498f587a82e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8Bi2Xr4i8wIAtZE8upjrovCyuevr47H6Z-iQffN-9EZo9S1AdS9bkw==

GET
H2 200 runtime~main.9cf07f53.js Show response
js.driftt.com/core/assets/js/ Frame E732 6 KB
3 KB 28ms
27ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7a036fbf5fa092cecb320befb8e95214b3d89fb1655fefb5431b7142aed3d919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 16:49:08 GMT
x-amz-version-id: MGQKV0z6lUwdx9NfKXUtF0lttcjkFw8A
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 161265
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 14 Apr 2023 12:43:58 GMT
server: istio-envoy
etag: W/"d72116d4ec13209e2527b5ee4008a90e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EKrXVpV4yjmGCGd8hdNbi1sbObfR9RpE0VN4wna5nDilC-DLHBxa1g==

GET
H2 200 10.f16292bd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 35 KB
13 KB 35ms
34ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.f16292bd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

958a03c833d9116f7ab9a5ee503f7b0360b9291b268bfb77128a8f0e19238613

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 21:09:20 GMT
x-amz-version-id: G_6NClC87z4YKUQ5LgwT1mGmKMQH18YO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3860853
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 02 Mar 2023 19:44:19 GMT
server: istio-envoy
etag: W/"cdb5f42b656ab6b237aa50c24c0d8474"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JttKt2xECtS2Vt-t7jst7uSFTq-UNkAWRT6fiziAGlBybv1TYujfqA==

GET
H2 200 main~493df0b3.02edd878.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 7 KB
3 KB 36ms
36ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.02edd878.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

95245f488fc923a05392ac8ca5985ac00d44b0603ba7b987d103475181268d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 21:09:20 GMT
x-amz-version-id: 87FFf1W3slXBBhSM9uSBEFOJpW9fpOh5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3860853
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 02 Mar 2023 19:44:23 GMT
server: istio-envoy
etag: W/"552f770e8c42c3e418dbe498f587a82e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cQCb66OhU68xVeYFTAKoLQHDfdbis_fxr2MkuXoKrxBDE0DjUahigQ==

GET
H/1.1

200
OK

iframe Show response
d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/ Frame F2D9
Redirect Chain

https://insight.adsrvr.org/tags/0v1kpom/u9beit9/iframe
https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe

138 B
667 B

84ms
22ms

Document
text/html

13.225.83.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/14963/code/662433978d45e21970b804bbfa51742f.js?conditionId0=4910939&conditionId1=4910940
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.83.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-83-200.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93e2856e540b7faf4767d1291492324c43994be69562b8d1d9be07de8e2e40e4

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 30153
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 138
Content-Type: text/html
Date: Sun, 16 Apr 2023 05:32:39 GMT
ETag: "d45046dc61fcd53aaf217c2c9496ec77"
Last-Modified: Fri, 01 Oct 2021 23:43:18 GMT
Server: AmazonS3
Via: 1.1 2f194b62c8c43859cbf5af8e53a8d2a6.cloudfront.net (CloudFront)
X-Amz-Cf-Id: em_Trl3H-cykVpvEkBJEUCckv-dF2OZ3QyOi6ltJzyzwRfDGu_sztQ==
X-Amz-Cf-Pop: FRA2-C2
X-Cache: Hit from cloudfront
x-amz-server-side-encryption: AES256

Redirect headers

content-length: 183
content-type: text/html; charset=UTF-8
date: Sun, 16 Apr 2023 13:36:53 GMT
location: https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 52.b1edaf4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 23 KB
8 KB 23ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:53:48 GMT
x-amz-version-id: lxujLHLILbiou2pPIvSbvmgPaqeh.Vzu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1770185
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Fri, 24 Mar 2023 15:27:32 GMT
server: istio-envoy
etag: W/"cd29b9bc973e48a7fcd0ee7153bdf03b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8t_eKc2g9US3Zc3kwgSIjwPYWy7QSwe1mFK05Cg2rXZfLbPU4xA3fQ==

GET
H2 200 36.b49bf23f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 36 KB
10 KB 25ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 05:06:18 GMT
x-amz-version-id: Q4PwFrBFPFv3rKed2hELrYzow2Zuj9ZP
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1499435
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Wed, 29 Mar 2023 16:46:55 GMT
server: istio-envoy
etag: W/"4ae92c53ef226eb2a201fc855ccb7835"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wAeVR4VWNYn7IUT6KOVZ80-TSkNZe1jV1qvAY5BWPELBlM2Vyz8PKQ==

GET
H2 200 25.22647a55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 32 KB
11 KB 27ms
25ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.22647a55.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:42:37 GMT
x-amz-version-id: XA_4ua4Mc1QdvybS1pWZjlgaFWs12iw1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2454856
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Fri, 17 Mar 2023 17:38:17 GMT
server: istio-envoy
etag: W/"2ce6c446f71a395ff41647c9ba4b9c19"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4s1a_WceFOzb_mnKQoIeDjHg_r89vvtnopdMo2abIFZFbajf4xEiQA==

GET
H2 200 20.2ffef383.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 17 KB
6 KB 28ms
24ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 00:35:31 GMT
x-amz-version-id: 6Bytm8AhFrZOtVi540MCYAzaNTefw5KL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2034082
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 35
last-modified: Wed, 22 Mar 2023 19:45:36 GMT
server: istio-envoy
etag: W/"ec6e94b6cea3a27506634867a8009ded"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: x_h0zSaAyXpRt_O1Gf4BTC3cRaPp5fQcc-4INFyEXblRuXnPctjLvA==

GET
H2 200 42.67956b13.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 25 KB
8 KB 29ms
26ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.67956b13.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:48 GMT
x-amz-version-id: iy3lhWfWhugpxaPV1Myr6j1VGgCA5HIt
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1399745
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 54
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"d53cdfd4559700cfe085380882a8e897"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dPw7oHR_ctvcEoWrrbaPYcm92XyT_bRZgK-TKqyY1Wtsjx2pzjD0gQ==

GET
H2 200 21.b3438b1b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 74 KB
23 KB 33ms
30ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b3438b1b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 03 Apr 2023 07:18:02 GMT
x-amz-version-id: UXQvjOaV4cAuEvK3KPgjO_jLHWxz9qS_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1145931
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 108
last-modified: Fri, 31 Mar 2023 03:20:37 GMT
server: istio-envoy
etag: W/"10e1bfa61646f14df045c581bc9410fd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: x-LfaVfFFTggzmtSm5hWCVmw3VNzcaLEVqk5JNtxcv5ao_QaSKnodQ==

GET
H2 200 27.3951aad8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 66 KB
20 KB 42ms
38ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.3951aad8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 19:12:20 GMT
x-amz-version-id: f9z9LEB0ilQvZ8BK9pmChNn2N.eea8wE
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5336672
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Mon, 13 Feb 2023 18:59:38 GMT
server: istio-envoy
etag: W/"5b2b6d0508fe18c3efb6bcd6249fd4e1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gI924wTQs0lb85qM-9fvCuh3xlxxCM0tyhr3edIYPgFTVlBLJFFKcg==

GET
H2 200 15.699b0dc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 91 KB
28 KB 46ms
42ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 13:17:36 GMT
x-amz-version-id: cF.xMpCShLNVO58x3JtnZ0cwl5OG09zq
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1642757
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Mon, 27 Mar 2023 17:53:24 GMT
server: istio-envoy
etag: W/"43d1442a9d30453da9eaeb12b9daafff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uwkcvPv_Crex_GvbqTj_6m0l-1Qlu89BCNPqnjxMz1qQaUxM-rZGbA==

GET
H2 200 12.d33926cb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 23 KB
7 KB 50ms
46ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:36:00 GMT
x-amz-version-id: RO4lA8yEDOZtfT2PvBv0Xiq3xw4.OB.v
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2455253
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 17 Mar 2023 17:38:17 GMT
server: istio-envoy
etag: W/"bdcb035523ec144399213aa65a8430ff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aIoY924KK4AzDJ0fzJ0Ou62FWOVuCwLuvEEdT5-E6ZrJ9N-McVDnVQ==

GET
H2 200 19.8e79a39a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 62 KB
20 KB 53ms
50ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 03:37:47 GMT
x-amz-version-id: aUjwhsxVenkczBcI0zYivT4naL6jgMgC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 986346
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 60
last-modified: Tue, 04 Apr 2023 15:21:34 GMT
server: istio-envoy
etag: W/"c478a5bb4d7885e2b9250c6beeb4fd6d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XCB4pr3V67jLME2OkEhN-HebGD4B6ItF9fUHTajvfizN-BD24nU6Hw==

GET
H2 200 50.de3b5864.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 105 KB
34 KB 61ms
57ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:49:27 GMT
x-amz-version-id: .Jp3H9IwroEnQF4Gakvu11ViwJAtAJzd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2285245
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Mon, 20 Mar 2023 19:06:57 GMT
server: istio-envoy
etag: W/"114785899ceb423273fcc17aaad202e9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: k_wD44W8IT1P3CdZJGTPnAUzqV6kdAKTy9PKs_cOQ2lIj9RMrRMCBw==

GET
H2 200 41.a1867ad4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 12 KB
4 KB 65ms
62ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:49 GMT
x-amz-version-id: JBBoCHQ25QjCrCSsnBK3xXQ0hh61rDKz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1399744
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"299dd262bf32831c99dc78a9c5b5ca43"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TNR7Nf_oHcEYKMGnmmtSrPGZxssg55GtsL6vS1ck8ZtIEIED4iYQyQ==

GET
H2 200 30.57dfb56c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 13 KB
6 KB 66ms
62ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 04:07:33 GMT
x-amz-version-id: 6i.Q9se5wwt8PhzEnxv9nt9k1hldMqUL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 898160
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 35
last-modified: Wed, 05 Apr 2023 19:06:49 GMT
server: istio-envoy
etag: W/"b8addee34a5cd2241740a2e3094039b3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gtW2O8CLpLbnhBuzkcGdbQwbbLaIDCIUA_9Hw3l_TmJC5NVXzDM0bw==

GET
H2 200 22.4cb40074.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 17 KB
7 KB 67ms
64ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.4cb40074.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:13:18 GMT
x-amz-version-id: wITkTXOkJrHiVChAuzkmL_98MXQL9dkp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1772615
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Fri, 24 Mar 2023 15:27:31 GMT
server: istio-envoy
etag: W/"6cf24f8ea74f43662c776ce6af09d469"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oTwyfVexyMC_aA8NJ-Xvn-sVb1ZS2Qjz7jEbV9AIdhs5D3RU3MrpUQ==

GET
H2 200 9.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 8F78 31 KB
4 KB 67ms
64ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 15:40:51 GMT
x-amz-version-id: E3gSdUNTrx7zX2rcnnfGfFSl5si2kag9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2152562
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Wed, 22 Mar 2023 14:57:50 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HYbFy6XpTVL7f2pNk7G1Ozv7J7y_pqW7jJlwnAmD6RWEGy4xfzpzhA==

GET
H2 200 9.c3fb736e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 80 KB
25 KB 71ms
69ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.c3fb736e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

97835f51936631312648ce4198cd92c85beae9e09e3cdaff439c57ffccc5c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 15:53:54 GMT
x-amz-version-id: yjn0Mr9niEwveuUV6Ps9NwvZvY1Il2ab
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1978978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 24 Mar 2023 15:27:33 GMT
server: istio-envoy
etag: W/"b4ca5f0ecc404e3c35769971c076a425"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GRug-BehAeUrwY9Mn3M0vM6eqShIuQTi8QkaL-rEbwDXchLcZH5iQA==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 8F78 24 B
696 B 68ms
65ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 20:13:51 GMT
x-amz-version-id: eR0JFDWwyA3gsnd_XajqmmtDUbC85CBL
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 6888182
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 24
last-modified: Tue, 11 Oct 2022 19:09:27 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eiiZ-evYzP4WLLGIn4LOAbuEQzfVUbcnKsiI6Azk9qMqH_6lKBvXng==

GET
H2 200 17.aeae662a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 91 KB
23 KB 78ms
76ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.aeae662a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

001cb43172d01b04429019194827d865a6105911042c474e8a23796117884446

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 20:49:03 GMT
x-amz-version-id: alYYcUFckpc3hn671LxJDc3smTkPUpbH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 319670
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Wed, 12 Apr 2023 19:35:55 GMT
server: istio-envoy
etag: W/"8700348598ad87a554aff3d28f707229"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uDQGgKJtB4BbNFXNVYOR_FGsZNnkO4rzIZlhln1udkJkYNdbYg1eUw==

GET
H2 200 26.aa50aaf6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 50 KB
14 KB 83ms
81ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.aa50aaf6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

51aee302d871416414735342c8aa67b9d5758e0b5290b38c967846bc0d9135d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 16:49:09 GMT
x-amz-version-id: mtQOPm0DVYXqySchd1RuTJdaFgh6TsiU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 161264
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 14 Apr 2023 12:43:56 GMT
server: istio-envoy
etag: W/"08b8b4e23b64e13067ca8e354fa1b1c7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: b96EXZ-nTboOJazKlTZVDQFRTVOYN279ItSz0RTaP_YNLu8VD28Uxg==

GET
H2 200 18.92d91fbc.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 40 KB
13 KB 86ms
85ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.92d91fbc.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

503bd80ceafcd8a851fc5adb62f619b40e3dfe7ad1fc4823cd3c33d21cf218f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 16:49:08 GMT
x-amz-version-id: ggB2zFuADFHNaUd0DCn84WYxVpmN8hhL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 161265
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 14 Apr 2023 12:43:56 GMT
server: istio-envoy
etag: W/"6fabb0145681076dd032ff51af3bc23e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iOQxXCJuiV9y8qMhy_ZaWEfZJnenwJg6bUhR-OTbNm_oqQrqnCzrHw==

GET
H2 200 52.b1edaf4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 23 KB
8 KB 80ms
77ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:53:48 GMT
x-amz-version-id: lxujLHLILbiou2pPIvSbvmgPaqeh.Vzu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1770185
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Fri, 24 Mar 2023 15:27:32 GMT
server: istio-envoy
etag: W/"cd29b9bc973e48a7fcd0ee7153bdf03b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uuAjLS1agnDhphZTFMT4Dw78tr0EdixUiet9N2Gzb3T2-1T_dH80Ng==

GET
H2 200 36.b49bf23f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 36 KB
10 KB 86ms
83ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 05:06:18 GMT
x-amz-version-id: Q4PwFrBFPFv3rKed2hELrYzow2Zuj9ZP
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1499435
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Wed, 29 Mar 2023 16:46:55 GMT
server: istio-envoy
etag: W/"4ae92c53ef226eb2a201fc855ccb7835"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DlVgQxac1rGsroaMw9ywf3s2yXySBDuDy0O_2LnfYesTYfGncnMmWA==

GET
H2 200 25.22647a55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 32 KB
11 KB 87ms
85ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.22647a55.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:42:37 GMT
x-amz-version-id: XA_4ua4Mc1QdvybS1pWZjlgaFWs12iw1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2454856
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Fri, 17 Mar 2023 17:38:17 GMT
server: istio-envoy
etag: W/"2ce6c446f71a395ff41647c9ba4b9c19"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kDvI0lqUxx5mqV5XvsGKJoHNKZFLrX83CIg-Shtxj4xfgnZLCy3EkQ==

GET
H2 200 20.2ffef383.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 17 KB
6 KB 89ms
86ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 00:35:31 GMT
x-amz-version-id: 6Bytm8AhFrZOtVi540MCYAzaNTefw5KL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2034082
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 35
last-modified: Wed, 22 Mar 2023 19:45:36 GMT
server: istio-envoy
etag: W/"ec6e94b6cea3a27506634867a8009ded"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wFHQytFsYc8azMHzxnGH-nBXBZR5JyyUCexdYStj3HChyKtBEI751w==

GET
H2 200 42.67956b13.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 25 KB
8 KB 90ms
88ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.67956b13.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:48 GMT
x-amz-version-id: iy3lhWfWhugpxaPV1Myr6j1VGgCA5HIt
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1399745
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 54
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"d53cdfd4559700cfe085380882a8e897"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YaLSUtWRL0NK5Ih1mPMWqDSiE5ZNHjet3WFx9Cwp04ddGtQpSfCUTQ==

GET
H2 200 21.b3438b1b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 74 KB
23 KB 95ms
93ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b3438b1b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 03 Apr 2023 07:18:02 GMT
x-amz-version-id: UXQvjOaV4cAuEvK3KPgjO_jLHWxz9qS_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1145931
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 108
last-modified: Fri, 31 Mar 2023 03:20:37 GMT
server: istio-envoy
etag: W/"10e1bfa61646f14df045c581bc9410fd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JEz7887YZRbfFMD4ZafoV3fiFOeBGbPBtIPa-7ApwbbGHW2KNfND-Q==

GET
H2 200 27.3951aad8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 66 KB
20 KB 100ms
98ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.3951aad8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 19:12:20 GMT
x-amz-version-id: f9z9LEB0ilQvZ8BK9pmChNn2N.eea8wE
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5336672
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Mon, 13 Feb 2023 18:59:38 GMT
server: istio-envoy
etag: W/"5b2b6d0508fe18c3efb6bcd6249fd4e1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UQIRBDIJcKyjAsWsY4X3XL63JZKFlD_4BB-PM2jtaNX7yyNIKHv8Tw==

GET
H2 200 15.699b0dc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 91 KB
28 KB 104ms
102ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 13:17:36 GMT
x-amz-version-id: cF.xMpCShLNVO58x3JtnZ0cwl5OG09zq
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1642757
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Mon, 27 Mar 2023 17:53:24 GMT
server: istio-envoy
etag: W/"43d1442a9d30453da9eaeb12b9daafff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IAncCMw-5NtJ3MHfJw4p_fVJRPrtBfnyEnaKR2Ce4sCtdbcQqTAOSg==

GET
H2 200 12.d33926cb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 23 KB
7 KB 108ms
106ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:36:00 GMT
x-amz-version-id: RO4lA8yEDOZtfT2PvBv0Xiq3xw4.OB.v
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2455253
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 17 Mar 2023 17:38:17 GMT
server: istio-envoy
etag: W/"bdcb035523ec144399213aa65a8430ff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: sdo6vX68q9IRP5i-SCAs43RcEJt3UEzXB2P20M-WHRyDCq_fcjmegg==

GET
H2 200 19.8e79a39a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 62 KB
20 KB 112ms
111ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 03:37:47 GMT
x-amz-version-id: aUjwhsxVenkczBcI0zYivT4naL6jgMgC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 986346
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 60
last-modified: Tue, 04 Apr 2023 15:21:34 GMT
server: istio-envoy
etag: W/"c478a5bb4d7885e2b9250c6beeb4fd6d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qVLu0hkuGV2l-rFe6Wgp3V8U9JXnEdKB98YXbcQImFLXwoQyScQmIw==

GET
H2 200 50.de3b5864.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 105 KB
34 KB 117ms
115ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:49:27 GMT
x-amz-version-id: .Jp3H9IwroEnQF4Gakvu11ViwJAtAJzd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2285245
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Mon, 20 Mar 2023 19:06:57 GMT
server: istio-envoy
etag: W/"114785899ceb423273fcc17aaad202e9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VTTejgevAWJht96jxVauorWd0_6mtYbfK0JiforVD8VKJG0OxERQUQ==

GET
H2 200 41.a1867ad4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 12 KB
4 KB 121ms
119ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:49 GMT
x-amz-version-id: JBBoCHQ25QjCrCSsnBK3xXQ0hh61rDKz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1399744
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"299dd262bf32831c99dc78a9c5b5ca43"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TcmmABN3IXv7d1l8AjZhq6MwMRd9RLh825-_pCdUmdDv2NLeSGPc_g==

GET
H2 200 30.57dfb56c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 13 KB
6 KB 122ms
121ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 04:07:33 GMT
x-amz-version-id: 6i.Q9se5wwt8PhzEnxv9nt9k1hldMqUL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 898160
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 35
last-modified: Wed, 05 Apr 2023 19:06:49 GMT
server: istio-envoy
etag: W/"b8addee34a5cd2241740a2e3094039b3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nAlXN1rkhsrAqv36k5NHDiTQ2COedObW_CW3c0h8otU8hQUxlWWr7g==

GET
H2 200 22.4cb40074.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 17 KB
7 KB 124ms
122ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.4cb40074.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:13:18 GMT
x-amz-version-id: wITkTXOkJrHiVChAuzkmL_98MXQL9dkp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1772615
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Fri, 24 Mar 2023 15:27:31 GMT
server: istio-envoy
etag: W/"6cf24f8ea74f43662c776ce6af09d469"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: t9WFLQDmfHosz8Q5kAvK19SNRBWfxydC3bHfNrVZQGemUIeXnm5PRw==

GET
H2 200 9.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame E732 31 KB
4 KB 82ms
80ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 15:40:51 GMT
x-amz-version-id: E3gSdUNTrx7zX2rcnnfGfFSl5si2kag9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2152562
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Wed, 22 Mar 2023 14:57:50 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: I7sgV3w277uCxWn5ZKG_uGrbON6PTqXgymLczf3tedaiVgH1FfrImg==

GET
H2 200 9.c3fb736e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 80 KB
25 KB 126ms
125ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.c3fb736e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

97835f51936631312648ce4198cd92c85beae9e09e3cdaff439c57ffccc5c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 15:53:54 GMT
x-amz-version-id: yjn0Mr9niEwveuUV6Ps9NwvZvY1Il2ab
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1978978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 24 Mar 2023 15:27:33 GMT
server: istio-envoy
etag: W/"b4ca5f0ecc404e3c35769971c076a425"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZU8xLU8eD1YEcXM39BFPYdo7kkStygF2Fo3I5jnNv4Tc3JIrXVPEhg==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame E732 24 B
695 B 82ms
81ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 20:13:51 GMT
x-amz-version-id: eR0JFDWwyA3gsnd_XajqmmtDUbC85CBL
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 6888182
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 24
last-modified: Tue, 11 Oct 2022 19:09:27 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 04mUgSC8MF9eybHwsfgRa67egepJptOJniwIrNAvhs2yVX-vHgxbqg==

GET
H2 200 17.aeae662a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 91 KB
23 KB 132ms
131ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.aeae662a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

001cb43172d01b04429019194827d865a6105911042c474e8a23796117884446

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 20:49:03 GMT
x-amz-version-id: alYYcUFckpc3hn671LxJDc3smTkPUpbH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 319670
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Wed, 12 Apr 2023 19:35:55 GMT
server: istio-envoy
etag: W/"8700348598ad87a554aff3d28f707229"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9S7cfggj9Qb-XEo0fHqUVJpdWTt4GEvZ1VkacQONF7TTOKiRXci-Bg==

GET
H2 200 26.aa50aaf6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 50 KB
14 KB 136ms
135ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.aa50aaf6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

51aee302d871416414735342c8aa67b9d5758e0b5290b38c967846bc0d9135d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 16:49:09 GMT
x-amz-version-id: mtQOPm0DVYXqySchd1RuTJdaFgh6TsiU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 161264
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 14 Apr 2023 12:43:56 GMT
server: istio-envoy
etag: W/"08b8b4e23b64e13067ca8e354fa1b1c7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wD_FgRQyAFYpJDEHPKuQljJLLKx44Sn62GjiEjiaMfRj9KwGfJ3Bkg==

GET
H2 200 18.92d91fbc.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 40 KB
13 KB 139ms
138ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.92d91fbc.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

503bd80ceafcd8a851fc5adb62f619b40e3dfe7ad1fc4823cd3c33d21cf218f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 16:49:08 GMT
x-amz-version-id: ggB2zFuADFHNaUd0DCn84WYxVpmN8hhL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 161265
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 14 Apr 2023 12:43:56 GMT
server: istio-envoy
etag: W/"6fabb0145681076dd032ff51af3bc23e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GcAuWKGxzXwLICa_NmEGpmyTQCU7GQCSzVocaC9bR8hrre7WISEbkQ==

GET
H/1.1 200
OK sa.css
tags.srv.stackadapt.com/ 65 B
292 B 117ms
115ms Stylesheet
text/css 34.235.68.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.68.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-68-114.compute-1.amazonaws.com
Software: /
Resource Hash: 2712f872a8662d4be24e5714ae1ef301eb55eec7937a5fe8510ccc30c778d0e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 16 Apr 2023 13:36:53 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 65
Content-Type: text/css

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 0
881 B 462ms
117ms Fetch
image/jpeg 34.235.68.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.68.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-68-114.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 16 Apr 2023 13:36:53 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 9 KB
3 KB 23ms
21ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 25 Mar 2023 07:22:55 GMT
x-amz-version-id: FbY0009UR6SM8SEWGeJjbUjChZiwlwq2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1923238
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Fri, 24 Mar 2023 15:27:29 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7qQi7vQabOduJ9NpUGnGSnRKSFSEXl4HGYP9ETNcqT1AiWE24xG42g==

GET
H2 200 28.01a0fe87.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 35 KB
10 KB 25ms
23ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.01a0fe87.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fffcc021124d70080ddd0c52562645c46e03ff39c924ced85c1bfd62cb8b8767

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 00:35:32 GMT
x-amz-version-id: 0rY7ZMxMJr4q1CTa8XKaYut.OrNqYUku
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2034081
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Wed, 22 Mar 2023 19:45:37 GMT
server: istio-envoy
etag: W/"0ad089f0617a0fa8014a23c2afa90ddd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _oeeeQnpNgRcEBIWWD2kGw-d69d-J0OjNyOo3A7dDcnnNPFLKY3mzQ==

GET
H2 200 29.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame 8F78 8 KB
2 KB 23ms
21ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/29.9bf46b67.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:13:18 GMT
x-amz-version-id: popM32jgPZoTCgNMNJLFyK6uoaTcanKd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1772615
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 60
last-modified: Fri, 24 Mar 2023 15:27:28 GMT
server: istio-envoy
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -7TbPtHN8MGdNa9yzmX5-tqf3kpuLttMf2mKRWKQChvU-QZV2-HfvA==

GET
H2 200 29.98c2b316.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 14 KB
6 KB 26ms
24ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.98c2b316.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c6b2815294e64eb3d9e30955673ae3b60a486ae5b7dfcc7e48c0e2a4fe7301de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 18:08:56 GMT
x-amz-version-id: aizM0H1Fdw3zzppb3P2Ok7x7JUMOS1IQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1711677
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Mon, 27 Mar 2023 17:53:25 GMT
server: istio-envoy
etag: W/"6526b5009cc642f706e7156982e7429b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ncFG7A4VXz6NT96uH7gvK_6nfQmq-a4yiW7AJnff9PDP3Tu22TBdug==

GET
H2 200 23.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 8F78 365 B
1 KB 22ms
22ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/23.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:22:59 GMT
x-amz-version-id: .JKRl3M6v7IUb5gryZ10Srrtp7jvamtG
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 1772034
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
content-length: 365
last-modified: Fri, 24 Mar 2023 15:27:28 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lso1OeGGGJLkIlZ_oGOjtHZWcaHJdss-ofnyVYAy_P6M_Wat9zQZxg==

GET
H2 200 23.3383a95d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 91 KB
25 KB 28ms
27ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.3383a95d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

cd7fb3bd97b6d7563e689cd314aef26df6e49b20d398d9c4ad92b46cf10227ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 20:29:53 GMT
x-amz-version-id: R.KopNfYz5sw7kCwT1v2lqw_kS4bQudX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 925620
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Wed, 05 Apr 2023 19:05:09 GMT
server: istio-envoy
etag: W/"5c45b021478e8a45705552c8d9bbaad1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qXqTtNvhUWkDjmwcXBbLaCbeq33HT3xeTXKSUBlIZcgnIusrqItXGA==

GET
H2 200 38.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame E732 3 KB
1 KB 21ms
21ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/38.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 13:17:36 GMT
x-amz-version-id: LFPPxWsKM9buI7tNlxr2ORSmQyZS03tk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1642757
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Mon, 27 Mar 2023 17:53:23 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Cwjs5ZaA37-3PyA7P5BqqbqyC410na_l9EzhXhD1286l3-4E1mm52A==

GET
H2 200 38.2c907ce3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 3 KB
2 KB 21ms
21ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/38.2c907ce3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

0c07bf805e857013386ec7ea2d26911aed5c827ee90e71a94188553c6d8ef337

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 16:46:57 GMT
x-amz-version-id: UxCT8aDYj_hNgM93MexUSctwVxa1i.5F
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3271796
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 09 Mar 2023 16:34:01 GMT
server: istio-envoy
etag: W/"ad63bf20f878fb64a363281ee85aa567"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: C4huhB22Y6Jh4q2UxBzFfLOR6DP2O91IoO0P3j-skW1w0FM4ZLVcag==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 9 KB
3 KB 21ms
20ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 25 Mar 2023 07:22:55 GMT
x-amz-version-id: FbY0009UR6SM8SEWGeJjbUjChZiwlwq2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1923238
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Fri, 24 Mar 2023 15:27:29 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ypyXhKPPSon2UGhVEs803vHZpi4bJ53W1Kvx6tgCM_WQmzn1qVKBbA==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame E732 7 KB
2 KB 22ms
21ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 08:09:51 GMT
x-amz-version-id: a6aW3pFI8jDJfd5Fzc5RXPW1PSDB8w30
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 797222
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 56
last-modified: Wed, 05 Apr 2023 19:06:46 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: boW8Jo2frFr6V0PHW0rwrPfzp0a_WHlvLQ4uMjTZmmZ_mC3dTrgVaw==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 54 KB
15 KB 25ms
24ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 02 Apr 2023 13:04:52 GMT
x-amz-version-id: TZgR.kF9jQEw5fwgp1aPwIBAWqAwmYWG
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1211521
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jWRKj-teMiWTlJggHNbpDVixXHHs9UQJazYzot2XB0EgD3eNYI7oOQ==

GET
H2 200 1.02a6af84.chunk.css
js.driftt.com/core/assets/css/ Frame E732 44 KB
7 KB 23ms
22ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.02a6af84.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

120def079fc4e239098c571e178a9a1b73746f05c6f65a97cd7291b8c13aa401

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 18:52:28 GMT
x-amz-version-id: 64T0ZrFEmS.6MBMboj2UeFtkG_nz2tDv
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4041865
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Tue, 28 Feb 2023 17:39:33 GMT
server: istio-envoy
etag: W/"295093fc512c5e44a90c3c28242de8ae"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MymhgYKQL3ZXB4dNEjNeeCfiCNUrpxilBdkbrLCKNb5BAF1y_cO1Cw==

GET
H2 200 1.dd688aaf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 53 KB
17 KB 28ms
28ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.dd688aaf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d3ed94b69049a6046b0472b87a4d1be0a1c9482c9edc3793bf72714c82c7ce0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 20:29:53 GMT
x-amz-version-id: EYuyMkYTdV6Sz.Tu3e2Qz8Z_YPV77rIe
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 925620
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Wed, 05 Apr 2023 19:06:48 GMT
server: istio-envoy
etag: W/"456df11dba646f06e80bbae67a65aad8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: u7F-IYeadEfZp_bsqLZS5Nrzvow5oyzNpZbVuEaqssf159hykhQiAw==

GET
H2 200 4.b4477698.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 23 KB
10 KB 30ms
29ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.b4477698.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

277725f80d5c0175c2a996fe1eea07395b87ec1bd0496353409e99e96024816e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 20:29:53 GMT
x-amz-version-id: 0s5HvDu7I8ZUWeiRZtf_7BJNbUsVlUik
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 925620
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Wed, 05 Apr 2023 19:06:49 GMT
server: istio-envoy
etag: W/"ec2b0368f8359c0e46e2bfb9cf8e79ef"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jXWqpaicngvr8nHLv8IwYKx-alXV7S3_Z54XdcjS4-n5NKro5gwG6w==

GET
H2 200 35.a3318c5e.chunk.css
js.driftt.com/core/assets/css/ Frame E732 14 KB
3 KB 30ms
30ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/35.a3318c5e.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 04:07:35 GMT
x-amz-version-id: XpghMM6Bvn3zdgxgFBI2tr0e58zP8_PK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 898158
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 79
last-modified: Wed, 05 Apr 2023 19:05:07 GMT
server: istio-envoy
etag: W/"b06e02b360914b25e58305b1b9b954dc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HxtovN3pyjEIgEjeXuq9K4fmcEXhA9n-iTFnmUAxw50uoOVjFgt3gw==

GET
H2 200 35.6494869d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 12 KB
5 KB 31ms
31ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.6494869d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

58ff7fb7ab9d7adc4cf209107a51c54b693bd3b717b4d3d28590a16f6afcfcd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 20:29:53 GMT
x-amz-version-id: MYxiQ_WV9Qv3wwqExoqkX7K_GKNyB89J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 925620
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Wed, 05 Apr 2023 19:05:09 GMT
server: istio-envoy
etag: W/"9c04bff9551ebe240915e79768d1b29c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zrCza6QqAaGcSNkxhvDAXJLYszTm3JJik2g6IN9g1tH1qx02uDhNCw==

GET
H2 200 /
insight.adsrvr.org/track/pxl/ Frame F2D9 70 B
261 B 47ms
47ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=0v1kpom&ct=0:u9beit9&fmt=3
Requested by: Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/0v1kpom/u9beit9/iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 16 Apr 2023 13:36:53 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
20ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1826980072&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&ul=en-us&de=UTF-8&dt=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP&ea=Organization&el=Keyweb%20AG&_u=aHBAgEABAAAAAEAEK~&jid=&gjid=&cid=164968571.1681652211&tid=UA-44168172-9&_gid=291664804.1681652211&gtm=45He34c0n715SFWTH&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&cd7=&cd1=Keyweb%20AG&z=1934841999

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 19:05:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 66700
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
20ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1826980072&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&ul=en-us&de=UTF-8&dt=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Opt-In%20Campaign%20Audience&el=Keyweb%20AG&_u=aHBAgEABAAAAAEAEK~&jid=&gjid=&cid=164968571.1681652211&tid=UA-44168172-9&_gid=291664804.1681652211&gtm=45He34c0n715SFWTH&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&cd7=&cd1=Keyweb%20AG&z=1648752213

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 19:05:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 66700
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
20ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1826980072&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&ul=en-us&de=UTF-8&dt=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Gartner%20MQ%202020&el=Keyweb%20AG&_u=aHBAgEABAAAAAEAEK~&jid=&gjid=&cid=164968571.1681652211&tid=UA-44168172-9&_gid=291664804.1681652211&gtm=45He34c0n715SFWTH&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&cd7=&cd1=Keyweb%20AG&z=811729419

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 19:05:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 66700
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
21ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1826980072&t=event&ni=1&_s=5&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&ul=en-us&de=UTF-8&dt=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=All%20visitors&el=Keyweb%20AG&_u=aHBAgEABAAAAAEAEK~&jid=&gjid=&cid=164968571.1681652211&tid=UA-44168172-9&_gid=291664804.1681652211&gtm=45He34c0n715SFWTH&cd6=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&cd7=&cd1=Keyweb%20AG&z=1501586171

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 19:05:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 66700
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 9FB2 0
74 B 21ms
21ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.cyberark.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Sun, 16 Apr 2023 13:36:53 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 8F78 162 B
602 B 383ms
120ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

b8f62e67333c47bda5644ad6c9a9dbfb884daca66790d3a5ce391315219381e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 16 Apr 2023 13:36:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 9427da85a7a1c01e
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 162

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 160 B
465 B 118ms
118ms XHR
text/plain 34.235.68.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=hLcqEj_jyS_TFE6yvRCw0w&is_js=true&landing_url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp&t=Explain%20Like%20I%E2%80%99m%205%3A%20Remote%20Desktop%20Protocol%20(RDP)&tip=kSbZww392OCLIBuSir699pP64DyOCpZH96NbGEnJc1k&host=https://www.cyberark.com&sa_conv_data_css_value=%20%220-03d006f0-6b6e-5d78-6030-9f20be3ebe93%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd903d006f06b6e5d7860309f20be3ebe93d972da1d&sa-user-id-v2=s%253AA9AG8GtuXXhgMJ8gvj6-k9ly2h0.hVl5EaxaBStsWbhgs1kfLIF8db3dmx0tpRIgoHptAhQ&sa-user-id=s%253A0-03d006f0-6b6e-5d78-6030-9f20be3ebe93.aCrjVGSAn2aUzXKTdraXKb8bW9JY%252Faga9C1DPqZMyOs
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.68.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-68-114.compute-1.amazonaws.com
Software: /
Resource Hash: 082f95fd455fbcd0b92dd51c6ff3e433324f2b1027a6e66126c1347ea32b83eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sun, 16 Apr 2023 13:36:53 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.cyberark.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 160

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 285ms
285ms Image
image/gif 2.16.187.88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-187-88.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 8F78 25 B
89 B 143ms
130ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 16 Apr 2023 13:36:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 889ebca704374e51
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 14
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame 8F78 22 KB
7 KB 347ms
347ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

cb6dace2530528646f0b742391853afa4d502e39cfaf7b65c1b9c741e96df666

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 16 Apr 2023 13:36:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: cacceeca7cb3f9cc
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 231
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 219ms
219ms Image
image/gif 2.16.187.88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-187-88.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 track Show response
event.api.drift.com/ Frame 8F78 656 B
740 B 119ms
119ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

696d66ed3899d6b1a72a6def00dfab15a16ea91464bbac1fe9426e3f55f6b538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxNzk1MDUyMjc0MyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NDEwMzMiLCJleHAiOjE3MTMyNzQ2MTMsImlhdCI6MTY4MTY1MjIxM30.B1OTFc93ZtaRS42VmQEb9WRIgRteahK_WkXcVeJVSqIYy2fc1Vr_RTu-zOk5WEo6XXrqUfIYZtKRqius5zt2VA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 16 Apr 2023 13:36:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 253d7512404b57a2
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 656

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 124ms
117ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Sun, 16 Apr 2023 13:36:54 GMT
requestid: driftef01ed8474194b022dc5992764f
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame 8F78 1 KB
526 B 119ms
118ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

84165a729bf5c2519d2ddda8d596454ac0c26e713ce643ba9816ca1c23acc7f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxNzk1MDUyMjc0MyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NDEwMzMiLCJleHAiOjE3MTMyNzQ2MTMsImlhdCI6MTY4MTY1MjIxM30.B1OTFc93ZtaRS42VmQEb9WRIgRteahK_WkXcVeJVSqIYy2fc1Vr_RTu-zOk5WEo6XXrqUfIYZtKRqius5zt2VA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 16 Apr 2023 13:36:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: b2bc18b0cf12e4f3
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 463

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 122ms
116ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Sun, 16 Apr 2023 13:36:54 GMT
requestid: drift7b9a6ae44e0a7951966fd6ad2d3
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

OPTIONS
H2 200 render_initial_v3
flow.api.drift.com/flows/ Frame 0
0 136ms
118ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Sun, 16 Apr 2023 13:36:55 GMT
requestid: drift0ff873b4765a0133739f51b2e8c
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 2

POST
H2 200 render_initial_v3 Show response
flow.api.drift.com/flows/ Frame 8F78 3 KB
2 KB 141ms
140ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

d805e88d9d061066008cecf740fec834b6fc62abb045ee259558e1efdd84b579

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxNzk1MDUyMjc0MyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NDEwMzMiLCJleHAiOjE3MTMyNzQ2MTMsImlhdCI6MTY4MTY1MjIxM30.B1OTFc93ZtaRS42VmQEb9WRIgRteahK_WkXcVeJVSqIYy2fc1Vr_RTu-zOk5WEo6XXrqUfIYZtKRqius5zt2VA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 16 Apr 2023 13:36:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 4141bd2df4b2d359
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 24
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 1869

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame 8F78 0
37 B 126ms
125ms XHR
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxNzk1MDUyMjc0MyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NDEwMzMiLCJleHAiOjE3MTMyNzQ2MTMsImlhdCI6MTY4MTY1MjIxM30.B1OTFc93ZtaRS42VmQEb9WRIgRteahK_WkXcVeJVSqIYy2fc1Vr_RTu-zOk5WEo6XXrqUfIYZtKRqius5zt2VA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 16 Apr 2023 13:36:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 4c330d964edfb424
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 9
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 58.377a2854.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F78 18 KB
7 KB 21ms
21ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/58.377a2854.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

130688f16399fc1980b2900037a220bc182f4b0c320621dc7d70ec721514765e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=ey22i6m9p82y&eId=ey22i6m9p82y&region=US&forceShow=false&skipCampaigns=false&sessionId=d0777360-f07c-49aa-93b5-c01e58600b4c&sessionStarted=1681652212.942&campaignRefreshToken=f3e21eaa-2333-4950-a663-7e31f01bfea9&hideController=false&pageLoadStartTime=1681652210677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 19:22:49 GMT
x-amz-version-id: VNdlB8aq7hsMD9xmH2piO6MjwkFFx9yo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4040046
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 28 Feb 2023 19:03:42 GMT
server: istio-envoy
etag: W/"33f417d96bdfff4c4e2ac5468c815f07"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SwPRei_ZTm30EYJOr6ayMIHYLsoXj6fx1E6EHW1vewrAuStovKWnfw==

GET
H2 200 58.377a2854.chunk.js Show response
js.driftt.com/core/assets/js/ Frame E732 18 KB
7 KB 22ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/58.377a2854.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9cf07f53.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

130688f16399fc1980b2900037a220bc182f4b0c320621dc7d70ec721514765e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1681652210677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 19:22:49 GMT
x-amz-version-id: VNdlB8aq7hsMD9xmH2piO6MjwkFFx9yo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4040046
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 28 Feb 2023 19:03:42 GMT
server: istio-envoy
etag: W/"33f417d96bdfff4c4e2ac5468c815f07"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xgbbOVMbH9XdfW4vHKhuTV-n3JFIXz-K077kJru6IlCfdCq6JWCYJA==

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 118ms
118ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Sun, 16 Apr 2023 13:36:55 GMT
requestid: driftc445f914f1a915177ef74e50526
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 2

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F2080453%252F690aee1490e624290ef724079be9437f96dgrydefrdk%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w...
driftt.imgix.net/ Frame 8F78 3 KB
3 KB 75ms
21ms Image
image/png 2a04:4e42:8d::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F2080453%252F690aee1490e624290ef724079be9437f96dgrydefrdk%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3D8cbb812869cae3ac0e8d1e341ba68a27?fit=max&fm=png&h=200&w=200&s=3749d7ac8855db31e7dff64475c4bb37

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:8d::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

196697739a7e27c152b6bfb1f999ea07ff14eb538a607348e549477d946d155b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:55 GMT
x-content-type-options: nosniff
age: 2079599
x-cache: HIT, HIT
x-imgix-id: f9a5f8e2b92063297e9f66559502e2c30d51a3cf
cross-origin-resource-policy: cross-origin
content-length: 2619
x-served-by: cache-sjc10047-SJC, cache-fra-eddf8230095-FRA
x-imgix-render-farm: 01.9552
last-modified: Thu, 23 Mar 2023 11:56:56 GMT
server: imgix
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 4.3b34b074.chunk.js Show response
js.driftt.com/conductor/assets/ 158 B
852 B 22ms
21ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/4.3b34b074.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1681652400000/ey22i6m9p82y.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

574aecd6793a65225977300bbb170085109bf62527488370869dd0678d52369e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 05:58:01 GMT
x-amz-version-id: eLPJNLDiK0h48cZin9hbXquS4tCIVHe1
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 977934
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
content-length: 158
last-modified: Tue, 04 Apr 2023 15:21:41 GMT
server: istio-envoy
etag: "04cb478629934587f65fb92a62238885"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XCdE0QuUMb-FKDQdd6ToVaushaJtWmFVdKLjuAoXGTdcZ8hO7Nl_YA==

GET
H2 206 notification.5f7c6014.mp3
js.driftt.com/conductor/assets/media/ 8 KB
8 KB 23ms
23ms Media
audio/mpeg 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/media/notification.5f7c6014.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 03 Sep 2022 07:38:10 GMT
x-amz-version-id: Ub51puyo1Locv75rMJeYD6NAYp0fo__l
via: 1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 19461525
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
Content-Range: bytes 0-7754/7755
Content-Length: 7755
last-modified: Thu, 01 Sep 2022 13:18:52 GMT
server: nginx
etag: "5f7c6014cf73831f91963a668b71fbb9"
access-control-allow-methods: GET, POST, OPTIONS
content-type: audio/mpeg
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4LOxOhm2iwyHyN_J3_X61N_tiumLmLbnLzjN90oKjUKp_WWGSIAkHQ==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 232ms
232ms Image
image/gif 2.16.187.88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-187-88.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event3/ Frame 8F78 25 B
109 B 130ms
130ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 16 Apr 2023 13:36:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 935ad770ae0c5c48
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 14
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 263ms
262ms Image
image/gif 2.16.187.88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.187.88 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-16-187-88.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberark.com/resources/threat-research-blog/explain-like-i-m-5-remote-desktop-protocol-rdp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sun, 16 Apr 2023 13:36:57 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

205 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.cyberark.com/	1969-12-31 23:59:59	Name: _MGZ_ Value: 6fm3ladl3qbhm6iaqs0o2lqr7e
www.cyberark.com/	1970-01-20 19:53:08	Name: pdf_event Value: WyJbe1widXVpZFwiOjIxOTg5ODgyMjV9LDE3MTMxODgyMTBdIiwiYTNmOGMwMDA0MGYwNWUzZjUwOTNmNmFkYWIzOWIxYWMiXQ%3D%3D
.www.cyberark.com/	1970-01-20 19:53:08	Name: _ufav Value: 60516be6f8904c40ba0d5070b9d57217
.www.cyberark.com/	1970-01-20 11:07:35	Name: _ufas Value: ce30b6a907bc46e283addcc256f91bf0
.cyberark.com/	1970-01-20 13:17:08	Name: _gcl_au Value: 1.1.35689056.1681652211
.cyberark.com/	1969-12-31 23:59:59	Name: at_check Value: true
.cyberark.com/	1970-01-20 13:17:08	Name: _rdt_uuid Value: 1681652211416.8efc5045-60d0-4370-a002-5ffc3b0e110b
.cyberark.com/	1970-01-20 11:07:34	Name: TAsessionID Value: 198121a0-efa1-4439-a924-1a8673550f86\|NEW
.cyberark.com/	1969-12-31 23:59:59	Name: notice_behavior Value: expressed,eu
.cyberark.com/	1970-01-20 20:43:32	Name: _ga Value: GA1.2.164968571.1681652211
.cyberark.com/	1970-01-20 11:08:58	Name: _gid Value: GA1.2.291664804.1681652211
.cyberark.com/	1970-01-20 11:07:32	Name: _dc_gtm_UA-44168172-9 Value: 1
.cyberark.com/	1970-01-20 19:53:08	Name: _mkto_trk Value: id:316-CZP-275&token:_mch-cyberark.com-1681652211454-50369
www.cyberark.com/	1970-01-20 11:07:34	Name: ufentry Value: 20230416.100651
.cyberark.com/	1970-01-20 20:43:32	Name: trwv.uid Value: cyberarksoftware-1681652211561-cea054cb%3A1
.cyberark.com/	1970-01-20 11:07:34	Name: trwsa.sid Value: cyberarksoftware-1681652211562-7e4e4370%3A1
.cyberark.com/	1970-01-20 19:53:08	Name: _hjSessionUser_1200039 Value: eyJpZCI6IjlmYjQ1MDJhLWE2NTctNTQ3OS04MTY3LTY4MTZlZjE0YzFkMiIsImNyZWF0ZWQiOjE2ODE2NTIyMTE1OTEsImV4aXN0aW5nIjpmYWxzZX0=
.cyberark.com/	1970-01-20 11:07:34	Name: _hjFirstSeen Value: 1
.cyberark.com/	1970-01-20 11:07:32	Name: _hjIncludedInSessionSample_1200039 Value: 1
.cyberark.com/	1970-01-20 11:07:34	Name: _hjSession_1200039 Value: eyJpZCI6ImQ4NTVhMDhlLWJkYzEtNGRlZi05ODEwLWM3MGE5OGI3MjhmNiIsImNyZWF0ZWQiOjE2ODE2NTIyMTE1OTcsImluU2FtcGxlIjp0cnVlfQ==
www.cyberark.com/	1970-01-20 11:07:32	Name: _hjIncludedInPageviewSample Value: 1
.cyberark.com/	1970-01-20 11:07:34	Name: _hjAbsoluteSessionInProgress Value: 1
.demdex.net/	1970-01-20 15:26:44	Name: demdex Value: 11655364435885616693795235394914297207
.cyberark.com/	1969-12-31 23:59:59	Name: AMCVS_9AB97041603F3EDB0A495C66%40AdobeOrg Value: 1
.cyberark.com/	1970-01-20 20:43:32	Name: mbox Value: session#08d9933d5f3145c4b95e062a75a8d5b9#1681654072\|PC#08d9933d5f3145c4b95e062a75a8d5b9.37_0#1744897012
.everesttech.net/	1970-01-20 19:53:08	Name: everest_g_v2 Value: g_surferid~ZDv59AAAAK2jCgN-
.dpm.demdex.net/	1970-01-20 15:26:44	Name: dpm Value: 11655364435885616693795235394914297207
.cyberark.com/	1970-01-20 20:43:32	Name: AMCV_9AB97041603F3EDB0A495C66%40AdobeOrg Value: 1176715910%7CMCIDTS%7C19464%7CMCMID%7C19346883732565270164494266494775849690%7CMCAAMLH-1682257011%7C6%7CMCAAMB-1682257011%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1681659411s%7CNONE%7CMCSYNCSOP%7C411-19471%7CvVersion%7C5.4.0
prefmgr-cookie.truste-svc.net/	1970-01-20 11:07:32	Name: cookie_3rdparty Value: enabled
www.cyberark.com/	1970-01-20 20:43:32	Name: _gd_visitor Value: e002ed9e-1324-45a4-8d53-7e9ea9bd8088
www.cyberark.com/	1970-01-20 11:07:46	Name: _gd_session Value: bb0d0a77-e87c-4324-893e-cf30d3ab477a
consent-pref.trustarc.com/	1970-01-20 11:07:32	Name: token_test Value: Sun Apr 16 2023 13:36:52 GMT+0000 (GMT)
.cyberark.com/	1970-01-20 11:07:34	Name: gpv_c51 Value: https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fexplain-like-i-m-5-remote-desktop-protocol-rdp
.cyberark.com/	1970-01-20 11:50:44	Name: s_nr30 Value: 1681652212802-New
.cyberark.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.cyberark.com/	1970-01-20 13:17:08	Name: _fbp Value: fb.1.1681652212824.1283533174
.doubleclick.net/	1970-01-20 20:29:08	Name: IDE Value: AHWqTUkoxe1FzPQTNt-u3Ih-xqUT4EEwr7YADjf1ecQ2TvmJ49FyN8iPdWVx4l7MCwQ
www.cyberark.com/	1970-01-20 11:08:58	Name: ln_or Value: eyIxNzkwNiI6ImQifQ%3D%3D
www.cyberark.com/	1970-01-20 11:07:34	Name: drift_campaign_refresh Value: f3e21eaa-2333-4950-a663-7e31f01bfea9
.linkedin.com/	1970-01-20 11:50:44	Name: UserMatchHistory Value: AQKvjHVNt5HtSAAAAYeKSGSgsigT1sK8Pauou9FCNQqpQ_yeyUGp6CDzBC6QsNECCko2qGVYOOvSpg
.linkedin.com/	1970-01-20 11:50:44	Name: AnalyticsSyncHistory Value: AQIIzuHwBcnwgwAAAYeKSGSgFGl3NhjhSBwcfsLgeuwZL6oGToCpO7amNIohD3LgiSluyvrz2pfjxigsCiVhAA
.linkedin.com/	1970-01-20 19:53:08	Name: bcookie Value: "v=2&0cd53af2-5a71-425a-859f-9d5af81fd037"
.linkedin.com/	1970-01-20 11:08:58	Name: lidc Value: "b=VGST00:s=V:r=V:a=V:p=V:g=2979:u=1:x=1:i=1681652212:t=1681738612:v=2:sig=AQE1Syhm5i9StZMEbZBkG_QXbfgeYj-Z"
.www.linkedin.com/	1970-01-20 19:53:08	Name: bscookie Value: "v=1&20230416133653254407b7-c4ed-44ed-8473-4d90662e45eeAQFpzvDcuxeAYUAylqZhRYC178HXlA1d"
.linkedin.com/	1970-01-20 15:26:44	Name: li_gc Value: MTswOzE2ODE2NTIyMTM7MjswMjG93cxD9oisShSLCb/D9SOPI7uVMT5CJT5ENk6W3OyIGQ==
tags.srv.stackadapt.com/	1970-01-20 19:53:08	Name: sa-user-id Value: s%3A0-03d006f0-6b6e-5d78-6030-9f20be3ebe93.aCrjVGSAn2aUzXKTdraXKb8bW9JY%2Faga9C1DPqZMyOs
tags.srv.stackadapt.com/	1970-01-20 19:53:08	Name: sa-user-id-v2 Value: s%3AA9AG8GtuXXhgMJ8gvj6-k9ly2h0.hVl5EaxaBStsWbhgs1kfLIF8db3dmx0tpRIgoHptAhQ
.srv.stackadapt.com/	1970-01-20 19:53:08	Name: sa-user-id-v2 Value: s%3AA9AG8GtuXXhgMJ8gvj6-k9ly2h0.hVl5EaxaBStsWbhgs1kfLIF8db3dmx0tpRIgoHptAhQ
www.cyberark.com/	1970-01-20 19:53:08	Name: sa-user-id Value: s%253A0-03d006f0-6b6e-5d78-6030-9f20be3ebe93.aCrjVGSAn2aUzXKTdraXKb8bW9JY%252Faga9C1DPqZMyOs
www.cyberark.com/	1970-01-20 19:53:08	Name: sa-user-id-v2 Value: s%253AA9AG8GtuXXhgMJ8gvj6-k9ly2h0.hVl5EaxaBStsWbhgs1kfLIF8db3dmx0tpRIgoHptAhQ
.6sc.co/	1970-01-20 20:43:32	Name: 6suuid Value: 54bb1002313a0200f5f93b64bf000000d4e21500
www.cyberark.com/	1970-01-20 20:43:32	Name: drift_aid Value: d10b4569-ba44-4eb1-a9cd-0b32620e9306
www.cyberark.com/	1970-01-20 20:43:32	Name: driftt_aid Value: d10b4569-ba44-4eb1-a9cd-0b32620e9306

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.bundle.js Message: Specifying 'overflow: visible' on img, video and canvas tags may cause them to produce visual content outside of the element bounds. See https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md for details.
security	error	URL: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=cyberark_v2&site=cyberark.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/&session=198121a0-efa1-4439-a924-1a8673550f86&userType=NEW(Line 55) Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://www.cyberark.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

316-czp-275.mktoresp.com
9920016.fls.doubleclick.net
adservice.google.com
alb.reddit.com
assets.adobedtm.com
b.6sc.co
bootstrap.api.drift.com
c.6sc.co
cdn.linkedin.oribi.io
cdnjs.cloudflare.com
cihost.uberflip.com
cm.everesttech.net
connect.facebook.net
consent-pref.trustarc.com
consent-st.trustarc.com
consent.trustarc.com
content.cdntwrk.com
content.hotjar.io
cs.choozle.com
cyberark.demdex.net
cyberark.sc.omtrdc.net
cyberark.tt.omtrdc.net
d1eoo1tco6rr5e.cloudfront.net
dpm.demdex.net
driftt.imgix.net
event.api.drift.com
flow.api.drift.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
in.hotjar.com
in.ml314.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.driftt.com
metrics.api.drift.com
ml314.com
munchkin.marketo.net
nexus.ensighten.com
prefmgr-cookie.truste-svc.net
px.ads.linkedin.com
px4.ads.linkedin.com
rtp-static.marketo.com
script.hotjar.com
sjrtp6-cdn.marketo.com
sjrtp6.marketo.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
tags.srv.stackadapt.com
targeting.api.drift.com
vc.hotjar.io
www.cyberark.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
104.17.196.105
13.107.42.14
13.225.78.53
13.225.83.200
13.32.99.41
142.250.186.70
15.236.117.205
151.101.65.140
18.200.69.132
18.66.112.19
18.66.112.41
18.66.97.37
18.66.97.81
192.28.146.116
192.28.147.68
2.16.187.88
2.19.39.121
23.38.53.173
2600:9000:20eb:5400:2:53b2:240:93a1
2600:9000:20eb:a000:12:53a8:95c0:93a1
2606:4700::6811:180e
2620:1ec:21::14
2a00:1450:4001:80e::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:811::2002
2a00:1450:4001:813::2003
2a00:1450:4001:813::200a
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2008
2a00:1450:400c:c07::9d
2a02:26f0:3500:16::215:148d
2a02:26f0:3500:587::1e80
2a02:26f0:6c00::210:bb9b
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:8d::720
2a04:4e42::396
34.111.234.236
34.193.113.164
34.235.68.114
34.241.237.172
34.255.111.89
35.174.21.180
52.222.236.115
52.222.236.74
52.223.40.198
52.49.168.196
52.51.141.47
54.146.120.141
54.236.171.84
65.9.66.72
001cb43172d01b04429019194827d865a6105911042c474e8a23796117884446
0354a8cb0789d6c86e691769b9783d1f61423a77cc90274826f9368a507a41ce
03c30c924e1d2b73c2022269369a90c3c4093aa74e2fd1b7e71de0d3708e655c
0402955fd97b3d37addd83e8075bcfe5d43af7f042135aebf2efc346d1c51c93
047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1
0525227372ed27950e183889955710f42b5ef4e82d28367cae087c51cf9c16aa
05281d4232c9c6c542e94f294ee0610c8ea5f6ecd9c4ef605573df970aaabdf4
0637a5486005822934814400cc9f0989ead659268f2add3521f63f1b49876913
082f95fd455fbcd0b92dd51c6ff3e433324f2b1027a6e66126c1347ea32b83eb
08674fcf28788bda144a170cf418d008781c9a20f784b3644b9de73d66513903
08abb7430862bcd0101048333e95994ed3399a79e80744c3b15405a56584953c
0a64de85c54d385a9fa2234abc2d55791ec47c60bfcf52291ddb28aa67dfaede
0c07bf805e857013386ec7ea2d26911aed5c827ee90e71a94188553c6d8ef337
0c1735c33aba99b149285a77aaee7d910df64f400e834b6a71c57655ad7bcda8
0c9b296524382941636b88d087aceae8dcefe8ee75ef302d35f798c65d18f401
0d2483d50c6a2bee46160e80343eb6c8d1bb5c6ab07e25e18463360d3b8b301d
0ec06672fe3c64b5f9a2734153c38dc3aac1a84dd0c656447e4f393339608db6
0ec76d5244f87755e6d0d20e9b9bb3e4a893de6a9de2bb2f3dbdbfa80bcbc7ff
0fe769962777eeac6efad950fcfcdf4fabae8acb0288550771e44ca752c7d003
11304b88bdf5cd5f42513b9aa8bd3206653770f4f125b852285db812c731cf24
11ae2b723975e982ee010ad2af2b599a771cd4abed6075d102d1968dbc6a2317
120def079fc4e239098c571e178a9a1b73746f05c6f65a97cd7291b8c13aa401
12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f
130688f16399fc1980b2900037a220bc182f4b0c320621dc7d70ec721514765e
178b4553ba5170d84cc952713a8422e73becc81a7bcef75849f7f8792b13231b
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
18a9f7f4f194aabf5ba501f648392f1711b1b684c246d887e3dc88c88f134360
196697739a7e27c152b6bfb1f999ea07ff14eb538a607348e549477d946d155b
19871f24c2b42833f98f404c3f404c0cbc99f02c70e590303e9f269948d2a056
1a0befe65702652b841f3faff55904eb25aa7a5c6597624ba6093ef1a665eee9
1aa7996197b13bddd9d45a179b5943219fb646007061d4b9209bdbd8c9aea142
1e5cad07ff6bd575c9db436ac6a16d1cbba8711cab6b73f25e96fe3b33ef3528
1f150486021d4182821249f13273a7a87862756e2b021e3d19121aaae6a2e09d
1fb7ee27fdfb34869f89aa51d9af1cf86ecc6800ab591ec3ca78f155742200b2
1fd56a753d2fc5aa18fc391ad597ad008c5c5a3c1af0c9c55e9294271ce4bc95
227424fc43294f94db4ac0b4cab640f6cd03a4c1e1b6439a380a7bf5363f15ac
22b1c85f75f783d44346fb97d5787ac2b94daf955a1ceae3148186427c1073a8
234f5e6b36c41a209c87e64949d11927b6360603b94ce3511c53df5bac0f4c26
23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4
25037e6b7c282bb93eb40d6af413e84acd76dd8a264ccfae5f71d910eb5a1035
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2712f872a8662d4be24e5714ae1ef301eb55eec7937a5fe8510ccc30c778d0e1
277725f80d5c0175c2a996fe1eea07395b87ec1bd0496353409e99e96024816e
278cd45917f5fee0e5710b34f2c03a3652544fe5a6ccea56cbbd0bd7324bf5e7
28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6
2988864102eccf40fa52c3212935133555dcde4d59cde626f794694afdeecabf
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2bfe0bfebc6bf40e5f73c03389ba8285505bc2f45d739d1efd5ca830f940a51d
2f36c78a67f348ce26ec286b07474951bf1941c2190629d00601d856906df7d1
2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f
3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92
339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a
33bf20dfaba046936f9c2100c1fceda74cd7aa9c319d011a31588599634ddd58
35d1a46cbc331f5cdd588a8f79c39079ef075ace791115c9c0c48c02d67f0ff0
35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31
379e8bf83d46ce3fd61a9c2e3141b0dbc84d14883438ed1f5fa715c39d61f9d2
387886be70bfc9d040c0021abf3c70296b681fb2a8ee764d6576cfbd09023913
3dd51bb8d7542f9ed2ab94992b297a898a0ba2114532b841239592fc0d197cf1
3decbe1c69b0f91d975610f54b2615be61a887c20f8ade1049be9743168198aa
45aca110620ac12009925cac1e38aa4e71426a2b83ee7f356010069b45539d56
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
49bdaf43b043fdd5e79f321a889502b341e83fb3d71caa9ec286369bcb205373
4abc143ac16a6d4e4fd9588528a4f861d0d58fc474ecd0402d5724e97b086fa1
4c1ba239941c5018015ceb57916a5983ea6505b50216aefb817ccfb94654a339
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
503bd80ceafcd8a851fc5adb62f619b40e3dfe7ad1fc4823cd3c33d21cf218f5
50d2cdea15cc99d234529e8ff76abae445f8a3b2f510b8254a5daa96d018f40f
51aee302d871416414735342c8aa67b9d5758e0b5290b38c967846bc0d9135d8
532d3b1558f2b46fe97935533a1e7cc976df1ff1f56b00e6d49aa781e2390fce
5567c5a47f8bbd27707bd2cffdb1679c292a07ccf09a8578e1b9eba7ab481cf3
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
574aecd6793a65225977300bbb170085109bf62527488370869dd0678d52369e
584f7fff91741fa7c77312344120c52db984a9de5a686b2a4ef95d950a4b5eb8
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
58ff7fb7ab9d7adc4cf209107a51c54b693bd3b717b4d3d28590a16f6afcfcd3
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5ab58cadcff9594c08b6bd8c00a1a34ab1a40140b08f0270b03b5edc393ca9c3
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5d59d71fa30604e26c815b2bcfea777bef1564467e2ff9b1b4dc45ca2ee0f6fe
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec
603d4ccbae71b317445d37367d9b3e6544c1b0b067ee23081de98892ed804dfa
6151f62c314340a55f5cc5fb650538f2325f9516b69da4e3feb300515fc4072e
619ddc1d756bc60de4717303471873db6bbc6da6106ad99231472aecdb6c3040
62738b62849a46842f34013b8528886f10c8d0e1c9aec47d636e05d631e2f60e
634358d77171f485bb1738fce1bf1e715e2cd0a94b2c4f3d5c6dafccd0d1031a
63c66737828453882371cb2b1c7b36629104ebe929566bb4bd42ca3872fcde9c
662fc4f3f0124740414378b357488f186cca9937e1c2bd16da6a34c903d2d690
66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4
67e2f25233ffe02ea0a70301e7440e6371d8943ca3f759b1d128b590e7e9419b
686b85a48179611261d73877a7375fa4aaa1708b4b71ab46c904526c4ba7df8f
696d66ed3899d6b1a72a6def00dfab15a16ea91464bbac1fe9426e3f55f6b538
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6df07acc4226892a09f5d94cfb28cd6f560b073f5fb5e4060fede31cba893989
6e6098f9e4e64f667bc006876813632d5ac79ac56e5284a95c9c821870907cad
6f756350e67238ef627d83acd8c4697791eaade9b8304e92f0b0b611920a7fde
6fb0d5d3a6a52dcfc96818baa044e02d86be6793bc86265f2f69d965e2850678
7017acd2219db2073793fed0fe5cc1c96ae4f1883e9abebf4e0cfaf73474843c
70e7a5f72aaafa5289512d853ea12a4070eca0ca885dc3274d8fae385348ed33
7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a
71e6f7e8ad6d244adec69de1d48517ebdebb92a11f9d72652033641a8002d5f8
727f7329c8911115e5a8991cc12a421ac0d22c761f2f2c737d8e7be425c5ea7a
74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595
76b378075dc07b1caa45424756cca2440fda08f8276c814effd5c738409fa06d
76e843994bba14afbf1c558e8503db5aa7fa6ffd8eb7f220c110a82d28756138
7a036fbf5fa092cecb320befb8e95214b3d89fb1655fefb5431b7142aed3d919
7a9710846e3c8985cddc3752f803e7f5b52966cc963c02162b07f3567103bf3c
7b0e7a4bdf115afb8e8c5b9b671b0dc4441236f8cf56906d146b7d46a0ee14a8
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b7012dcb12ee2f3b165215c4766a7d393c8ca3e3da7a0621f4de062769ccf60
7be1b3df507b34b7d05c60510836564455b0f85be0871e96e48201e4947d4cfd
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c07468e93987855fdd0310e9df137ea5c67223afd357404a2bfc59127d1ae94
7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b
7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9
7f3600bed9e87d4a2b64c37e71a0a55fd48ed18cb39f500250fc245d0b79566f
7fe7d9054d31a9874fb36aba6a3736c02799bdaab5fed3e007ff334bc4580732
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83c24cdc38d0e64c40ade6b6fe8aa3d935b7bb9daa553242aeb78b0a9a187fc0
84165a729bf5c2519d2ddda8d596454ac0c26e713ce643ba9816ca1c23acc7f0
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8605ba9973ec0ff450733faf2d77e8e07fa354bc4c0f6aff6c41c5e4c25835bb
860b18e91a3582792f23c9b2c9dbd64036c5545777e8bdbb81e6e76d2a926e4e
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
8642675885c3a57a6673d673550ef1b5cb983e7b8232e00cf7d804cbe6a1f034
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
88b4bd1c3c8e9af6516b562e9679955ff48479ee6a5771e97ef425d1c5425e1f
89275a1c66640733265b5be89864b6daefef1cc3f275566dd8fd29bd66601a83
8a24661354b5da6a831310ea1286dad735369c231fe4f64f0dd745952af41615
8a6e748e376ec78d830131deaf6c5dbfa2e5ce4a32e30b609aa7700345d4491a
8aab45b2e3226eb83ceed37f3f622529d0a6ca0a82d8dd9a4d1fb8e46ba84f83
8bcb1671142844b9c10b5247053d513b9110ad9e3ad7ec0b751d42c977611f83
8d1e4764af37e9d4636f5bdf281c4c9a32974c91b83292294bfd77b2eca63a3a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9186ad0839410bf3d20f3c5b242b36027562baac85ffb8cba18b50b6e4d7945d
918e8441bee23ad58f7206b828f06c95a47a8e3ba6ae2e29b6483c610e06e470
91b7152c2708e116677591b018f23ed2910c747e932f8985b704f1884d807990
91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
926c6e0971989eae77fc46af238c338422f1b3c78ab6f7be041780f39565762d
93e2856e540b7faf4767d1291492324c43994be69562b8d1d9be07de8e2e40e4
95245f488fc923a05392ac8ca5985ac00d44b0603ba7b987d103475181268d88
952f35790a58d6c58cd01db0b7994f8b1e3f2d4328f8dd2ed423c01579d403c6
958a03c833d9116f7ab9a5ee503f7b0360b9291b268bfb77128a8f0e19238613
97835f51936631312648ce4198cd92c85beae9e09e3cdaff439c57ffccc5c5d5
9880b1057df4dc2ce1fc004ef4a595c36bb258deb902610a945938196df166e2
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0
9db8ca4fe22c19748cc9c569db7e79c6a40597c596a2a2a4bc9eada5a94dcabf
9e70999bd0ed2afbb2967ca63898c752fc3e66ba8a86a4ac341723be85bb7319
a02215e865c2949ab838df058f262ddc8d5361d613eeb881f97be60f1f1dc4bf
a0d6a83a27c03fd1e1d7f60c77b690cd4a15718468227bd234cfa61d1135e85a
a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362
a249bcffb2d8e92a3bdff919def43b14841803ad93b80ffa864db1090e007594
a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed
a35f66e3c735f802aa18c069ed416ba8d2a7acd10e6c03d0d39af2cd1d2ec95a
a654dbffdb656aacce15df139a6d2701ccae809fe7baab1ec042714bb6336eb9
a7e60c5283bc11f60d34626741d2d3f68d323570232331103b0a93e1e25363d8
ab342cf55dbb1241ef27cc92303a4266de2f8ec5734d4f7f97285c8562079ab9
abca0004f2960ea162b161a82240a139fce6012733a76f3859febb9bed38b420
b014e4d5562d444e36750cc30291deded03d12aa2ed6680a65129131577aef4a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b30ab08550f6b662f7284419533bcd2394c237060f7e129d9a0586b81a0aabbc
b3cdc0cddef5a4c5497ed2a62f362aeea1e9f801c49f8dc88b1edb5afcbd3efa
b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40
b8f62e67333c47bda5644ad6c9a9dbfb884daca66790d3a5ce391315219381e4
b9254bbd972e39fae9a8131f960de877fac0f3df0d989a8d116aad66072dce1a
b96b944dbdb9c2afcdecae184e3bdc4717c30dc4f5d4624cfd1727461d6569fa
b98b810e882a161a4c72961692c7656a21ea60adfbc170b83542f27634b3c146
b98e0f76f97857fce1b3fbd8e9ed5775988e85fffd71dcc2422f8d012378ea34
bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027
bf8cddf3132a2c30a1c9e114ac9d84ccf7af6d4c2a42393898b7fc43b79d8423
c0c5b8f37bb612b6cd3e5be43d3d269d05eb0a8e10d98f71e9534f4eb6a8c3ec
c1457d6417251decf61b55c38e54c05f42f0d3855d31dbf51699728b2131aefd
c1cd0852f3077f1b059e16529d8de16acb490990d6cb796dd74873de0bfd8a91
c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2
c31420493d6eb30dc84e63c79a997a5caeafdde0574b0a342c415bfd627b2d1a
c4075c29ce6b37940eff3682e883612aabc2b78e8ccfa4b9af84b9a90e4a7470
c6b2815294e64eb3d9e30955673ae3b60a486ae5b7dfcc7e48c0e2a4fe7301de
c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6
c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca
cb6dace2530528646f0b742391853afa4d502e39cfaf7b65c1b9c741e96df666
cd2f6642d9c618ac73dedc1b90c09f5d8d2652130b858758afa695b96400597c
cd7fb3bd97b6d7563e689cd314aef26df6e49b20d398d9c4ad92b46cf10227ca
cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a
cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69
cf2d229d954110b22e9d4f2587d5b31b785ebd9c0c97ecba9035625f91c49e08
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d3ed94b69049a6046b0472b87a4d1be0a1c9482c9edc3793bf72714c82c7ce0c
d4761d421bbf2f059126b9ce4f5e0a9f7bc83b046a58162780a2b9c3ab8c9a56
d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492
d805e88d9d061066008cecf740fec834b6fc62abb045ee259558e1efdd84b579
daa26070c8c2e752180ee9cc2572bf4e9760eddfd77681a14c0bfddfee3b385d
daf035f87991a000267981dab4aed1ed22d73b4ac31eef780c0a2958f74ba665
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
e2007f491cf8805ceb2604c0b9aeb1adc383791b679f523665fb75a8aad1ea1c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e43f4377ab42351cc2787d4d3188411faaf30536a9db6b07dd1daa0b29678025
e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8
e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae
e8e7fd76994e9fe7f19af8a2234efc259debc6e67de4ae8bf2f0e7471132bd02
ea15ed59b6d8057751d02fe2b62dd358659dee4a5af26ae82b59291ed5a626f8
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2ca5ac3d9cf4d005d7294562694e44b40efd2c194722721a52743c2f43f1a6
f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f7dee2a88356549b15d6145e3170e69825aa94d38e4809fc690142eb69481484
f8798515190cb314410c765a8b22859988890100550865fcea07aaa000cc3608
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fa8f7142a58970cc3f64a4070c0e0a93678e73c4f872ebaf57a3f3a3bc2ea1d5
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fffcc021124d70080ddd0c52562645c46e03ff39c924ced85c1bfd62cb8b8767

www.cyberark.com Open in urlscan Pro 104.17.196.105 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

279 Requests

99 %HTTPS

38 %IPv6

39 Domains

61 Subdomains

51 IPs

6 Countries

9411 kBTransfer

15813 kBSize

53 Cookies

54 Outgoing links

Redirected requests

279 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cyberark.com Open in urlscan Pro
104.17.196.105 Public Scan

Screenshot
Live screenshot

Full Image

279
Requests

99 %
HTTPS

38 %
IPv6

39
Domains

61
Subdomains

51
IPs

6
Countries

9411 kB
Transfer

15813 kB
Size

53
Cookies

279 HTTP transactions
1 data transactions