www.cyberark.com Open in urlscan Pro
104.17.194.105 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
Effective URL:
https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Submission: On September 08 via api (September 8th 2020, 10:10:45 pm UTC) from US

Summary HTTP 185 Redirects Links 32 Behaviour Indicators

Summary

This website contacted 53 IPs in 9 countries across 43 domains to perform 185 HTTP transactions. The main IP is 104.17.194.105, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cyberark.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 17th 2020. Valid for: a year.

This is the only time www.cyberark.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 31	104.17.194.105 104.17.194.105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
29	99.84.156.82 99.84.156.82	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6811:4f6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2600:9000:214... 2600:9000:214f:4600:12:53a8:95c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
8	2a04:4e42:3::622 2a04:4e42:3::622	54113 (FASTLY) (FASTLY)
2	99.84.156.59 99.84.156.59	16509 (AMAZON-02) (AMAZON-02)
5	104.111.239.158 104.111.239.158	16625 (AKAMAI-AS) (AKAMAI-AS)
14	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:eb:... 2a02:26f0:eb:3a3::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
2	54.165.255.110 54.165.255.110	14618 (AMAZON-AES) (AMAZON-AES)
1	147.75.32.125 147.75.32.125	54825 (PACKET) (PACKET)
5	99.84.156.86 99.84.156.86	16509 (AMAZON-02) (AMAZON-02)
1 3	35.171.71.143 35.171.71.143	14618 (AMAZON-AES) (AMAZON-AES)
2	104.111.250.210 104.111.250.210	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE)
1 6	108.128.104.240 108.128.104.240	16509 (AMAZON-02) (AMAZON-02)
3	151.101.114.107 151.101.114.107	54113 (FASTLY) (FASTLY)
1	147.75.102.197 147.75.102.197	54825 (PACKET) (PACKET)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	143.204.201.98 143.204.201.98	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:6c00:c:90ee:6000:21	16509 (AMAZON-02) (AMAZON-02)
5	192.28.146.116 192.28.146.116	15224 (OMNITURE) (OMNITURE)
1	3.89.179.232 3.89.179.232	14618 (AMAZON-AES) (AMAZON-AES)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
3	99.86.2.9 99.86.2.9	16509 (AMAZON-02) (AMAZON-02)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
3	2a00:1450:400... 2a00:1450:4001:814::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
1	147.75.80.95 147.75.80.95	54825 (PACKET) (PACKET)
1 2	52.18.201.224 52.18.201.224	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
4 4	54.229.128.207 54.229.128.207	16509 (AMAZON-02) (AMAZON-02)
2 2	34.245.253.34 34.245.253.34	16509 (AMAZON-02) (AMAZON-02)
1 2	3.122.214.165 3.122.214.165	16509 (AMAZON-02) (AMAZON-02)
1	54.171.1.253 54.171.1.253	16509 (AMAZON-02) (AMAZON-02)
2	52.0.1.164 52.0.1.164	14618 (AMAZON-AES) (AMAZON-AES)
1	172.217.22.66 172.217.22.66	15169 (GOOGLE) (GOOGLE)
1 6	2.21.36.181 2.21.36.181	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	99.84.157.54 99.84.157.54	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c01::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81a::2003	15169 (GOOGLE) (GOOGLE)
7 11	52.209.24.170 52.209.24.170	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	52.48.230.192 52.48.230.192	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2a00:1288:f03... 2a00:1288:f03d:1fa::2000	10310 (YAHOO-1) (YAHOO-1)
1 2	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 1	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE)
1	54.144.154.79 54.144.154.79	14618 (AMAZON-AES) (AMAZON-AES)
2	52.20.19.138 52.20.19.138	14618 (AMAZON-AES) (AMAZON-AES)
185	53

31 104.17.194.105 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.cyberark.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 99.84.156.82 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-156-82.txl52.r.cloudfront.net

content.cdntwrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:4f6b (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:214f:4600:12:53a8:95c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cihost.uberflip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a04:4e42:3::622 (Ascension Island)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.84.156.59 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-156-59.txl52.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.111.239.158 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-158.deploy.static.akamaitechnologies.com

sjrtp6-cdn.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtp-static.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:eb:3a3::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.165.255.110 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-255-110.compute-1.amazonaws.com

web-analytics.engagio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.32.125 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress4

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 99.84.156.86 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-156-86.txl52.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.171.71.143 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-71-143.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.250.210 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-250-210.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 108.128.104.240 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-104-240.eu-west-1.compute.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.107 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

embed-fastly.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.102.197 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress11

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.98 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-98.fra53.r.cloudfront.net

consent-st.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:6c00:c:90ee:6000:21 (United States)

ASN16509 (AMAZON-02, US)

dn1f1hmdujj40.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.28.146.116 (United States)

ASN15224 (OMNITURE, US)

sjrtp6.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.89.179.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-89-179-232.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.2.9 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-2-9.fra6.r.cloudfront.net

vidassets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

316-czp-275.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:814::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.80.95 (Parsippany, United States)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress16

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.18.201.224 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-201-224.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.229.128.207 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-128-207.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.245.253.34 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-245-253-34.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.214.165 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.1.253 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-1-253.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.0.1.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-1-164.compute-1.amazonaws.com

distillery.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s17-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.21.36.181 (France) 1 redirects

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-21-36-181.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.157.54 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-157-54.txl52.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c01::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.209.24.170 (Dublin, Ireland) 7 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-24-170.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.230.192 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::2000 (United Kingdom) 1 redirects

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.36 (Ascension Island) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.2 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.154.79 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-154-79.compute-1.amazonaws.com

pipedream.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.20.19.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-19-138.compute-1.amazonaws.com

fg8vvsvnieiv3ej16jby.litix.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	cyberark.com 1 redirects www.cyberark.com	2 MB
29	cdntwrk.com content.cdntwrk.com	1 MB
16	adroll.com 7 redirects s.adroll.com d.adroll.com	25 KB
14	google-analytics.com www.google-analytics.com	49 KB
14	wistia.com fast.wistia.com embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com	411 KB
10	marketo.com sjrtp6-cdn.marketo.com rtp-static.marketo.com sjrtp6.marketo.com	92 KB
8	uberflip.com cihost.uberflip.com	454 KB
7	ml314.com 1 redirects ml314.com in.ml314.com	15 KB
6	adsrvr.org 4 redirects match.adsrvr.org js.adsrvr.org insight.adsrvr.org	4 KB
6	trustarc.com consent.trustarc.com consent-st.trustarc.com	64 KB
4	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	3 KB
4	gstatic.com fonts.gstatic.com	45 KB
4	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com	72 KB
3	google.de www.google.de	708 B
3	google.com www.google.com	708 B
3	terminus.services vidassets.terminus.services	4 KB
3	facebook.com www.facebook.com	467 B
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	facebook.net connect.facebook.net	299 KB
3	cloudflare.com cdnjs.cloudflare.com	132 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	litix.io fg8vvsvnieiv3ej16jby.litix.io	172 B
2	openx.net 1 redirects us-u.openx.net	479 B
2	adnxs.com 1 redirects ib.adnxs.com	2 KB
2	leadlander.com 1 redirects tracking.leadlander.com	519 B
2	eyeota.net 1 redirects ps.eyeota.net	1 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1004 B
2	rlcdn.com 2 redirects idsync.rlcdn.com	800 B
2	demdex.net 1 redirects dpm.demdex.net	2 KB
2	marketo.net munchkin.marketo.net	7 KB
2	engagio.com web-analytics.engagio.com	2 KB
2	licdn.com snap.licdn.com	3 KB
2	driftt.com js.driftt.com	45 KB
2	googletagmanager.com www.googletagmanager.com	92 KB
1	yahoo.com 1 redirects ads.yahoo.com	676 B
1	pubmatic.com simage2.pubmatic.com	886 B
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	136 B
1	googleadservices.com www.googleadservices.com	12 KB
1	mktoresp.com 316-czp-275.mktoresp.com	311 B
1	ytimg.com s.ytimg.com	34 KB
1	cloudfront.net dn1f1hmdujj40.cloudfront.net	8 KB
1	sf14g.com t.sf14g.com	37 KB
1	youtube.com www.youtube.com	1 KB
185	43

	Domain	Requested by
31	www.cyberark.com	1 redirects www.cyberark.com content.cdntwrk.com cihost.uberflip.com
29	content.cdntwrk.com	www.cyberark.com content.cdntwrk.com cihost.uberflip.com
14	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.cyberark.com
10	d.adroll.com	6 redirects
8	fast.wistia.com	www.cyberark.com fast.wistia.com
8	cihost.uberflip.com	www.cyberark.com cihost.uberflip.com
6	s.adroll.com	1 redirects www.googletagmanager.com s.adroll.com d.adroll.com
6	ml314.com	1 redirects www.cyberark.com ml314.com
5	sjrtp6.marketo.com	sjrtp6-cdn.marketo.com rtp-static.marketo.com
5	consent.trustarc.com	www.cyberark.com consent.trustarc.com
4	match.adsrvr.org	4 redirects
4	rtp-static.marketo.com	sjrtp6-cdn.marketo.com
4	fonts.gstatic.com	fonts.googleapis.com
3	www.google.de	www.cyberark.com
3	www.google.com	www.cyberark.com
3	vidassets.terminus.services	www.googletagmanager.com www.cyberark.com
3	www.facebook.com	www.cyberark.com connect.facebook.net
3	embed-fastly.wistia.com	www.cyberark.com fast.wistia.com
3	connect.facebook.net	www.cyberark.com connect.facebook.net
3	cdnjs.cloudflare.com	www.cyberark.com cdnjs.cloudflare.com
3	fonts.googleapis.com	www.cyberark.com
2	fg8vvsvnieiv3ej16jby.litix.io	fast.wistia.com
2	us-u.openx.net	1 redirects
2	ib.adnxs.com	1 redirects
2	distillery.wistia.com	fast.wistia.com
2	tracking.leadlander.com	1 redirects www.cyberark.com
2	ps.eyeota.net	1 redirects www.cyberark.com
2	sync.crwdcntrl.net	2 redirects
2	idsync.rlcdn.com	2 redirects
2	dpm.demdex.net	1 redirects www.cyberark.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	px.ads.linkedin.com	1 redirects www.cyberark.com
2	munchkin.marketo.net	www.cyberark.com munchkin.marketo.net
2	web-analytics.engagio.com	www.cyberark.com dn1f1hmdujj40.cloudfront.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	js.driftt.com	www.cyberark.com js.driftt.com
2	www.googletagmanager.com	www.cyberark.com www.googletagmanager.com
1	pipedream.wistia.com	fast.wistia.com
1	cm.g.doubleclick.net	1 redirects
1	ads.yahoo.com	1 redirects
1	simage2.pubmatic.com
1	insight.adsrvr.org	js.adsrvr.org
1	googleads.g.doubleclick.net	www.googleadservices.com
1	d.adroll.mgr.consensu.org	1 redirects
1	js.adsrvr.org	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	in.hotjar.com	script.hotjar.com
1	vars.hotjar.com	static.hotjar.com
1	316-czp-275.mktoresp.com	munchkin.marketo.net
1	s.ytimg.com	www.youtube.com
1	in.ml314.com	ml314.com
1	dn1f1hmdujj40.cloudfront.net	web-analytics.engagio.com
1	consent-st.trustarc.com	consent.trustarc.com
1	www.linkedin.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	t.sf14g.com	www.cyberark.com
1	static.hotjar.com	www.cyberark.com
1	www.youtube.com	www.googletagmanager.com
1	sjrtp6-cdn.marketo.com	www.cyberark.com
185	59

This site contains links to these domains. Also see Links.

Domain
www.idaptive.com
cyberark.com
cyberark-customers.force.com
lp.cyberark.com
docs.cyberark.com
careers.cyberark.com
investors.cyberark.com
www.facebook.com
twitter.com
www.linkedin.com
en.wikipedia.org
login.microsoftonline.com
smartbear.com
developer.mozilla.org
scontent.fsdv2-1.fna.fbcdn.net
api.spaces.skype.com
teams.microsoft.com
aadsync-test.teams.microsoft.com
data-dev.teams.microsoft.com
www.youtube.com

Subject Issuer	Validity	Valid
cyberark.com Cloudflare Inc ECC CA-3	`2020-07-17` - `2021-07-17`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
content.cdntwrk.com DigiCert SHA2 Secure Server CA	`2020-04-07` - `2021-01-11`	9 months	crt.sh
cdnjs.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-12` - `2022-08-17`	2 years	crt.sh
*.uberflip.com Amazon	`2020-08-04` - `2021-09-04`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-08-24` - `2021-05-07`	8 months	crt.sh
drift.com Amazon	`2019-10-03` - `2020-11-03`	a year	crt.sh
*.marketo.com DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.google.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
*.engagio.com Sectigo RSA Organization Validation Secure Server CA	`2020-06-16` - `2021-06-16`	a year	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2020-08-16` - `2020-11-14`	3 months	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2019-07-09` - `2020-09-07`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
*.ml314.com Amazon	`2020-02-17` - `2021-03-17`	a year	crt.sh
prospective2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-08-29` - `2021-04-20`	8 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2020-08-17` - `2020-11-15`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
*.terminus.services Amazon	`2020-01-13` - `2021-02-13`	a year	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
www.google.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2020-08-15` - `2020-11-13`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.eyeota.net Let's Encrypt Authority X3	`2020-08-31` - `2020-11-29`	3 months	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2020-04-28` - `2022-04-28`	2 years	crt.sh
*.hotjar.com Amazon	`2020-08-29` - `2021-09-28`	a year	crt.sh
*.wistia.com Amazon	`2020-04-30` - `2021-05-30`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.google.de GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.litix.io Amazon	`2019-12-25` - `2021-01-25`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Frame ID: 08619A889ED5C9F80AF7E1387925E011
Requests: 182 HTTP requests in this frame

Frame: https://consent-st.trustarc.com/get?name=crossdomain.html&domain=cyberark.com
Frame ID: D8AB8BEFF7332DB0727C4E44703C288F
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: CB33FFF899701037E122FDFA68EFA7FF
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: B9ABA03B146EE943EC26FB01EC0036D9
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=zw7usn0&ref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&upid=fn71xvv&upv=1.1.0
Frame ID: ABE118513C857C235630BD43EEEE5848
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-mic... HTTP 301
https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerabil... Page URL

Detected technologies

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i

Page Statistics

185
Requests

99 %
HTTPS

38 %
IPv6

43
Domains

59
Subdomains

53
IPs

9
Countries

5746 kB
Transfer

10085 kB
Size

26
Cookies

32 Outgoing links

These are links going to different origins than the main page.

URL: https://www.idaptive.com/
Title: CyberArk Idaptive

Search URL Search Domain Scan URL

URL: https://cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/
Title: Register now

Search URL Search Domain Scan URL

URL: https://cyberark-customers.force.com/mplace/s/
Title: MARKETPLACE

Search URL Search Domain Scan URL

URL: https://lp.cyberark.com/gartner-mq-pam-leader
Title: BREAKAWAY

Search URL Search Domain Scan URL

URL: https://docs.cyberark.com/

Search URL Search Domain Scan URL

URL: https://docs.cyberark.com/Product-Doc/OnlineHelp/Portal/Docs.html
Title: VIEW DOCUMENTATION

Search URL Search Domain Scan URL

URL: https://cyberark-customers.force.com/partner/s/login/
Title: Partner Community

Search URL Search Domain Scan URL

URL: https://careers.cyberark.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://investors.cyberark.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Beware%20of%20the%20GIF:%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&url=https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&title=Beware%20of%20the%20GIF:%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&summary=Executive%20Summary%20As%20more%20and%20more%20business%20is%20conducted%20from%20remote%20locations,%20attackers%20are%20focusing%20their%20efforts%20on%20exploiting%20the%20key%20technologies%20%E2%80%93%20like%20Zoom%20and%20Microsoft%20Teams%20%E2%80%93%20that...
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&via=CyberArk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&title=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&summary=Executive%20Summary%20As%20more%20and%20more%20business%20is%20conducted%20from%20remote%20locations%2C%20attackers%20are%20focusing%20their%20efforts%20on%20exploiting%20the%20key%20technologies%20%E2%80%93%20like%20Zoom%20and%20Microsoft%20Teams%20%E2%80%93%20that...
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/JSON_Web_Token
Title: JWT

Search URL Search Domain Scan URL

URL: https://login.microsoftonline.com/
Title: login.microsoftonline.com

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Representational_state_transfer
Title: Rest API

Search URL Search Domain Scan URL

URL: https://smartbear.com/learn/performance-monitoring/api-endpoints/
Title: API endpoint

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/API/Body/blob
Title: fetch image content with JavaScript code as a blob

Search URL Search Domain Scan URL

URL: https://scontent.fsdv2-1.fna.fbcdn.net/v/t1.0-9/r270/10101010_10101010_10101010_o.jpg?_nc_cat=102&_nc_sid=111111&_nc_ohc=ABC&_nc_ht=scontent.fsdv2-1.fna&oh=9e2a890f5f05001e01c16d9731983d3e&oe=2AB1FCCC
Title: https://scontent.fsdv2-1.fna.fbcdn.net/v/t1.0-9/r270/10101010_10101010_10101010_o.jpg?_nc_cat=102&_nc_sid=111111&_nc_ohc=ABC&_nc_ht=scontent.fsdv2-1.fna&oh=9e2a890f5f05001e01c16d9731983d3e&oe=2AB1FCCC

Search URL Search Domain Scan URL

URL: https://api.spaces.skype.com/
Title: api.spaces.skype.com

Search URL Search Domain Scan URL

URL: https://teams.microsoft.com/
Title: teams.microsoft.com

Search URL Search Domain Scan URL

URL: https://aadsync-test.teams.microsoft.com/
Title: aadsync-test.teams.microsoft.com

Search URL Search Domain Scan URL

URL: https://data-dev.teams.microsoft.com/
Title: data-dev.teams.microsoft.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.cyberark.com%2Fresources%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Check%20out%20what%27s%20happening%20at%20CyberArk%21&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2F&via=CyberArk
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2F&title=English%20%E2%80%93%20CyberArk%20Software%20Inc%27s&summary=Check%20out%20what%27s%20happening%20at%20CyberArk%21
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/CyberArk

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CyberArk

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyber-ark-software

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/cyberarksoftware

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/ HTTP 301
https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 98

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&time=1599603027373 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D17906%26url%3Dhttps%253A%252F%252Fwww.cyberark.com%252Fresources%252Fthreat-research-blog%252Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams%26time%3D1599603027373%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&time=1599603027373&liSync=true

Request Chain 120

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3612990008484954144&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3612990008484954144&redir=

Request Chain 121

https://idsync.rlcdn.com/395886.gif?partner_uid=3612990008484954144 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYxMjk5MDAwODQ4NDk1NDE0NBAAGg0I04Lg-gUSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=a35d8f15ad2f014bc4ce334fb5724b9bb689cb7ea5c82a0dcfacb9f879f9bfeff4cb09cee1a4f8eb&person_id=3612990008484954144&eid=50082

Request Chain 122

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=0ab343a9-ec54-4411-8a54-7947adc26631 HTTP 302
https://ml314.com/csync.ashx?fp=0ab343a9-ec54-4411-8a54-7947adc26631&person_id=3612990008484954144&eid=53819

Request Chain 123

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612990008484954144 HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612990008484954144 HTTP 302
https://ml314.com/csync.ashx?fp=8f34528ee753fde8b6c93c96e110f636&eid=50146&person_id=3612990008484954144

Request Chain 124

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif

Request Chain 125

https://tracking.leadlander.com/api/tracking?accountId=19569&page=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&referer=&fp=a6dc6bfd87cac73018101f9a518b2f0d HTTP 302
https://tracking.leadlander.com/tracking.png

Request Chain 126

https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=104b57be-83be-416f-9b0e-67a9563b93b5|b69904f9-460a-44ff-aaa2-6326ebf53429 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=104b57be-83be-416f-9b0e-67a9563b93b5|b69904f9-460a-44ff-aaa2-6326ebf53429 HTTP 302
https://vidassets.terminus.services/s.gif?d=104b57be-83be-416f-9b0e-67a9563b93b5|b69904f9-460a-44ff-aaa2-6326ebf53429&t=351d12cb-cc59-4220-867b-00794da94f81

Request Chain 154

https://s.adroll.com/j/exp/6RJ2KCUITBBDPLKE34TVGK/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 156

https://d.adroll.mgr.consensu.org/consent/iabcheck/6RJ2KCUITBBDPLKE34TVGK?_s=12d27b897c29eb10247443426b6b3b60&_b=2 HTTP 302
https://d.adroll.com/consent/check/6RJ2KCUITBBDPLKE34TVGK/?_s=12d27b897c29eb10247443426b6b3b60&_b=2

Request Chain 162

https://d.adroll.com/pixel/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&xid_ch=f&pv=45512968308.06912&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32/PMP67SECPJHHNEUOUQD4P5.js

Request Chain 165

https://d.adroll.com/cm/aol,index,outbrain,pubmatic,n,taboola,triplelift/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&xid_ch=f&advertisable=6RJ2KCUITBBDPLKE34TVGK HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 166

https://d.adroll.com/cm/r/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&xid_ch=f&advertisable=6RJ2KCUITBBDPLKE34TVGK HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 167

https://d.adroll.com/cm/x/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&xid_ch=f&advertisable=6RJ2KCUITBBDPLKE34TVGK HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=ZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY

Request Chain 169

https://d.adroll.com/cm/o/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&xid_ch=f&advertisable=6RJ2KCUITBBDPLKE34TVGK HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=f8abbc4d446344e88a6ad2eb88100046 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=f8abbc4d446344e88a6ad2eb88100046

Request Chain 170

https://d.adroll.com/cm/g/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&xid_ch=f&advertisable=6RJ2KCUITBBDPLKE34TVGK&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=-Ku8TURjROiKatLriBAARg HTTP 302
https://d.adroll.com/cm/g/in

185 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams Show response
www.cyberark.com/resources/threat-research-blog/
Redirect Chain

https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

186 KB
42 KB

877ms
876ms

Document
text/html

104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dd6455fc6cca123e9c1206174817852402d85f7c710f684cea794cfa93108d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.cyberark.com
:scheme: https
:path: /resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=db66d25616519ee6cd70412afc2804fea1599603025
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 08 Sep 2020 22:10:26 GMT
content-type: text/html; charset=UTF-8
content-language: en
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
referrer-policy: unsafe-url
set-cookie: _MGZ_=4le6lprgnsnu6t002ldiqs9ha0; path=/; secure; HttpOnly uf_privacy_prefs=1%7C1; expires=Wed, 08-Sep-2021 22:10:26 GMT; Max-Age=31536000; path=/; secure pdf_event=WyJbe1widXVpZFwiOjEwOTgzMTczNTR9LDE2MzExMzkwMjZdIiwiMmNjZjQzNWZhNzcwMGU5MzI4ODdkYTgxZDE1NzEzNjQiXQ%3D%3D; expires=Wed, 08-Sep-2021 22:10:26 GMT; Max-Age=31536000; path=/; secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
cf-request-id: 05115e3eee0000bf913fbe7200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 5cfbffde4925bf91-AMS
content-encoding: gzip

Redirect headers

status: 301
date: Tue, 08 Sep 2020 22:10:25 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=db66d25616519ee6cd70412afc2804fea1599603025; expires=Thu, 08-Oct-20 22:10:25 GMT; path=/; domain=.cyberark.com; HttpOnly; SameSite=Lax; Secure wpfront-notification-bar-landingpage=1
vary: X-NR-SAMPLE-PERCENT
expires: Tue, 08 Sep 2020 23:10:25 GMT
x-redirect-by: redirection
location: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
x-powered-by: WP Engine
access-control-allow-origin: https://cyberark-customers.force.com
x-cacheable: non200
cache-control: max-age=600, must-revalidate
x-cache: MISS
x-cache-group: normal
cf-cache-status: DYNAMIC
cf-request-id: 05115e3c6a0000bf913fbe2200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 5cfbffda484fbf91-AMS

GET
H2 200 css
fonts.googleapis.com/ 5 KB
703 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7ca42272a778eeb6a9f338ae7f88b39009ca4ecc2d96e907cadbece10d73edc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Sep 2020 22:10:26 GMT
server: ESF
date: Tue, 08 Sep 2020 22:10:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Sep 2020 22:10:26 GMT

GET
H2 200 hubs.46a5cc77efb83c308f9b.css
content.cdntwrk.com/css/hubs/ 262 KB
44 KB 119ms
42ms Stylesheet
text/css 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/css/hubs/hubs.46a5cc77efb83c308f9b.css
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8117d3b33e034afa99ecd47613ce9a619fcaaf79ac5010751c7e462b80d02189

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 19:35:01 GMT
content-encoding: gzip
last-modified: Wed, 02 Sep 2020 19:28:51 GMT
server: AmazonS3
age: 527726
status: 200
etag: W/"699a3b7227d5dd613e3ed69a47f308b6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: DNJx_8urdo6wi8DPg-6fBCWRORXGHARRBdxfHm6mUcJEh4nSo0B6Ow==
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/ 46 KB
8 KB 19ms
17ms Stylesheet
text/css 2606:4700::6811:4f6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4f6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1301836
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8281
cf-request-id: 05115e425d0000323c6eb18200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
etag: "5eb03e60-b752"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5cfbffe3cd2c323c-FRA
expires: Sun, 29 Aug 2021 22:10:26 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
746 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400&display=swap

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6ef1a1376ce32bec9e4242e144e4959c62aead08bbbe68ce06b255376401ad5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Sep 2020 22:10:26 GMT
server: ESF
date: Tue, 08 Sep 2020 22:10:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Sep 2020 22:10:26 GMT

GET
H2 200 en.css
cihost.uberflip.com/cyberArk/master/build/en/ 167 KB
23 KB 63ms
25ms Stylesheet
text/css 2600:9000:214f:4600:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4600:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ee61600b6ea445eacfb77ecafb2796f04ff4189b9924a8e9ea3cca6044610d2e

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 09:54:53 GMT
content-encoding: gzip
last-modified: Thu, 27 Aug 2020 18:47:34 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1598554048/ctime:1598554048/gid:116/gname:docker/md5:5c776e1f863e5179bc73fbf95c2dcf54/mode:33188/mtime:1598554048/uid:1001/uname:runner
age: 44134
etag: "5c776e1f863e5179bc73fbf95c2dcf54"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
status: 200
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: KZQOJrpIMrEmIhSrdbd4XAKBMtsDdhKj4RQzzf0BhnryrN34KhnMcA==
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)

GET
H2 200 enlighterjs.min.css
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/ 78 KB
9 KB 37ms
35ms Stylesheet
text/css 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.css?ver=5.4.2

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 709838
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 05115e42630000bf913fbf2200000001
last-modified: Mon, 31 Aug 2020 16:20:25 GMT
server: cloudflare
etag: W/"5f4d2349-13634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5cfbffe3da3cbf91-AMS
expires: Wed, 08 Sep 2021 22:10:26 GMT

GET
H2 200 enlighterjs.min.js Show response
www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/ 57 KB
17 KB 30ms
29ms Script
application/javascript 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/wp-content/themes/understrap-child/includes/enlighter/enlighterjs.min.js?ver=5.4.2

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 709838
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 05115e42630000bf913fbf3200000001
last-modified: Mon, 31 Aug 2020 16:20:25 GMT
server: cloudflare
etag: W/"5f4d2349-e307"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5cfbffe3da3dbf91-AMS
expires: Wed, 08 Sep 2021 22:10:26 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
645 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Mono&display=swap

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab5f6957f62e41a1d99a3534746627fbf38aa9a6a442d994aecece4dea143682

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Sep 2020 21:58:27 GMT
server: ESF
date: Tue, 08 Sep 2020 22:10:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Sep 2020 22:10:26 GMT

GET
H2 200 ajax-loader-white-2x.gif
content.cdntwrk.com/img/hubs/ 3 KB
3 KB 62ms
51ms Image
image/gif 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/ajax-loader-white-2x.gif?v=64ea6287d559
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1cd0852f3077f1b059e16529d8de16acb490990d6cb796dd74873de0bfd8a91

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 01:17:22 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Wed, 02 Sep 2020 19:28:53 GMT
server: AmazonS3
age: 420785
etag: "5217392f882b27d35ec2e72946f2df7e"
status: 200
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-length: 2707
x-amz-cf-id: JWsyDaXz5XEGJJt9KKJZFY2agLhpvaQDXBFQOV1IrD9vrUEkKmaGdQ==

GET
H2 200 chevron-down-64x64.png
content.cdntwrk.com/img/hubs/ 760 B
1 KB 32ms
31ms Image
image/png 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/chevron-down-64x64.png?v=78668873251b
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 01:17:22 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Wed, 02 Sep 2020 19:28:53 GMT
server: AmazonS3
age: 420785
etag: "26818bdf0706c780af4a52b44ea17fdc"
status: 200
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-length: 760
x-amz-cf-id: _E2Su_OJ_ZBMDQ-1b0LLWiRj7cHTjD6xRMpla3liDVH_lQsdvGdM-g==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 190 KB
57 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

77a28f40294bb5dbf7d9e358798967d8d9439a2ce132e34353e52337ec26d3f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58411
x-xss-protection: 0
last-modified: Tue, 08 Sep 2020 21:36:53 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 08 Sep 2020 22:10:26 GMT

GET
H2 200 Conference-Call-2048x1365.jpg
www.cyberark.com/wp-content/uploads/2020/04/ 227 KB
228 KB 889ms
887ms Image
image/jpeg 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/Conference-Call-2048x1365.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9769cd4f39fb0096f922de43bb58281e1ab33a07bcf03617c0c40ad40d998206

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 232910
cf-request-id: 05115e42f60000bf913fbf5200000001
last-modified: Fri, 24 Apr 2020 16:12:25 GMT
server: cloudflare
etag: "5ea30fe9-38dce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe4ba7cbf91-AMS
expires: Wed, 08 Sep 2021 22:10:27 GMT

GET
H2 200 MSFT-Teams-Attack-Flow_Graphic_FINAL.png
www.cyberark.com/wp-content/uploads/2020/04/ 134 KB
134 KB 49ms
48ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/MSFT-Teams-Attack-Flow_Graphic_FINAL.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0dcf971c6457a9d008a4452f23ba3c5c290600124655f4a904e38241ee10cfc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 736631
cf-polished: origFmt=png, origSize=326032
status: 200
content-disposition: inline; filename="MSFT-Teams-Attack-Flow_Graphic_FINAL.webp"
vary: Accept
content-length: 137292
cf-request-id: 05115e42f60000bf913fbf6200000001
last-modified: Fri, 08 May 2020 19:15:34 GMT
server: cloudflare
etag: "5eb5afd6-4f990"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:26 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe4ba7dbf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 Figure1.png
www.cyberark.com/wp-content/uploads/2020/04/ 60 KB
60 KB 34ms
33ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/Figure1.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a057a268ecc7b9e29943551af59f937bee65584a19b53a5bb178f8b84f412bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1378554
cf-polished: origFmt=png, origSize=167896
status: 200
content-disposition: inline; filename="Figure1.webp"
vary: Accept
content-length: 60954
cf-request-id: 05115e42f60000bf913fbf7200000001
last-modified: Fri, 24 Apr 2020 15:29:27 GMT
server: cloudflare
etag: "5ea305d7-28fd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:26 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe4ba7ebf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 Figure3.jpg
www.cyberark.com/wp-content/uploads/2020/04/ 25 KB
26 KB 67ms
57ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/Figure3.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79452657130da8f365c79c8c685c0f5938b74b94da2e033fd9f75c19dd19c8c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 489014
cf-polished: qual=85, origFmt=jpeg, origSize=173134
status: 200
content-disposition: inline; filename="Figure3.webp"
vary: Accept
content-length: 26030
cf-request-id: 05115e43030000bf913fbf9200000001
last-modified: Fri, 24 Apr 2020 15:30:52 GMT
server: cloudflare
etag: "5ea3062c-2a44e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:26 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe4da81bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 Figure6_resize.gif
www.cyberark.com/wp-content/uploads/2020/04/ 1 MB
1 MB 74ms
64ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/Figure6_resize.gif

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

adeebcef6f3c97dd55bace3a71888caa363f538b53bd974317620df2f6e74c53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 831937
cf-polished: origFmt=gif, origSize=1897955
status: 200
content-disposition: inline; filename="Figure6_resize.webp"
vary: Accept
content-length: 1506256
cf-request-id: 05115e43030000bf913fbfa200000001
last-modified: Fri, 24 Apr 2020 19:11:27 GMT
server: cloudflare
etag: "5ea339df-1cf5e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:26 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe4da82bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 Figure7.png
www.cyberark.com/wp-content/uploads/2020/04/ 179 KB
180 KB 893ms
882ms Image
image/png 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/Figure7.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4c037b0c6b4797a3ba9a9de20bf9bdc7251a43e485ad44e7ef7687b1926fb89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 183496
cf-request-id: 05115e43030000bf913fbfb200000001
last-modified: Fri, 24 Apr 2020 15:30:57 GMT
server: cloudflare
etag: "5ea30631-2ccc8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe4da83bf91-AMS
expires: Wed, 08 Sep 2021 22:10:27 GMT

GET
H2 200 email-decode.min.js Show response
www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
839 B 25ms
15ms Script
application/javascript 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
cf-request-id: 05115e43020000bf913fbf8200000001
last-modified: Tue, 01 Sep 2020 23:31:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f4ed9e2-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 5cfbffe4da80bf91-AMS
expires: Thu, 10 Sep 2020 22:10:26 GMT

GET
H2 200 f4b25lcyzm.jsonp Show response
fast.wistia.com/embed/medias/ 3 KB
2 KB 16ms
6ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/medias/f4b25lcyzm.jsonp

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c38bd0b0b1d32ae8be2e25b416c1c629256e21ad8e6c90f780096bb4c679cb1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
x-player-privacy-mode: 1
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 76320
x-cache: HIT, HIT
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
status: 200
content-encoding: br
vary: Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
content-length: 1253
x-request-id: 2bb253264f5941f86e2e9c40f4032a4c
x-served-by: cache-dca17724-DCA, cache-fra19129-FRA
x-runtime: 0.055926
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
x-timer: S1599603027.687751,VS0,VE1
etag: W/"c38bd0b0b1d32ae8be2e25b416c1c629"
x-download-options: noopen
strict-transport-security: max-age=0
content-type: application/javascript; charset=utf-8
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
cache-control: public, no-cache
x-browser: chrome
x-browser-version: 83
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 1

GET
H2 200 E-v1.js Show response
fast.wistia.com/assets/external/ 660 KB
119 KB 17ms
7ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/E-v1.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

448c9ae0710daf6a7bd13dcc967f28e60c8071aec747adad20d526b459fbd167

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: br
vary: Accept-Encoding
age: 3582
x-cache: HIT, HIT
status: 200
content-length: 122012
x-served-by: cache-dca17762-DCA, cache-fra19129-FRA
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 08 Sep 2020 12:38:07 GMT
x-timer: S1599603027.688304,VS0,VE0
etag: "5f577b2f-1dc9c"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 189

GET
H2 200 swatch
fast.wistia.com/embed/medias/f4b25lcyzm/ 4 KB
4 KB 106ms
96ms Image
image/jpeg 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/embed/medias/f4b25lcyzm/swatch

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8adf090be4e081e6ae614a03d24c8349d07348c274c7194aa48761edf6e38ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
access-control-request-method: *
age: 8645
x-cache: HIT, MISS
status: 200
content-disposition: inline
content-length: 3735
x-served-by: cache-dca17779-DCA, cache-fra19129-FRA
access-control-allow-origin: *, *
x-browser-version: 83
last-modified: Thu, 23 Apr 2020 15:34:36 UTC
x-timer: S1599603027.689873,VS0,VE89
strict-transport-security: max-age=0
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/jpeg
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
access-control-expose-headers: Origin, Content-Type, Accept, Server, x-amz-version-id, X-Cache
cache-control: public, no-cache, max-age=31159110
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 0

GET
H2 200 Figure9.png
www.cyberark.com/wp-content/uploads/2020/04/ 26 KB
26 KB 71ms
60ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/Figure9.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c14924583e2443792aa8943ec7d47b85798f66c375971b6a845b7f055cf147d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 831937
cf-polished: origFmt=png, origSize=99236
status: 200
content-disposition: inline; filename="Figure9.webp"
vary: Accept
content-length: 26690
cf-request-id: 05115e43050000bf913fbfc200000001
last-modified: Fri, 24 Apr 2020 15:30:58 GMT
server: cloudflare
etag: "5ea30632-183a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:26 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe4da84bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 mediaproxy
content.cdntwrk.com/ 43 KB
44 KB 92ms
82ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F05%2FFuturistic-Cybersecurity-scaled.jpg&size=1&version=1594148874&sig=fa96c25f78871f222e39f745f32dfbae&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: d0062ad8888fd9a175a8e602287a89546687943c11deb37486d53d4ef99a4ea2

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 09 Aug 2020 04:15:58 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Sun, 09 Aug 2020 04:15:49 GMT
age: 2656467
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Futuristic-Cybersecurity-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 44278
x-amz-cf-id: QY92l4MWR4QWv8jpWyPnRzs3yAs-DslpcTjf6tTGEKouHCGTMH1eww==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 14 KB
14 KB 113ms
103ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F04%2FAdobeStock_263194016-scaled.jpeg&size=1&version=1594152422&sig=a9adfd868958a4d57cd8c24821329c7a&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: d747dbf5ec116dc12d77880f32c204f886b60c73c24977f7bca666e1efbd0cff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 30 Aug 2020 05:03:49 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Sun, 30 Aug 2020 05:03:40 GMT
age: 839196
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="AdobeStock_263194016-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 14457
x-amz-cf-id: a4Bx4iceWKTx_JKSPYZ0bNcRRL1e1HsHeW7Lm2lGhiBgjSg0BstGNg==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 41 KB
42 KB 92ms
82ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F09%2Fwsl-featured-image.jpg&size=1&version=1599144123&sig=3f0e81093716348d8aa2434c030205c1&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 29a39dcd3226ccaf5508d0df070b92b95ce4ab253a34c95583d68da7dac57b98

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 03 Sep 2020 14:47:19 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Thu, 03 Sep 2020 14:47:09 GMT
age: 458587
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="wsl-featured-image.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 42439
x-amz-cf-id: 0baYLvkRTyU79HcNYApbDUcINJ_zAdmuo3m4s6t45CUKjR-MgH9uDw==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 66 KB
67 KB 99ms
89ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F08%2Fmemcpy-blog-feature-image.jpg&size=1&version=1598549039&sig=9a26e0fb4db14142b271eeaf7bd4ca5c&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 52de3e595d08237604ae7214ec5c183dda9a4d64df43f2f251215f46032a2567

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 06:22:06 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Fri, 04 Sep 2020 06:21:56 GMT
age: 402500
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="memcpy-blog-feature-image.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 67987
x-amz-cf-id: 7a8jmWeMz4B1EPvUvOZw-yTMCRzZnd8naKxcwXPYU0gUUg4rrpdVDg==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 38 KB
39 KB 104ms
95ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F08%2FUsing-Kubelet-Client-to-Attack-the-Kubernetes-Cluster.jpg&size=1&version=1597953598&sig=c69eef9c97b310b17eea15299f829c46&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 663dc4e768b20f0a88649b79710a7b643e06ca6be7721f66f7c589fd01bb345c

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 05 Sep 2020 16:03:21 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Sat, 05 Sep 2020 16:03:12 GMT
age: 281224
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Using-Kubelet-Client-to-Attack-the-Kubernetes-Cluster.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 39311
x-amz-cf-id: 9Qmx1g5QhQzwuVzPJ2KPa_4DERTARiN-hGmW_M054tsL0BC62_p8QA==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 55 KB
56 KB 93ms
84ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F08%2FMasquerade-Mask-Red-scaled.jpeg&size=1&version=1597930416&sig=0092d96292f6751da213f165039bd75a&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 76d732af8696670aa1272960d2e8e75863c858af9182993743983bff86bf8b79

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 30 Aug 2020 05:03:49 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Sun, 30 Aug 2020 05:03:40 GMT
age: 839196
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Masquerade-Mask-Red-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 56637
x-amz-cf-id: yE4sxfLklAaEbJsHuXWl_BdRwsGOqEi9txlv_gSQhV9-fF_byoe05A==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 27 KB
27 KB 94ms
85ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F07%2FShadow-Claw-scaled.jpeg&size=1&version=1597325849&sig=33caaba8eb3da049f02a1e1346da4e9d&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 12fc6f25bc9828db6bf4f8f21151e1a8c1e59d6fc7553fcd8571f68384e4cc9f

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 19 Aug 2020 05:42:06 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Wed, 19 Aug 2020 05:41:57 GMT
age: 1787299
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Shadow-Claw-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 27619
x-amz-cf-id: XZRyLeI7i8TwKZhgGIWDeByXn7LCgVcTeOuLYPqRMS8ZuXO_Feze5g==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 48 KB
49 KB 95ms
86ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F07%2FMasquerade-Mask-scaled.jpg&size=1&version=1595546815&sig=f35cc7a7444c2d77ea55db8875ee5479&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 1e39ebba07598e145b7e9c0105354e7b24bdae666b5bd8587387f64ec2aec724

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 06:47:45 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Fri, 28 Aug 2020 06:47:35 GMT
age: 1005761
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Masquerade-Mask-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 49512
x-amz-cf-id: 5hRkOW7ks2HReQnMA37szYPQQcmPEvq0mIRW6V3VmZv223olB4i7eA==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 47 KB
48 KB 112ms
103ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F07%2FMask-Melting-scaled.jpg&size=1&version=1594385737&sig=85786e86c8fed31598ec2609d0fea3b0&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: a3003382aeda1ee34986ad9b467e4d4f197c4caadf41a4869e338ae9afaf2627

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 30 Aug 2020 05:03:49 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Sun, 30 Aug 2020 05:03:40 GMT
age: 839196
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Mask-Melting-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 48355
x-amz-cf-id: 2Mr8JbHWvL4A4qGAxnLYZMEk-NQt7PuRhW83SZ-u_WsbK5ynmZIWEA==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 20 KB
20 KB 118ms
110ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F06%2FLock-Image.jpg&size=1&version=1594148874&sig=8a2857efadf3c96f389e8e449051da11&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 3c814b18b08f7191c4984b4b9b335bbcf5ba084a6efadd9a95d25234dd5fba1c

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 01 Sep 2020 06:15:37 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Tue, 01 Sep 2020 06:15:28 GMT
age: 662088
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Lock-Image.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 20547
x-amz-cf-id: PYqW_sTLPamFf8MMF2Wast8CA54Os7x3-HOjAxnoqcOFBqpin7qqpw==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 43 KB
44 KB 105ms
97ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F06%2FJames-Bond-Hacker-1-scaled.jpg&size=1&version=1594148874&sig=d7970c7999b5e82da3bd1c1eff479436&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 67c6bdb295ff8a8af910f7dec83026ac26e7bb44096e6dc67d4cf45499c858f8

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 01 Sep 2020 05:49:15 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Tue, 01 Sep 2020 05:49:05 GMT
age: 663671
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="James-Bond-Hacker-1-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 44446
x-amz-cf-id: HdDkiDlWK9N9VcqV4ehmL9IH5ayZc-xw8Q366I0preZ1QARDU7cZBg==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 35 KB
36 KB 110ms
103ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F05%2FBoxelder-Bug-scaled.jpg&size=1&version=1594148874&sig=baa39a04f56484461c5b018983f3d490&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 8bcc3a9ffeebc98a247a0ce4a5aa53d1844152e29eadd5c9d5343e04cff91184

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 07:12:42 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Tue, 25 Aug 2020 07:12:32 GMT
age: 1263464
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Boxelder-Bug-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 35997
x-amz-cf-id: uk3v0cP6CiL_vhNiR6sgSwEFE3JbQB3yxHC7_VuRHkrcXzpbusP1Ng==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 32 KB
33 KB 104ms
97ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F04%2Frdp_blocks_new.png&size=1&version=1594154818&sig=418dd3580f9ddab9106eef6bee8005b0&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: d034b6f2e35abd63a2b381b565488e54c071a338e58d219cfb19ebbd5c6cd958

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 04:19:13 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Tue, 08 Sep 2020 04:19:04 GMT
age: 64272
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="rdp_blocks_new.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 33072
x-amz-cf-id: lGrL0MzvCH1dac34r1vAzhqEEJSPD4TBpcQdnoTYXxTAY0wz3w4S-Q==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 21 KB
21 KB 116ms
110ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F03%2FHorror-Movie-Hand-scaled.jpg&size=1&version=1594149238&sig=36da49ae7a7fee2632d614d018d455f6&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 9121f6c3b4fefef8a8693eda00aa22cc844bf549697c2ca41dd7853f52135d1e

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 15 Aug 2020 07:50:34 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Sat, 15 Aug 2020 07:50:25 GMT
age: 2125191
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Horror-Movie-Hand-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 21401
x-amz-cf-id: OLtqi15kV9YP86bBNjTjVsfKwx6sz7d7LKFIl67yzd2jBnBUTV4alQ==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 55 KB
56 KB 105ms
99ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F03%2FCoronaVirus-scaled.jpg&size=1&version=1594152382&sig=902769c7c26af4e7385bb65b68f49a34&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 90ab560b774f327c4b590ad52be4c0d2f8e94cf82ae400410e21b3943732fb48

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 30 Aug 2020 05:03:49 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Sun, 30 Aug 2020 05:03:40 GMT
age: 839196
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="CoronaVirus-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 56805
x-amz-cf-id: WZwXTqW12VUXbB5jCi1WasH_gqPlYAzZRijlo8ibR5r91KDr9tcpaw==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 45 KB
45 KB 107ms
101ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F02%2FRaccoon-on-Black-scaled.jpg&size=1&version=1592421140&sig=c6aca66d235b177dd16a05c8b6e86a27&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: e08cd9caf747ae36d269aab5a23b84d2ea553ddc5be15d1704b3c7c10e07c3fc

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 23:35:23 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Fri, 04 Sep 2020 23:35:13 GMT
age: 340503
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Raccoon-on-Black-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 45682
x-amz-cf-id: xuwvjPEEkZEZ6J-pxlumw8AdT2LTU-940-fo-jg5J5QNLX5oOkjyZw==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 28 KB
28 KB 106ms
100ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F02%2FPenetration-Test-scaled.jpg&size=1&version=1592421140&sig=5c0764e64cc23e75a791be5cd3c4804c&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: add1426fc76b98f70e4ec7c4123e2cd8b4a1a5d5668710b81e7c0e515a733a62

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 06 Sep 2020 06:51:38 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Sun, 06 Sep 2020 06:51:28 GMT
age: 227927
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Penetration-Test-scaled.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 28562
x-amz-cf-id: Wi0u29Yt3QWe_0H20pbR3U1DcF0OCsO4fxrO9LddNa5Yz4aEaNGeCw==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 24 KB
24 KB 105ms
101ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2020%2F01%2FKey-Fancy.jpg&size=1&version=1594148529&sig=a37b3e23885fdfbbf8746c73d3727118&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 8a9ca95247dd58b99a5063e356df3c932aad4075968488f89c9e67c7229515a0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 04:10:30 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Mon, 31 Aug 2020 04:10:20 GMT
age: 755996
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Key-Fancy.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 24422
x-amz-cf-id: NBuOVcZVwBmGNehEOzlMNIrwUCwA6Jzw-IGPvw22bezUK6Koau54MA==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 15 KB
16 KB 141ms
136ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2019%2F11%2FBlackDirect.jpg&size=1&version=1594148874&sig=0190975c957498cb6969eed6dea72f0a&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 164ffd91dc77a1b0c6020e4ea90fb185b002ba1b718c1adade570d0c16de70c5

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 06 Sep 2020 08:21:57 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Sun, 06 Sep 2020 08:21:47 GMT
age: 222509
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="BlackDirect.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 15843
x-amz-cf-id: Fmt4gVqRiYlFOesSDyzz1-WEOl36VMdjhxRSHNr2sJr3GOuGoUuskQ==

GET
H2 200 mediaproxy
content.cdntwrk.com/ 26 KB
26 KB 115ms
110ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.cyberark.com%2Fwp-content%2Fuploads%2F2019%2F11%2FBlue-Container.jpg&size=1&version=1594148874&sig=191cf02c678ac27729e42bee5d9e47ca&default=hubs%2Ftilebg-blogs.jpg
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: d519532a1fb31478c0229ed3e05cda7cbe9da592e3058942a049c2e41854e4b2

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 04:11:37 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Wed, 02 Sep 2020 04:11:27 GMT
age: 583129
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=1234567890
content-disposition: inline; filename="Blue-Container.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 26464
x-amz-cf-id: rTHk2Qy2eil54XJaQdTdMW--URMqfcAc6uEQZjLfuvuM1T2LMuGyUw==

GET
H2 200 hubs_app.46a5cc77efb83c308f9b.js Show response
content.cdntwrk.com/js/hubs/ 1 MB
308 KB 39ms
35ms Script
application/javascript 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.cdntwrk.com/js/hubs/hubs_app.46a5cc77efb83c308f9b.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 13598e894009fa7c84ae80298c81530707cfb3270dd7dc98f4bce3743ddbeb47

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 19:35:02 GMT
content-encoding: gzip
last-modified: Wed, 02 Sep 2020 19:28:57 GMT
server: AmazonS3
age: 527725
status: 200
etag: W/"19cf4bb926d6b2c3517d83f320d0df0a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: T62zDag8UUsJIhjZboBvFow3jt-kkLaCjwfEbmjRb_aOlrxEJxHHzQ==
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)

GET
H2 200 en.bundle.js Show response
cihost.uberflip.com/cyberArk/master/build/en/ 214 KB
215 KB 16ms
12ms Script
application/javascript 2600:9000:214f:4600:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.bundle.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4600:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e819a36be8f50f20b310d03eda48cfe6db3a71b1aeba7939b5e2fa258f60dad

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 09:54:53 GMT
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
last-modified: Fri, 28 Aug 2020 20:23:00 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1598646174/ctime:1598646174/gid:116/gname:docker/md5:d951023887b21f2c7ec0ff865c038b71/mode:33188/mtime:1598646174/uid:1001/uname:runner
age: 44134
etag: "d951023887b21f2c7ec0ff865c038b71"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 218976
x-amz-cf-id: 28aOXHZ80eK3Sw-PqYH1_4C_skoj__AT_pj43LrVaU10aWemmOjvkg==

GET
H2 200 ey22i6m9p82y.js Show response
js.driftt.com/include/1599603300000/ 137 KB
45 KB 232ms
158ms Script
application/javascript 99.84.156.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1599603300000/ey22i6m9p82y.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.59 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-59.txl52.r.cloudfront.net

Software

nginx /

Resource Hash

aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: gzip
x-amz-cf-pop: TXL52-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 02 Sep 2020 13:54:27 GMT
server: nginx
etag: W/"c0ffecccae38fb92e490ef3de88a7ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=UTF-8
via: 1.1 700e1fc650af7cfb451dbdb8d79d4107.cloudfront.net (CloudFront)
cache-control: max-age=10
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vtm0gpfQFc8Nr6gHlXkY3gqsusMJ9fMq2I_Li21rNs2cfSV4_fKvVA==

GET
H/1.1 200
OK rtp.js Show response
sjrtp6-cdn.marketo.com/rtp-api/v1/ 151 KB
42 KB 240ms
44ms Script
application/x-javascript 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-158.deploy.static.akamaitechnologies.com

Software

Jetty(7.3.1.v20110307) /

Resource Hash

6dd06e7449f3f7ad40d26c50b5f3e8b66ef9261038a57d1f255259a9d2d78491

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63113904
Content-Encoding: gzip
Last-Modified: Sat, 05 Sep 2020 00:44:27 GMT
Server: Jetty(7.3.1.v20110307)
Date: Tue, 08 Sep 2020 22:10:26 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: public, max-age=58
Connection: keep-alive
Content-Length: 42261

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Aug 2020 20:46:40 GMT
server: Golfe2
age: 5805
date: Tue, 08 Sep 2020 20:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18323
expires: Tue, 08 Sep 2020 22:33:41 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 964 B
759 B 8ms
8ms Script
application/x-javascript 2a02:26f0:eb:3a3::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:3a3::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: b5840616d8bf9540bbe45a42f6841f92b78c70dabd3b8ee60abb51e79c47d5d6

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:26 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Sep 2020 20:41:55 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=40020
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 446

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 48ms
23ms Script
application/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

74fef67cd959aa83f19c3de42c44e45c118b30c1059cbbc7db544381c3e6bbef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
status: 200
cache-control: no-cache
content-type: application/javascript
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 ei.js Show response
web-analytics.engagio.com/js/ 1 KB
1 KB 346ms
120ms Script
application/javascript 54.165.255.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://web-analytics.engagio.com/js/ei.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.255.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-165-255-110.compute-1.amazonaws.com
Software: /
Resource Hash: 06abb183f989ddc0f798fa810985faa6c87b01ececb389bb6f5e07e0a27d2bc3

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 08 Sep 2020 22:10:27 GMT
cache-control: max-age=0
last-modified: Tue, 01 Sep 2020 20:47:42 GMT
content-length: 1318
vary: Origin
content-type: application/javascript; charset=utf-8

GET
H2 200 hotjar-1200039.js Show response
static.hotjar.com/c/ 4 KB
2 KB 56ms
18ms Script
application/javascript 147.75.32.125
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1200039.js?sv=6

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.32.125 Amsterdam, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

pkt-ams-k2-shared-ingress4

Software

Resource Hash

c16183b1c48dd78bf824af20ba3a8d30818221af2f96f745a986778de2cd57bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: br
x-content-type-options: nosniff
content-type: application/javascript
section-io-tag: hotjarjs
age: 257
status: 200
section-io-cache: Hit
vary: Accept-Encoding
content-length: 1731
cache-control: max-age=60
etag: W/ac7357e41cf8ea2eb4e78ba911b1fcbc
access-control-max-age: 600
section-io-origin-status: 304
access-control-allow-origin: *
x-cache-hit: 1
section-io-origin-time-seconds: 0.020
accept-ranges: bytes
section-io-id: 1f6a2b19ad58d4fb859e06e814699953
section-origin-responded: true

GET
H2 200 notice Show response
consent.trustarc.com/ 8 KB
3 KB 147ms
75ms Script
text/javascript 99.84.156.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.86 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-86.txl52.r.cloudfront.net

Software

nginx /

Resource Hash

473272591216afea965f984c16e66f5b8fd24cc7f9257fe40eb3cc6384cfdd68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: TXL52-C1
x-cache: Miss from cloudfront
status: 200
content-length: 2831
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
via: 1.1 ffa01f5c992a803f4470401daea2d541.cloudfront.net (CloudFront)
cache-control: no-cache
x-amz-cf-id: Mvk3ww_ArHfOChHKkJyCiVr9xTdsDve491Em1v_VXlYHai9739m6-w==
expires: Tue, 08 Sep 2020 22:10:25 GMT

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 37 KB
37 KB 375ms
101ms Script
application/javascript 35.171.71.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.171.71.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-71-143.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:27 GMT
last-modified: Thu, 06 Aug 2020 14:28:30 GMT
server: Kestrel
etag: "1d66bfddb0de89b"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 37787
expires: -1

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 69ms
21ms Script
application/x-javascript 104.111.250.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.250.210 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-250-210.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:26 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Aug 2020 03:11:00 GMT
Server: AkamaiNetStorage
ETag: "a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 135 KB
34 KB 6ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34302
x-xss-protection: 0
pragma: public
x-fb-debug: AwKgWYPhzpnZL6sUnnfYtpxtS0H/FQoYaEXpyDw6KZs94SoK078WBI1zIZrGjzXQ+h6uljYEDOwDV6rke05M2g==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Tue, 08 Sep 2020 22:10:26 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 75 KB
30 KB 45ms
26ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-N35X6HM&t=gtm2&cid=1937439274.1599603027

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

879eb9d29de4eb7ddc1c7cc94b63bb3469534b7f798b6b077aef6fbc0b27ded6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30225
x-xss-protection: 0
last-modified: Tue, 08 Sep 2020 21:36:53 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 08 Sep 2020 22:10:26 GMT

GET
H2 200 wistia-mux.js Show response
fast.wistia.com/assets/external/ 94 KB
25 KB 6ms
6ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/wistia-mux.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

13f3533a02a0456d7483603253c555a0ba51200583a17723fbbad5f6844a81d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
content-encoding: br
vary: Accept-Encoding
age: 3582
x-cache: HIT, HIT
status: 200
content-length: 25073
x-served-by: cache-dca17720-DCA, cache-fra19129-FRA
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 08 Sep 2020 12:38:07 GMT
x-timer: S1599603027.800990,VS0,VE0
etag: "5f577b2f-61f1"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 98

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 7ms
7ms Script
application/x-javascript 2a02:26f0:eb:3a3::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:3a3::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:26 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Sep 2020 20:29:41 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=46565
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 ajax_ping Show response
www.cyberark.com/resources/hubsFront/ 49 B
169 B 581ms
581ms XHR
application/json 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_ping

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.46a5cc77efb83c308f9b.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
content-encoding: gzip
referrer-policy: unsafe-url
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-language: en
status: 200
x-xss-protection: 1; mode=block
cf-request-id: 05115e43c90000bf913f801200000001
cf-ray: 5cfbffe60ad8bf91-AMS
content-type: application/json
x-content-type-options: nosniff

GET
H2 200 sprite-1x.png
content.cdntwrk.com/img/hubs/ 59 KB
60 KB 33ms
33ms Image
image/png 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/sprite-1x.png
Requested by: Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/css/hubs/hubs.46a5cc77efb83c308f9b.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a249bcffb2d8e92a3bdff919def43b14841803ad93b80ffa864db1090e007594

Request headers

Referer: https://content.cdntwrk.com/css/hubs/hubs.46a5cc77efb83c308f9b.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 01:46:44 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Wed, 02 Sep 2020 19:28:53 GMT
server: AmazonS3
age: 419023
etag: "9e7227669aa01cd19bcc27e802668929"
status: 200
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-length: 60511
x-amz-cf-id: HWijmOWZUjv0iEGndjXILuruQwfEDsmkYpdMOvEdEzSMPxKeA4ToGA==

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 uparrow.png
content.cdntwrk.com/img/hubs/ 194 B
577 B 31ms
30ms Image
image/png 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/img/hubs/uparrow.png
Requested by: Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/css/hubs/hubs.46a5cc77efb83c308f9b.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1fb7ee27fdfb34869f89aa51d9af1cf86ecc6800ab591ec3ca78f155742200b2

Request headers

Referer: https://content.cdntwrk.com/css/hubs/hubs.46a5cc77efb83c308f9b.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 01:46:44 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Wed, 02 Sep 2020 19:28:53 GMT
server: AmazonS3
age: 419023
etag: "e5bbd7205c8f2ff1cd6c9f777f31da64"
status: 200
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-length: 194
x-amz-cf-id: sdXvW5PeYxwgI97Y4Em5jYgLwlbwKvzSfOyuaICZZLjK4WQf9bTARQ==

GET
H2 200 372722_2_0.woff
cihost.uberflip.com/cyberArk/master/build/fonts/ 46 KB
47 KB 44ms
23ms Font
application/font-woff 2600:9000:214f:4600:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/fonts/372722_2_0.woff
Requested by: Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4600:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 09977ca9f062485edde81ed15f844c03d4aff09b99d5dc5bcf737a65ec1a1090

Request headers

Origin: https://www.cyberark.com
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 09:21:08 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
age: 46159
x-cache: Hit from cloudfront
status: 200
content-length: 47147
last-modified: Thu, 28 May 2020 18:16:37 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590689786/ctime:1590689786/gid:116/gname:docker/md5:2106495eff6543739866f98a78760513/mode:33188/mtime:1590689786/uid:1001/uname:runner
etag: "2106495eff6543739866f98a78760513"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: SEBFRD9wj5EIkD-1N6_bdjjEJjoKt8PPwUnwtB4iocGqpf4E0LDY1A==

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 7ms
5ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cyberark.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 07 Sep 2020 11:04:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:37 GMT
server: sffe
age: 126383
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9016
x-xss-protection: 0
expires: Tue, 07 Sep 2021 11:04:03 GMT

GET
H2 200 372722_4_0.woff
cihost.uberflip.com/cyberArk/master/build/fonts/ 45 KB
46 KB 39ms
20ms Font
application/font-woff 2600:9000:214f:4600:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/fonts/372722_4_0.woff
Requested by: Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4600:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7299a6e60c51fc4452e4d5ae68dad334b46b0789bd1c50e6b537ebf81134bed

Request headers

Origin: https://www.cyberark.com
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 00:59:58 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
age: 76229
x-cache: Hit from cloudfront
status: 200
content-length: 46255
last-modified: Thu, 28 May 2020 18:16:37 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590689786/ctime:1590689786/gid:116/gname:docker/md5:01d21baeab65e29f57c7bf8ac404c600/mode:33188/mtime:1590689786/uid:1001/uname:runner
etag: "01d21baeab65e29f57c7bf8ac404c600"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: QQe9n5w9H2rXmEogy5YtQYcACT0rR9yEkvtGP2fxLbSFHirS-nT_fw==

GET
H2 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/ 63 KB
63 KB 19ms
17ms Font
application/octet-stream 2606:4700::6811:4f6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4f6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5567c5a47f8bbd27707bd2cffdb1679c292a07ccf09a8578e1b9eba7ab481cf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Origin: https://www.cyberark.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1301808
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 64144
cf-request-id: 05115e43dd0000323c6eb2d200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
etag: "5eb03e60-fa90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5cfbffe62a19323c-FRA
expires: Sun, 29 Aug 2021 22:10:26 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 8ms
5ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cyberark.com
Referer: https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 07 Sep 2020 11:04:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:55 GMT
server: sffe
age: 126384
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14044
x-xss-protection: 0
expires: Tue, 07 Sep 2021 11:04:02 GMT

GET
H2 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/ 61 KB
61 KB 15ms
13ms Font
application/octet-stream 2606:4700::6811:4f6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4f6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62738b62849a46842f34013b8528886f10c8d0e1c9aec47d636e05d631e2f60e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Origin: https://www.cyberark.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.2.0/css/all.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:26 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 517049
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 62472
cf-request-id: 05115e43de0000323c6eb2e200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
etag: "5eb03e60-f408"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5cfbffe63a1f323c-FRA
expires: Sun, 29 Aug 2021 22:10:26 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cyberark.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 07 Sep 2020 11:04:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: sffe
age: 126386
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 07 Sep 2021 11:04:00 GMT

GET
H2 200 S6u9w4BMUTPHh7USSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh7USSwiPGQ3q5d0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

706494a230ae9c22ebbda2b9fce9af786bac0ea5f315c80e3fbe9f44e7883c38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cyberark.com
Referer: https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 07 Sep 2020 11:04:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:39 GMT
server: sffe
age: 126378
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13912
x-xss-protection: 0
expires: Tue, 07 Sep 2021 11:04:08 GMT

GET
H2 200 372722_1_0.woff
cihost.uberflip.com/cyberArk/master/build/fonts/ 46 KB
46 KB 29ms
12ms Font
application/font-woff 2600:9000:214f:4600:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/master/build/fonts/372722_1_0.woff
Requested by: Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4600:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2effcbaf388b8c02aea5d4476e85fb461238795ee289d5b2e11e79ffc0c72ef1

Request headers

Origin: https://www.cyberark.com
Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 00:59:57 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
age: 76230
x-cache: Hit from cloudfront
status: 200
content-length: 46966
last-modified: Thu, 28 May 2020 18:16:37 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590689786/ctime:1590689786/gid:116/gname:docker/md5:7af791dcd1b1598e61ea738b93d3732c/mode:33188/mtime:1590689786/uid:1001/uname:runner
etag: "7af791dcd1b1598e61ea738b93d3732c"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: KtLoKk9XcdZVE6NimYqge4CTk8QnkhHNPtW2fndpwFPk5gZBM_Wagg==

GET
H2 200 stats_temp_item_612152274x5dae1e622665588771fb26ddcde77696f2c577be0f87350d2503e46c6b014d4a1599603026a177ad3fda57870001b577ba7276ceb127a092b6001a79c74b6cdbe41ede96ce
www.cyberark.com/resources/hubsFront/signalMetricsTemp/ 0
498 B 229ms
229ms Image
text/html 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/resources/hubsFront/signalMetricsTemp/stats_temp_item_612152274x5dae1e622665588771fb26ddcde77696f2c577be0f87350d2503e46c6b014d4a1599603026a177ad3fda57870001b577ba7276ceb127a092b6001a79c74b6cdbe41ede96ce?t=1599603027039

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
content-encoding: gzip
referrer-policy: unsafe-url
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-language: en
status: 200
x-xss-protection: 1; mode=block
cf-request-id: 05115e446f0000bf913f804200000001
cf-ray: 5cfbffe71b29bf91-AMS
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

GET
H/1.1 200
OK tag.aspx Show response
ml314.com/ 26 KB
12 KB 130ms
35ms Script
application/javascript 108.128.104.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?98
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.104.240 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-104-240.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 390a28be2ca4bcea5b71fe050295281a1a8fc99175690cdd62de378190400acb

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 08 Sep 2020 06:48:17 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=31070
Connection: keep-alive
Content-Length: 11933
Expires: Wed, 09 Sep 2020 06:48:17 GMT

GET
H2 200 aHViPTEwODU0MCZjbWQ9aXRlbWVkaXRvcmltYWdlJmZpbGVuYW1lPWl0ZW1lZGl0b3JpbWFnZV81ZWEwOTk2MjU0MjZiLmpwZyZ2ZXJzaW9uPTAwMDAmc2lnPTA1NWY2ZjY4ZjA0YjA3ZDA2ZjdmNzIzMTUxZGM3ZGI1
content.cdntwrk.com/files/ 27 KB
27 KB 43ms
42ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9aXRlbWVkaXRvcmltYWdlJmZpbGVuYW1lPWl0ZW1lZGl0b3JpbWFnZV81ZWEwOTk2MjU0MjZiLmpwZyZ2ZXJzaW9uPTAwMDAmc2lnPTA1NWY2ZjY4ZjA0YjA3ZDA2ZjdmNzIzMTUxZGM3ZGI1
Requested by: Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 2a56fd50da5a76b1d6c2557da8821b1c176f5692123217e774d23b0f21f80569

Request headers

Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 20 Aug 2020 02:47:18 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Wed, 22 Apr 2020 19:22:11 GMT
age: 1711389
etag: "1587583331-9e930cc2c4d1e2b29ff91c8a4063590a"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=15552000
content-disposition: inline; filename="itemeditorimage_5ea099625426b.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 27413
x-amz-cf-id: IVKQ-Iw8Np1SE_htz7Z79RrOBynmu_lCTJ6o1KWwCtwbjlKBm7qHaQ==

GET
H2 200 Texture-01.png
www.cyberark.com/wp-content/uploads/2017/01/ 104 B
368 B 27ms
27ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2017/01/Texture-01.png

Requested by

Host: cihost.uberflip.com
URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f17d5cdb83007c4a737aa84963d7e5a0b17947a9e800f1748b71e39e2894fdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cihost.uberflip.com/cyberArk/master/build/en/en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2528536
cf-polished: origFmt=png, origSize=142
status: 200
content-disposition: inline; filename="Texture-01.webp"
vary: Accept
content-length: 104
cf-request-id: 05115e44960000bf913f805200000001
last-modified: Sat, 07 Sep 2019 00:02:15 GMT
server: cloudflare
etag: "5d72f387-8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe75b39bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 372722_2_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
26 KB 18ms
17ms Font
binary/octet-stream 2600:9000:214f:4600:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_2_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4600:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f

Request headers

Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 08:02:24 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
age: 50884
x-cache: Hit from cloudfront
status: 200
content-length: 26033
last-modified: Wed, 27 May 2020 16:17:01 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:83914a011477cb60998949144e2ac5aa/mode:33188/mtime:1590596208/uid:1001/uname:runner
etag: "83914a011477cb60998949144e2ac5aa"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: 6u6dvJsbyu89KhHWJqYKMSuIVU8gOwVIqr9E37sQyNY8wmVL73z5pw==

GET
H2 200 372722_1_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
26 KB 18ms
17ms Font
binary/octet-stream 2600:9000:214f:4600:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_1_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4600:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d4761d421bbf2f059126b9ce4f5e0a9f7bc83b046a58162780a2b9c3ab8c9a56

Request headers

Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 04:51:44 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
age: 62324
x-cache: Hit from cloudfront
status: 200
content-length: 26041
last-modified: Wed, 27 May 2020 16:17:01 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:0601eae673330329b340003d42fc1c36/mode:33188/mtime:1590596208/uid:1001/uname:runner
etag: "0601eae673330329b340003d42fc1c36"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: JxWNKLuvb7Xki2qzgbOdMXzn8RMS1eb361tOvCsY0aGsQBHh94eTTA==

GET
H2 200 372722_4_unhinted_0.woff2
cihost.uberflip.com/cyberArk/OB-3963/build/fonts/ 25 KB
25 KB 19ms
19ms Font
binary/octet-stream 2600:9000:214f:4600:12:53a8:95c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cihost.uberflip.com/cyberArk/OB-3963/build/fonts/372722_4_unhinted_0.woff2
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:4600:12:53a8:95c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4

Request headers

Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 08:46:56 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
age: 48212
x-cache: Hit from cloudfront
status: 200
content-length: 25237
last-modified: Wed, 27 May 2020 16:17:01 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1590596208/ctime:1590596208/gid:116/gname:docker/md5:da77e86db861301f9320c467d834e649/mode:33188/mtime:1590596208/uid:1001/uname:runner
etag: "da77e86db861301f9320c467d834e649"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: Ec48E61si8lS3mFri4-WGdtCCLNy0geRR47p-ml0rF2y2LTAuu_84Q==

GET
H2 200 cyberarc-logo.svg
www.cyberark.com/wp-content/uploads/2018/07/ 3 KB
1 KB 36ms
31ms Image
image/svg+xml 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2018/07/cyberarc-logo.svg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9faf25857e2b71b113ef06adec190e50c3d37ff1593f1af516f5e671e1c756d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4727258
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 05115e44d00000bf913f806200000001
last-modified: Sat, 07 Sep 2019 00:02:11 GMT
server: cloudflare
etag: W/"5d72f383-b69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5cfbffe7bb53bf91-AMS
expires: Wed, 08 Sep 2021 22:10:27 GMT

GET
H2 200 alero-menu.jpg
www.cyberark.com/wp-content/uploads/2019/07/ 7 KB
7 KB 37ms
31ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2019/07/alero-menu.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56721bb4c54b76426a4295c2c97235ddf59314e23b2c99ea21a9795b6b6b99a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4742494
cf-polished: qual=85, origFmt=jpeg, origSize=10092
status: 200
content-disposition: inline; filename="alero-menu.webp"
vary: Accept
content-length: 6840
cf-request-id: 05115e44d00000bf913f807200000001
last-modified: Sat, 07 Sep 2019 00:02:09 GMT
server: cloudflare
etag: "5d72f381-276c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb54bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 menu-cta-epm.jpg
www.cyberark.com/wp-content/uploads/2020/01/ 6 KB
6 KB 35ms
30ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/01/menu-cta-epm.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d6a26c0321d82d556928adac56d890db157836127ca8f2e9f3d218619be2786

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1643030
cf-polished: qual=85, origFmt=jpeg, origSize=14137
status: 200
content-disposition: inline; filename="menu-cta-epm.webp"
vary: Accept
content-length: 6214
cf-request-id: 05115e44d00000bf913f808200000001
last-modified: Wed, 08 Jan 2020 21:40:57 GMT
server: cloudflare
etag: "5e164c69-3739"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb55bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 menu-cta-bca.jpg
www.cyberark.com/wp-content/uploads/2019/07/ 3 KB
3 KB 31ms
26ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2019/07/menu-cta-bca.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4075d680687401f4dcc0a96670dda2d6cf27fadb262c1fb17b1ea4d53b19954f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1643030
cf-polished: qual=85, origFmt=jpeg, origSize=4848
status: 200
content-disposition: inline; filename="menu-cta-bca.webp"
vary: Accept
content-length: 2900
cf-request-id: 05115e44d00000bf913f809200000001
last-modified: Sat, 07 Sep 2019 00:02:09 GMT
server: cloudflare
etag: "5d72f381-12f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb56bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 gartner-menu-230x118-1.jpg
www.cyberark.com/wp-content/uploads/2020/08/ 8 KB
9 KB 36ms
32ms Image
image/jpeg 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/08/gartner-menu-230x118-1.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

965c0ca2665a04fcecaf633ae9549071d635109f2e91251ccd525e31243e7e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1643762
cf-polished: degrade=85, origSize=32710, status=webp_bigger
status: 200
vary: Accept-Encoding
content-length: 8616
cf-request-id: 05115e44d00000bf913f80a200000001
last-modified: Tue, 04 Aug 2020 13:17:22 GMT
server: cloudflare
etag: "5f295fe2-7fc6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb57bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 Asset-29-1.jpg
www.cyberark.com/wp-content/uploads/2018/07/ 6 KB
6 KB 31ms
27ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2018/07/Asset-29-1.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e067179e856423d441df4ceb4d52dd5fbd2334469b1d4423b708b180ffa3cc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4673817
cf-polished: qual=85, origFmt=jpeg, origSize=26993
status: 200
content-disposition: inline; filename="Asset-29-1.webp"
vary: Accept
content-length: 6434
cf-request-id: 05115e44d10000bf913f80b200000001
last-modified: Sat, 07 Sep 2019 00:02:11 GMT
server: cloudflare
etag: "5d72f383-6971"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb58bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 logo-docs-white.png
www.cyberark.com/wp-content/uploads/2019/07/ 2 KB
2 KB 29ms
25ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2019/07/logo-docs-white.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88ddaf0c5c89f488473f65baaa6ba54425859023c297f8802607edb1629ac083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1655657
cf-polished: origFmt=png, origSize=3350
status: 200
content-disposition: inline; filename="logo-docs-white.webp"
vary: Accept
content-length: 1594
cf-request-id: 05115e44d10000bf913f80c200000001
last-modified: Sat, 07 Sep 2019 00:02:09 GMT
server: cloudflare
etag: "5d72f381-d16"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb59bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 PeerInsights.png
www.cyberark.com/wp-content/uploads/2019/04/ 7 KB
7 KB 36ms
32ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2019/04/PeerInsights.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6df6b8e7ae078cd4669e3cb25e2025eeed5dcf9482c80d1c5890df813c51a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4742494
cf-polished: origFmt=png, origSize=15214
status: 200
content-disposition: inline; filename="PeerInsights.webp"
vary: Accept
content-length: 6940
cf-request-id: 05115e44d10000bf913f80d200000001
last-modified: Sat, 07 Sep 2019 00:02:10 GMT
server: cloudflare
etag: "5d72f382-3b6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb5abf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 Asset-27-1.jpg
www.cyberark.com/wp-content/uploads/2018/07/ 9 KB
9 KB 32ms
28ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2018/07/Asset-27-1.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d054f842d897a1e7524a632609473c4db1ed9292366c56158ee41f5111c6a561

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 511869
cf-polished: qual=85, origFmt=jpeg, origSize=35620
status: 200
content-disposition: inline; filename="Asset-27-1.webp"
vary: Accept
content-length: 9394
cf-request-id: 05115e44d10000bf913f80e200000001
last-modified: Sat, 07 Sep 2019 00:02:11 GMT
server: cloudflare
etag: "5d72f383-8b24"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb5bbf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 Asset-30-1.jpg
www.cyberark.com/wp-content/uploads/2018/07/ 10 KB
10 KB 30ms
27ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2018/07/Asset-30-1.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd44b243a2166987e1f2a5a567127ff469061bd4168fac5aa9100a32866c242

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4742494
cf-polished: qual=85, origFmt=jpeg, origSize=36736
status: 200
content-disposition: inline; filename="Asset-30-1.webp"
vary: Accept
content-length: 10298
cf-request-id: 05115e44d10000bf913f80f200000001
last-modified: Sat, 07 Sep 2019 00:02:11 GMT
server: cloudflare
etag: "5d72f383-8f80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb5cbf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 menu-demo.jpg
www.cyberark.com/wp-content/uploads/2019/03/ 10 KB
10 KB 31ms
28ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2019/03/menu-demo.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60d29b978f7f71f1d64f492179cc69946f9bb4105827cf98ac47392d0d96310c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4742494
cf-polished: qual=85, origFmt=jpeg, origSize=10586
status: 200
content-disposition: inline; filename="menu-demo.webp"
vary: Accept
content-length: 10260
cf-request-id: 05115e44d10000bf913f810200000001
last-modified: Sat, 07 Sep 2019 00:02:10 GMT
server: cloudflare
etag: "5d72f382-295a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe7bb5dbf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 aHViPTEwODU0MCZjbWQ9aXRlbWVkaXRvcmltYWdlJmZpbGVuYW1lPWl0ZW1lZGl0b3JpbWFnZV81ZWExZjA0MTRkMTc0LnBuZyZ2ZXJzaW9uPTAwMDAmc2lnPTJiZmE3ZmMwYjRkODEyZTgyMmFhNzUwMWJjNTg4Mzhm
content.cdntwrk.com/files/ 3 KB
4 KB 45ms
42ms Image
image/png 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9aXRlbWVkaXRvcmltYWdlJmZpbGVuYW1lPWl0ZW1lZGl0b3JpbWFnZV81ZWExZjA0MTRkMTc0LnBuZyZ2ZXJzaW9uPTAwMDAmc2lnPTJiZmE3ZmMwYjRkODEyZTgyMmFhNzUwMWJjNTg4Mzhm
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 019acccf585b9f7ac02babc4e8c8e7ade62f92941d8adc1421f4290dd12a828f

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 04 Sep 2020 20:50:15 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Thu, 23 Apr 2020 19:45:06 GMT
age: 350412
etag: "1587671106-fc8dde0ac035dfcf4d9b42766428b08c"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=15552000
content-disposition: inline; filename="itemeditorimage_5ea1f0414d174.png"
x-amz-cf-pop: TXL52-C1
content-length: 3282
x-amz-cf-id: DkvCMACwOPs4Y_IrUWZrW454lnddIjT-9GbSLfw_K3EYTl04zb0xoQ==

GET
H2 200 286320195733404 Show response
connect.facebook.net/signals/config/ 524 KB
133 KB 59ms
59ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/286320195733404?v=2.9.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

91a9192422a4fc5e96851438289da04938712e94a1e8f9ef0f5301537f688327

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: AqEfQIDFS09lXRWiynkHqe7YEM8gj84NiSauFoTdOqyYzmcjBBooX6v8d7azLUgvhrv1ZQDSXU5xOysv84CV7g==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Tue, 08 Sep 2020 22:10:27 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 3 KB
3 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dbfe57981517fb06081dfdc343e0a6ebb3bb5222e6042e1e87bc256dd20337e5

Request headers

Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 b6c49a659f841f879cecbda228fcffea30bb4ac7.webp
embed-fastly.wistia.com/deliveries/ 54 KB
55 KB 69ms
21ms Image
image/webp 151.101.114.107
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed-fastly.wistia.com/deliveries/b6c49a659f841f879cecbda228fcffea30bb4ac7.webp?image_crop_resized=1650x894
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.107 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5d6c962cae95f134f841148842627cd4dbba1840844d4f2250b2ec213c6972d8

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
via: 1.1 varnish, 1.1 varnish
age: 722104
edge-cache-tag: b6c49a659f841f879cecbda228fcffea30bb4ac7
status: 200
x-cache-hits: 1, 1
x-cache: HIT, HIT
content-length: 55602
access-control-request-method: *
x-served-by: cache-dca17746-DCA, cache-hhn4074-HHN
last-modified: Thu, 23 Apr 2020 15:34:36 UTC
x-timer: S1599603027.286193,VS0,VE1
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/webp
access-control-allow-origin: *
content-disposition: inline
cache-control: max-age=31536000
accept-ranges: bytes
access-control-expose-headers: Origin, Content-Type, Accept, Server, x-amz-version-id, X-Cache

GET
H2 200 modules.cdda87288536a6fb1c7f.js Show response
script.hotjar.com/ 358 KB
70 KB 50ms
16ms Script
application/javascript 147.75.102.197
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.cdda87288536a6fb1c7f.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1200039.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.197 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress11
Software: /
Resource Hash: c665ff20e14938ff62a9ef5c08f3c69d72ad46bbe5cf15c21ce8d4fa852ebd10

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
content-encoding: br
age: 39242
status: 200
section-io-cache: Hit
content-length: 71304
last-modified: Tue, 08 Sep 2020 11:13:08 GMT
etag: "696c6bc1f657504a33ea6ceab2e65848"
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.025
section-io-id: 7cae60395cddb08644dc53a5328dff02
accept-ranges: bytes
content-type: application/javascript
section-origin-responded: true

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/159/ 11 KB
5 KB 22ms
21ms Script
application/x-javascript 104.111.250.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/159/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.250.210 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-250-210.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:27 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 May 2020 02:24:14 GMT
Server: AkamaiNetStorage
ETag: "79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4810
Expires: Thu, 17 Dec 2020 22:10:27 GMT

GET
H2 200 aHViPTEwODU0MCZjbWQ9YmFja2dyb3VuZF9pbWFnZSZ2ZXJzaW9uPTE1OTc0MTUzODMmc2lnPTk0ZGM5ZDM3NzU2YzdiZmIyODY2MjgwNjYyNzQwNmY5
content.cdntwrk.com/files/ 186 KB
186 KB 44ms
43ms Image
image/jpeg 99.84.156.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.cdntwrk.com/files/aHViPTEwODU0MCZjbWQ9YmFja2dyb3VuZF9pbWFnZSZ2ZXJzaW9uPTE1OTc0MTUzODMmc2lnPTk0ZGM5ZDM3NzU2YzdiZmIyODY2MjgwNjYyNzQwNmY5
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.156.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-156-82.txl52.r.cloudfront.net
Software: /
Resource Hash: 068ea132cbc88e249815a0cfcb288b94cafe2812cc66ed0b83781f9156d0df90

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 06 Sep 2020 07:02:36 GMT
via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
last-modified: Fri, 08 May 2020 16:18:36 GMT
age: 227271
etag: "1588954716-be99bf6a6e12dc968d17e108eb199e37"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=15552000
content-disposition: inline; filename="background_image.jpg"
x-amz-cf-pop: TXL52-C1
content-length: 190132
x-amz-cf-id: oY_kbF7ACSonc1gn2gx_wZi2L-4XW8AUdQ9LpH7WO8mMyFsqlGKouA==

POST
H2 200 ajax_updateMAPUsers Show response
www.cyberark.com/resources/hubsFront/ 126 B
213 B 585ms
585ms XHR
application/json 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_updateMAPUsers

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.46a5cc77efb83c308f9b.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b98e0f76f97857fce1b3fbd8e9ed5775988e85fffd71dcc2422f8d012378ea34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
content-encoding: gzip
referrer-policy: unsafe-url
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-language: en
status: 200
x-xss-protection: 1; mode=block
cf-request-id: 05115e45b00000bf913f812200000001
cf-ray: 5cfbffe91ba3bf91-AMS
content-type: application/json
x-content-type-options: nosniff

POST
H2 200 ajax_trackCtaView Show response
www.cyberark.com/resources/hubsFront/ 0
108 B 187ms
187ms XHR
text/html 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_trackCtaView

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.46a5cc77efb83c308f9b.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
content-encoding: gzip
referrer-policy: unsafe-url
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-language: en
status: 200
x-xss-protection: 1; mode=block
cf-request-id: 05115e45b30000bf913f813200000001
cf-ray: 5cfbffe91ba6bf91-AMS
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D17906%26url%3Dhttps%253A%252F%252Fwww.cyberark.com%252Fresources%252Fthreat-resea...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&...

0
80 B

178ms
177ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&time=1599603027373&liSync=true
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: JrDtl3ruMhbQNxm0jSsAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: GE3BknruMhYADM7MWysAAA==
pragma: no-cache
x-li-pop: afd-prod-ltx1
x-msedge-ref: Ref A: F8FE0C5A06F44866BEC7ED1467BE907C Ref B: FRAEDGE1508 Ref C: 2020-09-08T22:10:27Z
x-frame-options: sameorigin
date: Tue, 08 Sep 2020 22:10:27 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=17906&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&time=1599603027373&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 get
consent-st.trustarc.com/ Frame D8AB 0
0 79ms
27ms Document
text/html 143.204.201.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-st.trustarc.com/get?name=crossdomain.html&domain=cyberark.com

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.201.98 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-201-98.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

:method: GET
:authority: consent-st.trustarc.com
:scheme: https
:path: /get?name=crossdomain.html&domain=cyberark.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Response headers

status: 200
content-type: text/html;charset=UTF-8
date: Fri, 04 Sep 2020 10:46:07 GMT
server: nginx
access-control-allow-origin: *
pragma: public
expires: Sun, 04 Oct 2020 10:46:07 GMT
cache-control: max-age=2592000
x-frame-options: ALLOWALL
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: hBI4Jup-7NVRrj2UPntq7uYGpRgRoY3W94AlG1_3MDtoXbgApNfqow==
age: 386660

GET
H2 200 v1.7-146 Show response
consent.trustarc.com/asset/notice.js/v/ 66 KB
22 KB 133ms
71ms Script
text/javascript 99.84.156.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/asset/notice.js/v/v1.7-146

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.86 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-86.txl52.r.cloudfront.net

Software

nginx /

Resource Hash

b5ae93cd8487bcb5ead39efb67a4fb36984e0ffc2a923d70b611c5a96a2c9ed0

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: TXL52-C1
x-cache: Miss from cloudfront
status: 200
pragma: public
access-control-allow-origin: *
last-modified: Fri, 4 Sep 2020 10:33:06 GMT
server: nginx
x-frame-options: ALLOWALL
content-type: text/javascript
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-id: xPO5lbiEsBfB2Gz1VDEHtNTJhYshj8QzfIZkLE-7E1NNStX-0TWg6w==
expires: Thu, 08 Oct 2020 22:10:27 GMT

GET
H2 200 ei_track_all_packed.js Show response
dn1f1hmdujj40.cloudfront.net/js/ 8 KB
8 KB 37ms
10ms Script
application/javascript 2600:9000:214f:6c00:c:90ee:6000:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dn1f1hmdujj40.cloudfront.net/js/ei_track_all_packed.js
Requested by: Host: web-analytics.engagio.com
URL: https://web-analytics.engagio.com/js/ei.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6c00:c:90ee:6000:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bef63fdeac2142057db2ecc9979b79e3d4d4b7912521d2943c10a83552dadc33

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:09:04 GMT
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
last-modified: Tue, 01 Sep 2020 20:47:42 GMT
age: 84
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=300
x-amz-cf-pop: FRA53-C1
content-length: 8185
x-amz-cf-id: 5MsgviJraTx0lIr9nqKEgUQtv0HYSxjWROAhPHpwfZJVkFhIT00l-g==

GET
H/1.1 200
OK jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/ 22 KB
4 KB 97ms
51ms Stylesheet
text/css 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Nov 2017 08:57:42 GMT
Server: AkamaiNetStorage
ETag: "7f5b0bee9b1f7af8413b351cbceca223:1510045062"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 3752

GET
H/1.1 200
OK trw Show response
sjrtp6.marketo.com/gw1/ 213 B
663 B 800ms
157ms Script
application/x-javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/trw?aid=cyberarksoftware&trwv.uid=cyberarksoftware-1599603027429-e2250f18&trwv.vc=1&trwsa.sid=cyberarksoftware-1599603027430-efefddd2&trwsb.cpv=1&ctzo=+02:00&uri=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&pm=&viewedTypes=&rts=1599603027433

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

5fafdd8c3a3e5401aed50771cdc828e6cd7843ab326bce893521890940a59fc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:28 GMT
Content-Encoding: gzip
Server: Jetty(7.3.1.v20110307)
Transfer-Encoding: chunked
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904

GET
H/1.1 200
OK ga-integration-2.0.2.js Show response
rtp-static.marketo.com/rtp/libs/ 15 KB
5 KB 65ms
23ms Script
application/x-javascript 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.2.js
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7fb58f6c6c2c3b61909e3b4bb9e199d95d5e2a4e39b58f25d1a9894971ed16b9

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:27 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
X-Check-Cacheable: YES
Connection: keep-alive
Content-Length: 4977
Last-Modified: Tue, 03 Jul 2018 13:42:27 GMT
Server: AkamaiNetStorage
ETag: "52b7a5deba12e7e1147fcebaa9fd9691:1530625347"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK utsync.ashx Show response
ml314.com/ 644 B
1 KB 34ms
32ms Script
application/javascript 108.128.104.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=52079&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&pv=1599603027439_8p9v2w4cn&bl=en-us&cb=3660964&return=&ht=&d=&dc=&si=1599603027439_8p9v2w4cn&cid=production%7C%7C108540%7C%7C6824673%7C%7C612152274&s=1600x1200&rp=
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?98
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.104.240 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-104-240.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 6dc5e754bf45db3c8108a4d76480a1e6de254d3c2c6e1ef3b4cea4990390dc47

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Sep 2020 22:10:26 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 467
Expires: 0

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 20 B
482 B 481ms
175ms Script
application/javascript 3.89.179.232
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=982020
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?98
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.89.179.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-89-179-232.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:27 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public
Connection: keep-alive
Content-Length: 138
Expires: Wed, 09 Sep 2020 22:10:27 GMT

GET
H2 200 Conference-Call-scaled.jpg
www.cyberark.com/wp-content/uploads/2020/04/ 153 KB
154 KB 45ms
45ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/04/Conference-Call-scaled.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99614852f59e7c1e6be9b4b81cf6194cfba323b85d81c28a9d7f5a29014d87af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137664
cf-polished: qual=85, origFmt=jpeg, origSize=304846
status: 200
content-disposition: inline; filename="Conference-Call-scaled.webp"
vary: Accept
content-length: 156964
cf-request-id: 05115e46030000bf913f814200000001
last-modified: Fri, 24 Apr 2020 16:12:21 GMT
server: cloudflare
etag: "5ea30fe5-4a6ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbffe99bc1bf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 /
www.facebook.com/tr/ 44 B
262 B 7ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=286320195733404&ev=PageView&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&rl=&if=false&ts=1599603027461&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1599603027460.1090199668&it=1599603027159&coo=false&rqm=GET

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 08 Sep 2020 22:10:27 GMT

GET
H/1.1 200
OK jquery-custom-ui.min.js Show response
rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/ 126 KB
35 KB 66ms
31ms Script
application/x-javascript 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/jquery-custom-ui.min.js
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Jan 2018 12:54:21 GMT
Server: AkamaiNetStorage
ETag: "5a9f8dd85d85afd20544bd437a505338:1515502461"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 35484

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflPPZq4_/ 92 KB
34 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflPPZq4_/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d90c5b66f7e06efd28521279de5ddd5508c19fb8231bfb50fa644526e2204b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 07 Sep 2020 17:53:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101819
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33861
x-xss-protection: 0
last-modified: Thu, 03 Sep 2020 15:01:54 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Tue, 15 Sep 2020 17:53:28 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j85&tid=UA-44168172-9&cid=1937439274.1599603027&jid=2143467654&gjid=1177012722&_gid=498314702.1599603027&_u=aGDAgEADQAAAAE~&z=1254618086

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 08 Sep 2020 22:10:27 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
210 B 6ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEADQ~&jid=2143467654&gjid=1177012722&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&z=222027695

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23439
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 t.js Show response
vidassets.terminus.services/104b57be-83be-416f-9b0e-67a9563b93b5/ 4 KB
2 KB 82ms
31ms Script
application/javascript 99.86.2.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vidassets.terminus.services/104b57be-83be-416f-9b0e-67a9563b93b5/t.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.2.9 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-2-9.fra6.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

4014a05aacaa586346e71903afbc4537863681e4df786fa132e4a547cd6cfeb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Mon, 10 Aug 2020 14:04:09 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70f.cloudfront.net (CloudFront)
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: UIWXLnf7de9kGIAwvON1XETrTTWWie0-LIqgnFiBDYpaNOF9cbDgbQ==

GET
H/1.1 200
OK visitWebPage Show response
316-czp-275.mktoresp.com/webevents/ 2 B
311 B 813ms
168ms XHR
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://316-czp-275.mktoresp.com/webevents/visitWebPage?_mchNc=1599603027546&_mchCn=&_mchId=316-CZP-275&_mchTk=_mch-cyberark.com-1599603027545-92698&_mchHo=www.cyberark.com&_mchPo=&_mchRu=%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:28 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 17a24856-b7b1-4432-bc5f-15e59c423edb

GET
H/1.1 200
OK msg Show response
sjrtp6.marketo.com/gw1/ 0
494 B 676ms
156ms Script
text/javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/msg?a=2&sid=cyberarksoftware-1599603027430-efefddd2&aid=cyberarksoftware&ma=id%3A316-CZP-275%26token%3A_mch-cyberark.com-1599603027545-92698&viewedTypes=&0.3607685433508354&rts=1599603027555

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:28 GMT
Content-Encoding: gzip
Server: Jetty(7.3.1.v20110307)
Transfer-Encoding: chunked
Connection: close
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 19ms
17ms Image
image/gif 2a00:1450:4001:814::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-44168172-9&cid=1937439274.1599603027&jid=2143467654&_u=aGDAgEADQAAAAE~&z=712486733

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 18ms
16ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-44168172-9&cid=1937439274.1599603027&jid=2143467654&_u=aGDAgEADQAAAAE~&z=712486733

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame CB33 0
0 48ms
15ms Document
text/html 147.75.80.95
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1200039.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.80.95 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress16
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Response headers

status: 200
date: Tue, 08 Sep 2020 22:10:27 GMT
content-type: text/html
content-length: 851
last-modified: Mon, 17 Aug 2020 18:24:17 GMT
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control: max-age=31536000
content-encoding: br
section-io-origin-status: 200
section-io-origin-time-seconds: 0.045
section-origin-responded: true
age: 1888171
vary: Accept-Encoding
section-io-cache: Hit
accept-ranges: bytes
section-io-id: ca109b8b0e36f3e52bd6555886cd288c

GET
H2 200 stat Show response
web-analytics.engagio.com/api/ 69 B
161 B 112ms
112ms Script
text/javascript 54.165.255.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://web-analytics.engagio.com/api/stat?page_url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&page_title=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&track_type=page&action=ei_view&category=ei_page_tracking&client_id=&account_id=1440256f654cc5fa543e4c78865c0cb0a8811570&method=post&callback=EI.api._callbacks.s8913462
Requested by: Host: dn1f1hmdujj40.cloudfront.net
URL: https://dn1f1hmdujj40.cloudfront.net/js/ei_track_all_packed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.255.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-165-255-110.compute-1.amazonaws.com
Software: /
Resource Hash: 13531ee5e0ea869c1c5031d66214aa93ecd2bf15314d710061b491c5c31fa39d

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 08 Sep 2020 22:10:27 GMT
content-length: 69
vary: Origin
content-type: text/javascript; charset=utf-8

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3612990008484954144&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3612990008484954144&redir=

42 B
915 B

32ms
32ms

Image
image/gif

52.18.201.224
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3612990008484954144&redir=

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.18.201.224 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-18-201-224.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v080-08d6218d3.edge-irl1.demdex.com 5.77.1.20200831093501 0ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: ISJcFahoRr0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: T9dbAA5WSkM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3612990008484954144&redir=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3612990008484954144
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYxMjk5MDAwODQ4NDk1NDE0NBAAGg0I04Lg-gUSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=a35d8f15ad2f014bc4ce334fb5724b9bb689cb7ea5c82a0dcfacb9f879f9bfeff4cb09cee1a4f8eb&person_id=3612990008484954144&eid=50082

43 B
312 B

32ms
31ms

Image
image/gif

108.128.104.240
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=a35d8f15ad2f014bc4ce334fb5724b9bb689cb7ea5c82a0dcfacb9f879f9bfeff4cb09cee1a4f8eb&person_id=3612990008484954144&eid=50082
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.104.240 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-104-240.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:27 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Wed, 09 Sep 2020 18:10:27 GMT

Redirect headers

date: Tue, 08 Sep 2020 22:10:27 GMT
via: 1.1 google
status: 307
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ml314.com/csync.ashx?fp=a35d8f15ad2f014bc4ce334fb5724b9bb689cb7ea5c82a0dcfacb9f879f9bfeff4cb09cee1a4f8eb&person_id=3612990008484954144&eid=50082
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=0ab343a9-ec54-4411-8a54-7947adc26631
https://ml314.com/csync.ashx?fp=0ab343a9-ec54-4411-8a54-7947adc26631&person_id=3612990008484954144&eid=53819

43 B
312 B

63ms
31ms

Image
image/gif

108.128.104.240
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=0ab343a9-ec54-4411-8a54-7947adc26631&person_id=3612990008484954144&eid=53819
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.104.240 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-104-240.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:27 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Wed, 09 Sep 2020 18:10:28 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Sep 2020 22:10:27 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Location: https://ml314.com/csync.ashx?fp=0ab343a9-ec54-4411-8a54-7947adc26631&person_id=3612990008484954144&eid=53819
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0,Wed, 09 Sep 2020 18:10:27 GMT

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612990008484954144
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612990008484954144
https://ml314.com/csync.ashx?fp=8f34528ee753fde8b6c93c96e110f636&eid=50146&person_id=3612990008484954144

43 B
312 B

51ms
31ms

Image
image/gif

108.128.104.240
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=8f34528ee753fde8b6c93c96e110f636&eid=50146&person_id=3612990008484954144
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.104.240 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-104-240.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:27 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Wed, 09 Sep 2020 18:10:27 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:27 GMT
status: 302
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ml314.com/csync.ashx?fp=8f34528ee753fde8b6c93c96e110f636&eid=50146&person_id=3612990008484954144
cache-control: no-cache
x-server: 10.45.24.171
content-length: 0
expires: 0

GET
H/1.1

200
OK

/
ps.eyeota.net/pixel/bounce/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif

0
344 B

23ms
22ms

Image
text/plain

3.122.214.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
Requested by: Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.122.214.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:27 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: /pixel/bounce/?pid=r8hrb20&t=gif
Date: Tue, 08 Sep 2020 22:10:27 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2

200

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=19569&page=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-t...
https://tracking.leadlander.com/tracking.png

68 B
296 B

106ms
105ms

Image
image/png

35.171.71.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.171.71.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-71-143.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:28 GMT
last-modified: Wed, 26 Sep 2018 16:48:51 GMT
server: Kestrel
etag: "1d455b8cd761bc4"
strict-transport-security: max-age=2592000
content-type: image/png
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
expires: -1

Redirect headers

status: 302
date: Tue, 08 Sep 2020 22:10:28 GMT
server: Kestrel
access-control-allow-origin: *
location: /tracking.png
content-length: 0
strict-transport-security: max-age=2592000

GET
H2

200

s.gif
vidassets.terminus.services/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=104b57be-83be-416f-9b0e-67a9563b93b5|b69904f9-460a-44ff-aaa2-6326ebf53429
https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=104b57be-83be-416f-9b0e-67a9563b93b5|b69904f9-460a-44ff-aaa2-6326ebf53429
https://vidassets.terminus.services/s.gif?d=104b57be-83be-416f-9b0e-67a9563b93b5|b69904f9-460a-44ff-aaa2-6326ebf53429&t=351d12cb-cc59-4220-867b-00794da94f81

42 B
681 B

21ms
21ms

Image
image/gif

99.86.2.9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vidassets.terminus.services/s.gif?d=104b57be-83be-416f-9b0e-67a9563b93b5|b69904f9-460a-44ff-aaa2-6326ebf53429&t=351d12cb-cc59-4220-867b-00794da94f81

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.2.9 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-2-9.fra6.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 21:32:19 GMT
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70f.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 2299
x-cache: Hit from cloudfront
status: 200
content-length: 42
last-modified: Mon, 10 Aug 2020 14:04:09 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
x-amz-cf-pop: FRA6-C1
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: RwSj4fckXcHPhhGe20Vs_fuDY6RU3vZrFG9w8LVYK300OwGIcmRIQQ==

Redirect headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:27 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://vidassets.terminus.services/s.gif?d=104b57be-83be-416f-9b0e-67a9563b93b5|b69904f9-460a-44ff-aaa2-6326ebf53429&t=351d12cb-cc59-4220-867b-00794da94f81
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 343

GET
H2 200 t.gif
vidassets.terminus.services/104b57be-83be-416f-9b0e-67a9563b93b5/ 42 B
682 B 33ms
33ms Image
image/gif 99.86.2.9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vidassets.terminus.services/104b57be-83be-416f-9b0e-67a9563b93b5/t.gif?d=b69904f9-460a-44ff-aaa2-6326ebf53429&s=cda91319-0f34-4946-9e78-f03ac6cb3b00&p=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&cb=1599603027890

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.2.9 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-2-9.fra6.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70f.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
status: 200
content-length: 42
last-modified: Mon, 10 Aug 2020 14:04:09 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: F74DHCoa1ui6slBk-yGG8OIuBRimM9_DPSjaUdtaLbHV2KxY4PhRNg==

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1200039/ 178 B
320 B 104ms
40ms XHR
application/json 54.171.1.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1200039/visit-data?sv=6
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.cdda87288536a6fb1c7f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.1.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-1-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Tue, 08 Sep 2020 22:10:27 GMT
content-encoding: br
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-credentials: true

POST
H2 200 /
www.facebook.com/tr/ 0
54 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary57h7E3z2iCWrABGT

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 08 Sep 2020 22:10:27 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.cyberark.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 ajax_ping Show response
www.cyberark.com/resources/hubsFront/ 49 B
251 B 567ms
564ms XHR
application/json 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyberark.com/resources/hubsFront/ajax_ping

Requested by

Host: content.cdntwrk.com
URL: https://content.cdntwrk.com/js/hubs/hubs_app.46a5cc77efb83c308f9b.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
content-encoding: gzip
referrer-policy: unsafe-url
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-language: en
status: 200
x-xss-protection: 1; mode=block
cf-request-id: 05115e480e0000bf913f819200000001
cf-ray: 5cfbffecec58bf91-AMS
content-type: application/json
x-content-type-options: nosniff

GET
H2 200 notice Show response
consent.trustarc.com/ 16 KB
5 KB 85ms
85ms Script
text/javascript 99.84.156.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=cyberark.com&country=nl&js=nj2&c=teconsent&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=cyberark.com&c=teconsent&js=nj&noticeType=bb&gtm=1&pcookie=1&text=true&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.86 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-86.txl52.r.cloudfront.net

Software

nginx /

Resource Hash

e51d79219ea2d15067c31db64afef2c97c43180c9f81bfa73363724d8f27f7fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: TXL52-C1
x-cache: Miss from cloudfront
status: 200
content-length: 4605
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
cache-control: no-cache
x-amz-cf-id: VYpMUmx-Kkp_DbpRNzkQa4eJVkPMWdOdMbK988Rwe2b8dMoFDwUcaQ==
expires: Tue, 08 Sep 2020 22:10:27 GMT

GET
H2 200 get
consent.trustarc.com/ 33 KB
34 KB 46ms
46ms Font
application/octet-stream 99.84.156.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/get?name=38F3A5_2_0.woff2

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.86 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-86.txl52.r.cloudfront.net

Software

nginx /

Resource Hash

f8230afa3eb1c498737ecefc807bfa82d309697ee3196b77b7af678e5b9a9c4d

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Tue, 08 Sep 2020 06:41:48 GMT
via: 1.1 117b54f007fbf40fc2a4bbbd8e88fc21.cloudfront.net (CloudFront)
server: nginx
age: 55720
status: 200
x-frame-options: ALLOWALL
x-cache: Hit from cloudfront
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: TXL52-C1
content-length: 33951
x-amz-cf-id: dg2fZfvqAfSpsA0ngAXK-jHGJbkEVM7WsUimZcCLCZMSsEwDw-pfxw==
expires: Thu, 08 Oct 2020 06:41:48 GMT

GET
H2 200 bannermsg
consent.trustarc.com/ 43 B
432 B 70ms
69ms Image
image/gif 99.84.156.86
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/bannermsg?action=views&domain=cyberark.com&behavior=implied&country=nl&language=en&rand=0.6795864262037274

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.86 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-86.txl52.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
via: 1.1 ffa01f5c992a803f4470401daea2d541.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL52-C1
x-cache: Miss from cloudfront
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: _dkwtRy1lkRVEVSnqbysSDMR2lqfK06Rpsad1WufN8UGIA4khJfgIQ==
expires: Tue, 08 Sep 2020 22:10:27 GMT

GET
H/1.1 200
OK msg Show response
sjrtp6.marketo.com/gw1/ 1 KB
1 KB 467ms
156ms Script
text/javascript 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

2be0469dbc3164f9d08363c5464699ad6a7bbfeec1b3f12dcfdd014ad34d0a0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:28 GMT
Content-Encoding: gzip
Server: Jetty(7.3.1.v20110307)
Transfer-Encoding: chunked
Connection: close
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904

GET
H/1.1 200
OK close-btn5.svg Show response
rtp-static.marketo.com/rtp/libs/ 306 B
755 B 64ms
21ms XHR
image/svg+xml 104.111.239.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/close-btn5.svg
Requested by: Host: sjrtp6-cdn.marketo.com
URL: https://sjrtp6-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cyberarksoftware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4083955fcb5c9ae48450aca957a4c276b4c1db3ae90e15d05740449586c61044

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:28 GMT
Last-Modified: Tue, 16 May 2017 10:32:30 GMT
Server: AkamaiNetStorage
ETag: "ac9d8301193819f415ff0ba6916eec42:1494930750"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 306

GET
H2 200 Impact_Live_RTP.jpg
www.cyberark.com/wp-content/uploads/2020/07/ 44 KB
44 KB 37ms
36ms Image
image/webp 104.17.194.105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyberark.com/wp-content/uploads/2020/07/Impact_Live_RTP.jpg

Requested by

Host: www.cyberark.com
URL: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.194.105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad7b37c1ef58751afa261d9a86667d8047114b33ce7822f494a90f2f90a8bfc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3970018
cf-polished: qual=85, origFmt=jpeg, origSize=100837
status: 200
content-disposition: inline; filename="Impact_Live_RTP.webp"
vary: Accept
content-length: 44818
cf-request-id: 05115e4b050000bf913f823200000001
last-modified: Fri, 24 Jul 2020 13:43:32 GMT
server: cloudflare
etag: "5f1ae584-189e5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 22:10:28 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5cfbfff1ad6bbf91-AMS
cf-bgj: imgq:85,h2pri

GET
H2 200 playPauseLoadingControl.js Show response
fast.wistia.com/assets/external/ 50 KB
9 KB 7ms
7ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/playPauseLoadingControl.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9ab49e447f2fe04a592970794b8f23bb604e738aed8288a53bbf42f4f0372aba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
content-encoding: br
vary: Accept-Encoding
age: 3584
x-cache: HIT, HIT
status: 200
content-length: 9317
x-served-by: cache-dca17734-DCA, cache-fra19129-FRA
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 08 Sep 2020 12:38:07 GMT
x-timer: S1599603029.780266,VS0,VE0
etag: "5f577b2f-2465"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 102

GET
H2 200 hls_video.js Show response
fast.wistia.com/assets/external/engines/ 298 KB
64 KB 7ms
7ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/engines/hls_video.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

416d85418bfb5b163f87d2993fef88e212a0e8c55b5d933dfb1efd7ddb5b1729

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
content-encoding: br
vary: Accept-Encoding
age: 3583
x-cache: HIT, HIT
status: 200
content-length: 65224
x-served-by: cache-dca17759-DCA, cache-fra19129-FRA
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 08 Sep 2020 12:38:07 GMT
x-timer: S1599603029.783493,VS0,VE0
etag: "5f577b2f-fec8"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 81

GET
H/1.1 200
OK visitor Show response
sjrtp6.marketo.com/gw1/rtp/api/v1_1/ 775 B
1 KB 627ms
157ms XHR
application/json 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/rtp/api/v1_1/visitor?sid=cyberarksoftware-1599603027430-efefddd2&aid=cyberarksoftware&1599603028778

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

3c926f7ea5d7aacbdae97882a8e446f80fc5b74ab6c77b2a030f11e67d1aa0a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Sep 2020 22:10:29 GMT
Content-Encoding: gzip
Last-Modified: Tue Sep 08 17:10:29 CDT 2020
Server: Jetty(7.3.1.v20110307)
Strict-Transport-Security: max-age=63113904
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://www.cyberark.com
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sgm Show response
sjrtp6.marketo.com/gw1/ga/ 758 B
1 KB 876ms
156ms XHR
text/json 192.28.146.116
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp6.marketo.com/gw1/ga/sgm?sid=cyberarksoftware-1599603027430-efefddd2&1599603028779

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.116 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

6f58860008c13e4535a2dce3fcabedad0740fad5f8139cdb83945ac95cf8ac87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 22:10:29 GMT
Server: Jetty(7.3.1.v20110307)
Strict-Transport-Security: max-age=63113904
Content-Type: text/json;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Length: 758

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
99 B 13ms
13ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Campaigns&ea=Impression&el=Impact%20Live%202020%20-%20Exit%20Intent&_u=aHDAAEADQAAAAG~&jid=2071482919&gjid=1843504977&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&_r=1&gtm=2wg8q15SFWTH&z=1221054097

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
62 B 7ms
7ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Campaigns&ea=Impression&el=Impact%20Live%202020%20-%20Exit%20Intent&_u=aHDAgEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&z=528958889

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23440
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 x Show response
distillery.wistia.com/ 0
95 B 344ms
111ms XHR
text/plain 52.0.1.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://distillery.wistia.com/x
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.1.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-1-164.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

status: 204
date: Tue, 08 Sep 2020 22:10:29 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: *

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
12 KB 85ms
31ms Script
text/javascript 172.217.22.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s17-in-f2.1e100.net

Software

cafe /

Resource Hash

6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11311
x-xss-protection: 0
server: cafe
etag: 12833363978352728442
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 08 Sep 2020 22:10:28 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 38 KB
12 KB 75ms
24ms Script
text/javascript 2.21.36.181
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.36.181 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-21-36-181.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: CeVUvvucPy3Id6wu3pm.U9kY8oddI4fW
Content-Encoding: gzip
ETag: "d78a05d3ec6a770650daa2185ccbc352"
x-amz-request-id: AR5H0H0WBN7M3Z5M
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11962
x-amz-id-2: M93StxvvSqMxMsj+xy9yc6/AzzLsqM+G9sD8qeZqrxLh0uwhVbmeri750Q0Y8g/i85pm3VGzATE=
Last-Modified: Wed, 19 Aug 2020 17:39:39 GMT
Server: AmazonS3
Date: Tue, 08 Sep 2020 22:10:28 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 96ms
29ms Script
application/x-javascript 99.84.157.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.157.54 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-157-54.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Sep 2020 15:14:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Aug 2020 16:44:58 GMT
Server: AmazonS3
Age: 24964
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 1d9f9231888e03b204a8691cc95e7c61.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: TXL52-C1
X-Amz-Cf-Id: 8zT53Ih0lF2Nh1EpJk46iXbCIk6H7ynUlEGMbLSu-MwpV9PdKSq_5g==

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 43ms
26ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9979664

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5SFWTH

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

074d9560f694f0567211e085276263509d8b84c23cea3d0c904918f2e9ec98c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35650
x-xss-protection: 0
last-modified: Tue, 08 Sep 2020 21:36:53 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 08 Sep 2020 22:10:28 GMT

GET
H2 200 index.html
js.driftt.com/deploy/assets/ Frame B9AB 0
0 32ms
32ms Document
text/html 99.84.156.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/index.html

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1599603300000/ey22i6m9p82y.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.156.59 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-156-59.txl52.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /deploy/assets/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 894
server: nginx
last-modified: Wed, 02 Sep 2020 13:54:27 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 08 Sep 2020 22:10:28 GMT
etag: "8e39bb2444b339a8288a9b1a0bc4cf00"
cache-control: max-age=10
x-cache: Hit from cloudfront
via: 1.1 700e1fc650af7cfb451dbdb8d79d4107.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: pF33JM2k9cX8-e8tZCkTqy2vC7e4H7avxEgV829mSch_zWcVzjCkVw==

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
433 B 43ms
16ms XHR
text/plain 2a00:1450:400c:c01::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j85&tid=UA-44168172-9&cid=1937439274.1599603027&jid=2071482919&gjid=1843504977&_gid=498314702.1599603027&_u=aHDAAEADQAAAAG~&z=359785224

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c01::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 08 Sep 2020 22:10:28 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.cyberark.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 blank.gif
fast.wistia.com/assets/images/ 1 KB
1 KB 6ms
6ms Image
image/gif 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/assets/images/blank.gif

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Origin: https://www.cyberark.com
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
age: 3584
x-cache: HIT, HIT
status: 200
x-cache-hits: 2, 96
content-length: 1214
x-served-by: cache-dca17756-DCA, cache-fra19134-FRA
x-browser-version: 83
last-modified: Tue, 08 Sep 2020 21:05:26 GMT
x-timer: S1599603029.839656,VS0,VE0
etag: "5f57f216-4be"
strict-transport-security: max-age=0
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000, public
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
491 B 39ms
24ms Image
image/gif 2a00:1450:4001:814::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-44168172-9&cid=1937439274.1599603027&jid=2071482919&_u=aHDAAEADQAAAAG~&z=1342998097

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
491 B 38ms
24ms Image
image/gif 2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-44168172-9&cid=1937439274.1599603027&jid=2071482919&_u=aHDAAEADQAAAAG~&z=1342998097

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 e325e4c9bc35e27f6392e635698698a10dba5a9a.m3u8 Show response
embed-fastly.wistia.com/deliveries/ 2 KB
738 B 62ms
21ms XHR
application/vnd.apple.mpegurl 151.101.114.107
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-fastly.wistia.com/deliveries/e325e4c9bc35e27f6392e635698698a10dba5a9a.m3u8?origin_v2=1
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/engines/hls_video.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.107 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d124d1f887285722d91918c1519269eb4c38243ad91b46d638051c8ce5581965

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
content-encoding: gzip
age: 3061105
edge-cache-tag: e325e4c9bc35e27f6392e635698698a10dba5a9a
status: 200
x-cache: HIT, HIT
content-length: 279
access-control-request-method: *
x-served-by: cache-dca17725-DCA, cache-hhn4024-HHN
access-control-allow-origin: *
expires: Wed, 04 Aug 2021 11:52:04 GMT
last-modified: Mon, 05 Nov 2018 10:11:00 GMT
x-timer: S1599603029.912454,VS0,VE1
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: application/vnd.apple.mpegurl
via: 1.1 varnish, 1.1 varnish
access-control-expose-headers: Server,range,Content-Length,Content-Range
cache-control: max-age=31536000
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 1, 1

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/6RJ2KCUITBBDPLKE34TVGK/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

21ms
21ms

Script
application/javascript

2.21.36.181
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.36.181 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-21-36-181.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: D5A597EE0833E431
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: iT3AhVCvxCGoaPfY8HWIkM+GU3mNP4ORsXGNqf4gQ1UZT/dCJfOSjlPhibGxfAau3OKpQ+gqwXA=
Last-Modified: Fri, 31 Jul 2020 16:11:15 GMT
Server: AmazonS3
Date: Tue, 08 Sep 2020 22:10:29 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Tue, 08 Sep 2020 22:10:29 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32/ 0
773 B 123ms
79ms Script
text/javascript 2.21.36.181
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.36.181 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-21-36-181.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: NG6KN5YQhtQzIOLBu2662FkFs4qKw4kR
Content-Encoding: gzip
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: 1X1Z8H4S3J9QFXAY
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
x-amz-id-2: 3iaJrL4ooR5XTu+pVHCD7SRVOOmYO4/iPS03PjthBGnrcePSyI+En8ESmoc1Hky52VdlbTYttPY=
Last-Modified: Tue, 08 Sep 2020 06:11:06 GMT
Server: AmazonS3
Date: Tue, 08 Sep 2020 22:10:28 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/6RJ2KCUITBBDPLKE34TVGK/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/6RJ2KCUITBBDPLKE34TVGK?_s=12d27b897c29eb10247443426b6b3b60&_b=2
https://d.adroll.com/consent/check/6RJ2KCUITBBDPLKE34TVGK/?_s=12d27b897c29eb10247443426b6b3b60&_b=2

394 B
861 B

32ms
31ms

Script
application/javascript

52.209.24.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/6RJ2KCUITBBDPLKE34TVGK/?_s=12d27b897c29eb10247443426b6b3b60&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.24.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-24-170.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 583e01d2e3facbd6913cf22f4b143722b88984804899a37dd89ff9591f9ed891

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:28 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: application/javascript
content-length: 394

Redirect headers

status: 302
date: Tue, 08 Sep 2020 22:10:28 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/6RJ2KCUITBBDPLKE34TVGK/?_s=12d27b897c29eb10247443426b6b3b60&_b=2

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/ 2 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071691665/?random=1599603028882&cv=9&fst=1599603028882&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&tiba=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c2f952cbb433bdf38eca0845af7faa9dce22345cbeca7d18af7d50e193ffacc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1091
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 up
insight.adsrvr.org/track/ Frame ABE1 0
0 98ms
31ms Document
text/html 52.48.230.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=zw7usn0&ref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&upid=fn71xvv&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.230.192 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=zw7usn0&ref=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&upid=fn71xvv&upv=1.1.0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TDID=351d12cb-cc59-4220-867b-00794da94f81; TDCPM=CAEYBSABKAIyCwiYzOGW15PqOBAFOAE.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams

Response headers

status: 200
date: Tue, 08 Sep 2020 22:10:28 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/1071691665/ 42 B
111 B 21ms
20ms Image
image/gif 2a00:1450:4001:814::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1071691665/?random=1599603028882&cv=9&fst=1599602400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&tiba=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&async=1&fmt=3&is_vtc=1&random=3260118351&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/1071691665/ 42 B
111 B 21ms
21ms Image
image/gif 2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1071691665/?random=1599603028882&cv=9&fst=1599602400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&tiba=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&async=1&fmt=3&is_vtc=1&random=3260118351&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 seg-1-v1-a1.ts Show response
embed-fastly.wistia.com/deliveries/e325e4c9bc35e27f6392e635698698a10dba5a9a.m3u8/ 127 KB
127 KB 23ms
20ms XHR
video/mp2t 151.101.114.107
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed-fastly.wistia.com/deliveries/e325e4c9bc35e27f6392e635698698a10dba5a9a.m3u8/seg-1-v1-a1.ts
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/engines/hls_video.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.107 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5489818876708f3888f949db7aa06601dba214ec74fd76908404bd5138e9e2ee

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:28 GMT
via: 1.1 varnish, 1.1 varnish
age: 1162932
edge-cache-tag: e325e4c9bc35e27f6392e635698698a10dba5a9a
status: 200
x-cache: HIT, HIT
content-length: 129720
access-control-request-method: *
x-served-by: cache-dca17724-DCA, cache-hhn4024-HHN
expires: Thu, 26 Aug 2021 11:08:16 GMT
last-modified: Mon, 05 Nov 2018 10:11:00 GMT
x-timer: S1599603029.938370,VS0,VE1
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: video/MP2T
access-control-allow-origin: *
access-control-expose-headers: Server,range,Content-Length,Content-Range
cache-control: max-age=31536000
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 1, 1

GET
H/1.1

200
OK

PMP67SECPJHHNEUOUQD4P5.js Show response
s.adroll.com/pixel/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32/
Redirect Chain

https://d.adroll.com/pixel/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-researc...
https://s.adroll.com/pixel/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32/PMP67SECPJHHNEUOUQD4P5.js

4 KB
2 KB

204ms
204ms

Script
text/javascript

2.21.36.181
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32/PMP67SECPJHHNEUOUQD4P5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.36.181 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-21-36-181.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 832189d4c059ec67e38db1e3fb19c6147543ec57edc7552c895bbc7b2c0a61a5

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: z3Ig.WRiVkUWtq1PO.LpPRsNhCK6wXGm
Content-Encoding: gzip
ETag: "ee7b5faf81d53018fb64f84a83d720bb"
x-amz-request-id: 1EF62C0630986974
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1576
x-amz-id-2: k2BkaKvOM9nXRET9RZCgJpJM4REHAAhN4pb9cnvJhcnE/ZcLiZyY+emhVCliTFeLIhwG+6a7Xns=
Last-Modified: Tue, 01 Sep 2020 19:59:23 GMT
Server: AmazonS3
Date: Tue, 08 Sep 2020 22:10:29 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

date: Tue, 08 Sep 2020 22:10:29 GMT
x-segment-display-name: Resource_Whitepaper page_90days
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
content-length: 0
pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.16.1
x-rule: */resource*
x-segment-eid: PMP67SECPJHHNEUOUQD4P5
location: https://s.adroll.com/pixel/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32/PMP67SECPJHHNEUOUQD4P5.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: YLIX5GPR6BEUFEKQO55F32
x-segment-name: 716c0e0c
x-advertisable-eid: 6RJ2KCUITBBDPLKE34TVGK
x-conversion-currency

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 24ms
24ms Script
text/javascript 2.21.36.181
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: d.adroll.com
URL: https://d.adroll.com/pixel/6RJ2KCUITBBDPLKE34TVGK/YLIX5GPR6BEUFEKQO55F32?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&xid_ch=f&pv=45512968308.06912&cookie=&adroll_s_ref=&keyw=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.36.181 , France, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-21-36-181.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: NM.EHVfGEDu2TYFqb1osrv1zRII373EC
Content-Encoding: gzip
ETag: "15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id: E2F067B4E9F95C64
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2039
x-amz-id-2: zahNXUrZcHvPMHZ5OZzeA/pmU+ThIaY+/c27IjCJ/f8DH693VdK16PYXiwNkUgRleJPaNozozcA=
Last-Modified: Mon, 03 Feb 2020 20:32:06 GMT
Server: AmazonS3
Date: Tue, 08 Sep 2020 22:10:29 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 232451557177467 Show response
connect.facebook.net/signals/config/ 524 KB
133 KB 55ms
55ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/232451557177467?v=2.9.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

90e6881eacc9e3205733c34c7ef1be8d231d73ef44faf40d38610ef3a6705fa9

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: gjFNkaEFFFd6ZFsXLMXfC3xX+Et2ekirveMvlS6qt+kxeZLhcj0GN18/H1AsNXvxH/aBkNPpn/19ydX2IX2DAw==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Tue, 08 Sep 2020 22:10:29 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/aol,index,outbrain,pubmatic,n,taboola,triplelift/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-res...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
886 B

62ms
16ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Tue, 08 Sep 2020 22:10:29 GMT
X-lat: Pug22043:0:531
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:29 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
cache-control: no-store, no-cache, must-revalidate
content-length: 220

GET
H2

200

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
499 B

30ms
30ms

Image
image/gif

52.209.24.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.24.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-24-170.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:29 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42

Redirect headers

date: Tue, 08 Sep 2020 22:10:29 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 0
status: 302
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover...
https://ib.adnxs.com/setuid?entity=172&code=ZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY

43 B
1 KB

21ms
21ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.36 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Sep 2020 22:10:29 GMT
X-Proxy-Origin: 185.217.171.12; 185.217.171.12; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.252:80
AN-X-Request-Uuid: 3987179a-bf6b-45a2-8b41-2f7db16adb05
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Sep 2020 22:10:29 GMT
X-Proxy-Origin: 185.217.171.12; 185.217.171.12; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.115:80
AN-X-Request-Uuid: 82ce7591-79c1-45f0-9db5-503fa4e5cb55
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZjhhYmJjNGQ0NDYzNDRlODhhNmFkMmViODgxMDAwNDY
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 out
d.adroll.com/cm/l/ 42 B
180 B 32ms
31ms Image
image/gif 52.209.24.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/l/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&xid_ch=f&advertisable=6RJ2KCUITBBDPLKE34TVGK
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.24.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-24-170.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 08 Sep 2020 22:10:29 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.16.1
content-length: 42
vary: Cookie
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=f8abbc4d446344e88a6ad2eb88100046
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=f8abbc4d446344e88a6ad2eb88100046

43 B
180 B

21ms
20ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=f8abbc4d446344e88a6ad2eb88100046
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.193.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:29 GMT
via: 1.1 google
server: OXGW/16.193.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Tue, 08 Sep 2020 22:10:29 GMT
via: 1.1 google
server: OXGW/16.193.0
status: 302
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=f8abbc4d446344e88a6ad2eb88100046
alt-svc: clear
content-length: 0

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=e8b0abf428edcc777c5f577b82f1f197-1599603029010&arrfrr=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=-Ku8TURjROiKatLriBAARg
https://d.adroll.com/cm/g/in

42 B
536 B

30ms
30ms

Image
image/gif

52.209.24.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.24.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-24-170.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:29 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Tue, 08 Sep 2020 22:10:29 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
151 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=232451557177467&ev=PageView&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&rl=&if=false&ts=1599603029353&cd[segment_eid]=PMP67SECPJHHNEUOUQD4P5&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=29&fbp=fb.1.1599603027460.1090199668&it=1599603027159&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:29 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 08 Sep 2020 22:10:29 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
62 B 7ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP&ea=Organization&el=Tefincom%20S.A.&_u=aHDAAEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&cd1=Tefincom%20S.A.&z=1921726879

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23441
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 7ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP&ea=Organization&el=Tefincom%20S.A.&_u=aHDAgEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&cd1=Tefincom%20S.A.&z=2016682601

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23441
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 mput Show response
pipedream.wistia.com/ 2 B
135 B 340ms
112ms XHR
text/plain 54.144.154.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pipedream.wistia.com/mput?topic=metrics
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.144.154.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-154-79.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

status: 200
date: Tue, 08 Sep 2020 22:10:29 GMT
access-control-allow-origin: *
content-length: 2
access-control-allow-methods: POST, OPTIONS
content-type: text/plain; charset=utf-8

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 7ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Opt-In%20Campaign%20Audience&el=Tefincom%20S.A.&_u=aHDAAEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&cd1=Tefincom%20S.A.&z=877795376

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23441
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 8ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Opt-In%20Campaign%20Audience&el=Tefincom%20S.A.&_u=aHDAgEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&cd1=Tefincom%20S.A.&z=514721973

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23441
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 9ms
8ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Impact%20Live%202020&el=Tefincom%20S.A.&_u=aHDAAEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&cd1=Tefincom%20S.A.&z=268543923

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23441
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 9ms
8ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=5&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Impact%20Live%202020&el=Tefincom%20S.A.&_u=aHDAgEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&cd1=Tefincom%20S.A.&z=1602147902

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23441
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 9ms
8ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=5&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Gartner%20MQ%202020&el=Tefincom%20S.A.&_u=aHDAAEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&cd1=Tefincom%20S.A.&z=650791127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23441
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 9ms
9ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=6&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RTP-Segments&ea=Gartner%20MQ%202020&el=Tefincom%20S.A.&_u=aHDAgEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&cd1=Tefincom%20S.A.&z=205177459

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23441
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 allIntegrations.js Show response
fast.wistia.com/assets/external/ 20 KB
4 KB 6ms
6ms Script
application/javascript 2a04:4e42:3::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/allIntegrations.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::622 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

039f40b77e56ce6f0a4b25a7066fae27da855b0f2c5629ba17618bef659e2238

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Sep 2020 22:10:29 GMT
content-encoding: br
vary: Accept-Encoding
age: 3585
x-cache: HIT, HIT
status: 200
content-length: 4450
x-served-by: cache-dca17723-DCA, cache-fra19129-FRA
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 08 Sep 2020 12:38:07 GMT
x-timer: S1599603030.788725,VS0,VE0
etag: "5f577b2f-1162"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 76

POST
H2 204 x Show response
distillery.wistia.com/ 0
95 B 116ms
116ms XHR
text/plain 52.0.1.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://distillery.wistia.com/x
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.1.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-1-164.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

status: 204
date: Tue, 08 Sep 2020 22:10:29 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: *

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
62 B 6ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j85&a=1012895397&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.cyberark.com%2Fresources%2Fthreat-research-blog%2Fbeware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams&ul=en-us&de=UTF-8&dt=Beware%20of%20the%20GIF%3A%20Account%20Takeover%20Vulnerability%20in%20Microsoft%20Teams&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=drift&ea=playbook%20fired&el=drift%3Eplaybook%20fired%20id%3A%202015729&_u=aHDAAEADQAAAAG~&jid=&gjid=&cid=1937439274.1599603027&tid=UA-44168172-9&_gid=498314702.1599603027&gtm=2wg8q15SFWTH&z=827962936

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Sep 2020 15:39:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 23443
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK / Show response
fg8vvsvnieiv3ej16jby.litix.io/ 0
172 B 108ms
108ms XHR
text/plain 52.20.19.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fg8vvsvnieiv3ej16jby.litix.io/
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/wistia-mux.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.19.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-19-138.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyberark.com/resources/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 08 Sep 2020 22:10:34 GMT
Connection: keep-alive
Content-Length: 0
Access-Control-Allow-Methods: POST, GET

OPTIONS
H/1.1 200
OK /
fg8vvsvnieiv3ej16jby.litix.io/ Frame 0
0 437ms
106ms Other 52.20.19.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fg8vvsvnieiv3ej16jby.litix.io/
Protocol: HTTP/1.1
Server: 52.20.19.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-19-138.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.cyberark.com
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: POST, GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Date: Tue, 08 Sep 2020 22:10:34 GMT
Content-Length: 0
Connection: keep-alive

Verdicts & Comments Add Verdict or Comment

180 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.cyberark.com/	1970-01-19 12:20:03	Name: _hjIncludedInSessionSample Value: 1
.cyberark.com/	1970-01-19 12:20:04	Name: _hjAbsoluteSessionInProgress Value: 0
.cyberark.com/	1970-01-19 14:29:39	Name: _fbp Value: fb.1.1599603027460.1090199668
.cyberark.com/	1970-01-20 05:51:15	Name: ei_client_id Value: 5f580153b71bea001031d1cf
www.cyberark.com/	1970-01-19 12:20:03	Name: s-9da4 Value: cda91319-0f34-4946-9e78-f03ac6cb3b00
www.cyberark.com/	1970-01-20 05:51:15	Name: driftt_aid Value: 07d3d72b-4867-4120-b626-2c8c47811079
.cyberark.com/	1969-12-31 23:59:59	Name: notice_behavior Value: implied,eu
.cyberark.com/	1969-12-31 23:59:59	Name: _hjTLDTest Value: 1
.cyberark.com/	1970-01-19 12:20:03	Name: _dc_gtm_UA-44168172-9 Value: 1
.cyberark.com/	1970-01-19 12:20:03	Name: _gat_UA-44168172-9 Value: 1
.cyberark.com/	1970-01-19 21:05:39	Name: _hjid Value: cd801288-020d-4b6a-9822-60a3303339b8
www.cyberark.com/	1970-01-19 21:05:39	Name: d-a8e6 Value: b69904f9-460a-44ff-aaa2-6326ebf53429
.cyberark.com/	1970-01-19 12:20:04	Name: trwsa.sid Value: cyberarksoftware-1599603027430-efefddd2%3A1
.cyberark.com/	1970-01-20 05:51:15	Name: trwv.uid Value: cyberarksoftware-1599603027429-e2250f18%3A1
www.cyberark.com/	1970-01-19 21:05:39	Name: pdf_event Value: WyJbe1widXVpZFwiOjEwOTgzMTczNTR9LDE2MzExMzkwMjZdIiwiMmNjZjQzNWZhNzcwMGU5MzI4ODdkYTgxZDE1NzEzNjQiXQ%3D%3D
www.cyberark.com/	1970-01-19 12:20:03	Name: _hjIncludedInPageviewSample Value: 1
.cyberark.com/	1970-01-19 21:05:39	Name: _mkto_trk Value: id:316-CZP-275&token:_mch-cyberark.com-1599603027545-92698
.cyberark.com/	1970-01-19 14:29:39	Name: _gcl_au Value: 1.1.234442576.1599603027
www.cyberark.com/	1970-01-19 12:20:04	Name: ufentry Value: 20200908.184027
.cyberark.com/	1970-01-19 12:21:29	Name: _gid Value: GA1.2.498314702.1599603027
.cyberark.com/	1970-01-20 05:51:15	Name: _ga Value: GA1.2.1937439274.1599603027
.cyberark.com/	1970-01-19 13:03:15	Name: __cfduid Value: db66d25616519ee6cd70412afc2804fea1599603025
.www.cyberark.com/	1970-01-19 21:05:39	Name: _ufav Value: f0324308a9f949909512eae1c7dc3ce7
.www.cyberark.com/	1970-01-19 12:20:06	Name: _ufas Value: c87ca1ab2fa04dc2b3ec471c749f05d4
www.cyberark.com/	1970-01-19 21:05:39	Name: uf_privacy_prefs Value: 1%7C1
www.cyberark.com/	1969-12-31 23:59:59	Name: _MGZ_ Value: 4le6lprgnsnu6t002ldiqs9ha0

20 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://content.cdntwrk.com/js/hubs/hubs_app.46a5cc77efb83c308f9b.js(Line 1) Message: UF: Pollyfill not needed for UFA, skipping.
console-api	log	(Line 48) Message: JQMIGRATE: Migrate is installed with logging active, version 3.0.1
console-api	warning	URL: https://cihost.uberflip.com/cyberArk/master/build/en/en.bundle.js(Line 1) Message: OB: Babel polyfill detected, Onbrand will not apply its own.
console-api	warning	(Line 76) Message: JQMIGRATE: jQuery.fn.unbind() is deprecated
console-api	log	(Line 78) Message: console.trace
console-api	warning	(Line 76) Message: JQMIGRATE: jQuery.fn.bind() is deprecated
console-api	log	(Line 78) Message: console.trace
console-api	debug	URL: https://munchkin.marketo.net/159/munchkin.js(Line 22) Message: Munchkin.init("%s") options: 316-CZP-275 [object Object]
console-api	warning	(Line 76) Message: JQMIGRATE: jQuery.expr[':'] is deprecated; use jQuery.expr.pseudos
console-api	log	(Line 78) Message: console.trace
console-api	warning	(Line 76) Message: JQMIGRATE: jQuery.fn.mouseup() event shorthand is deprecated
console-api	log	(Line 78) Message: console.trace
console-api	warning	(Line 76) Message: JQMIGRATE: jQuery.fn.submit() event shorthand is deprecated
console-api	log	(Line 78) Message: console.trace
console-api	warning	(Line 76) Message: JQMIGRATE: jQuery.fn.click() event shorthand is deprecated
console-api	log	(Line 78) Message: console.trace
console-api	warning	(Line 76) Message: JQMIGRATE: jQuery.fn.keydown() event shorthand is deprecated
console-api	log	(Line 78) Message: console.trace
console-api	warning	(Line 76) Message: JQMIGRATE: jQuery.fn.mousedown() event shorthand is deprecated
console-api	log	(Line 78) Message: console.trace

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

316-czp-275.mktoresp.com
ads.yahoo.com
cdnjs.cloudflare.com
cihost.uberflip.com
cm.g.doubleclick.net
connect.facebook.net
consent-st.trustarc.com
consent.trustarc.com
content.cdntwrk.com
d.adroll.com
d.adroll.mgr.consensu.org
distillery.wistia.com
dn1f1hmdujj40.cloudfront.net
dpm.demdex.net
embed-fastly.wistia.com
fast.wistia.com
fg8vvsvnieiv3ej16jby.litix.io
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
in.hotjar.com
in.ml314.com
insight.adsrvr.org
js.adsrvr.org
js.driftt.com
match.adsrvr.org
ml314.com
munchkin.marketo.net
pipedream.wistia.com
ps.eyeota.net
px.ads.linkedin.com
rtp-static.marketo.com
s.adroll.com
s.ytimg.com
script.hotjar.com
simage2.pubmatic.com
sjrtp6-cdn.marketo.com
sjrtp6.marketo.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
sync.crwdcntrl.net
t.sf14g.com
tracking.leadlander.com
us-u.openx.net
vars.hotjar.com
vidassets.terminus.services
web-analytics.engagio.com
www.cyberark.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.youtube.com
104.111.239.158
104.111.250.210
104.17.194.105
108.128.104.240
143.204.201.98
147.75.102.197
147.75.32.125
147.75.80.95
151.101.114.107
172.217.22.66
185.64.189.110
192.28.146.116
192.28.147.68
2.21.36.181
216.58.206.2
2600:9000:214f:4600:12:53a8:95c0:93a1
2600:9000:214f:6c00:c:90ee:6000:21
2606:4700::6811:4f6b
2620:1ec:21::14
2a00:1288:f03d:1fa::2000
2a00:1450:4001:806::200e
2a00:1450:4001:809::2002
2a00:1450:4001:809::200e
2a00:1450:4001:814::2004
2a00:1450:4001:818::2003
2a00:1450:4001:81a::2003
2a00:1450:4001:81f::2003
2a00:1450:4001:820::200a
2a00:1450:4001:820::200e
2a00:1450:4001:824::2008
2a00:1450:400c:c01::9d
2a00:1450:400c:c04::9b
2a02:26f0:eb:3a3::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:3::622
2a05:f500:10:101::b93f:9105
3.122.214.165
3.89.179.232
34.245.253.34
34.98.64.218
35.171.71.143
35.244.174.68
37.252.172.36
52.0.1.164
52.18.201.224
52.20.19.138
52.209.24.170
52.48.230.192
54.144.154.79
54.165.255.110
54.171.1.253
54.229.128.207
99.84.156.59
99.84.156.82
99.84.156.86
99.84.157.54
99.86.2.9
019acccf585b9f7ac02babc4e8c8e7ade62f92941d8adc1421f4290dd12a828f
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
039f40b77e56ce6f0a4b25a7066fae27da855b0f2c5629ba17618bef659e2238
068ea132cbc88e249815a0cfcb288b94cafe2812cc66ed0b83781f9156d0df90
06abb183f989ddc0f798fa810985faa6c87b01ececb389bb6f5e07e0a27d2bc3
074d9560f694f0567211e085276263509d8b84c23cea3d0c904918f2e9ec98c0
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
09977ca9f062485edde81ed15f844c03d4aff09b99d5dc5bcf737a65ec1a1090
0dcf971c6457a9d008a4452f23ba3c5c290600124655f4a904e38241ee10cfc8
0e819a36be8f50f20b310d03eda48cfe6db3a71b1aeba7939b5e2fa258f60dad
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12fc6f25bc9828db6bf4f8f21151e1a8c1e59d6fc7553fcd8571f68384e4cc9f
13531ee5e0ea869c1c5031d66214aa93ecd2bf15314d710061b491c5c31fa39d
13598e894009fa7c84ae80298c81530707cfb3270dd7dc98f4bce3743ddbeb47
13f3533a02a0456d7483603253c555a0ba51200583a17723fbbad5f6844a81d0
164ffd91dc77a1b0c6020e4ea90fb185b002ba1b718c1adade570d0c16de70c5
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
1e39ebba07598e145b7e9c0105354e7b24bdae666b5bd8587387f64ec2aec724
1fb7ee27fdfb34869f89aa51d9af1cf86ecc6800ab591ec3ca78f155742200b2
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
29a39dcd3226ccaf5508d0df070b92b95ce4ab253a34c95583d68da7dac57b98
2a56fd50da5a76b1d6c2557da8821b1c176f5692123217e774d23b0f21f80569
2be0469dbc3164f9d08363c5464699ad6a7bbfeec1b3f12dcfdd014ad34d0a0e
2effcbaf388b8c02aea5d4476e85fb461238795ee289d5b2e11e79ffc0c72ef1
2f5f9d511700318e988d3ef843afc49224162c8bb2435db7b9dc3590f525306f
339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a
35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31
390a28be2ca4bcea5b71fe050295281a1a8fc99175690cdd62de378190400acb
3c814b18b08f7191c4984b4b9b335bbcf5ba084a6efadd9a95d25234dd5fba1c
3c926f7ea5d7aacbdae97882a8e446f80fc5b74ab6c77b2a030f11e67d1aa0a9
3d6a26c0321d82d556928adac56d890db157836127ca8f2e9f3d218619be2786
4014a05aacaa586346e71903afbc4537863681e4df786fa132e4a547cd6cfeb0
4075d680687401f4dcc0a96670dda2d6cf27fadb262c1fb17b1ea4d53b19954f
4083955fcb5c9ae48450aca957a4c276b4c1db3ae90e15d05740449586c61044
416d85418bfb5b163f87d2993fef88e212a0e8c55b5d933dfb1efd7ddb5b1729
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
448c9ae0710daf6a7bd13dcc967f28e60c8071aec747adad20d526b459fbd167
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc
473272591216afea965f984c16e66f5b8fd24cc7f9257fe40eb3cc6384cfdd68
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f17d5cdb83007c4a737aa84963d7e5a0b17947a9e800f1748b71e39e2894fdb
52de3e595d08237604ae7214ec5c183dda9a4d64df43f2f251215f46032a2567
5489818876708f3888f949db7aa06601dba214ec74fd76908404bd5138e9e2ee
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5567c5a47f8bbd27707bd2cffdb1679c292a07ccf09a8578e1b9eba7ab481cf3
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56721bb4c54b76426a4295c2c97235ddf59314e23b2c99ea21a9795b6b6b99a6
583e01d2e3facbd6913cf22f4b143722b88984804899a37dd89ff9591f9ed891
5c2f952cbb433bdf38eca0845af7faa9dce22345cbeca7d18af7d50e193ffacc
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
5d6c962cae95f134f841148842627cd4dbba1840844d4f2250b2ec213c6972d8
5e240679c3215c840cf754104fe7291c77f2f52ad551c95e8c8364d0124938ec
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
5fafdd8c3a3e5401aed50771cdc828e6cd7843ab326bce893521890940a59fc1
60d29b978f7f71f1d64f492179cc69946f9bb4105827cf98ac47392d0d96310c
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
62738b62849a46842f34013b8528886f10c8d0e1c9aec47d636e05d631e2f60e
663dc4e768b20f0a88649b79710a7b643e06ca6be7721f66f7c589fd01bb345c
66c708b80cab108a2fde84cac9677c07435537bc9d06085ccd1ac80cb93513b4
67c6bdb295ff8a8af910f7dec83026ac26e7bb44096e6dc67d4cf45499c858f8
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
6dc5e754bf45db3c8108a4d76480a1e6de254d3c2c6e1ef3b4cea4990390dc47
6dd06e7449f3f7ad40d26c50b5f3e8b66ef9261038a57d1f255259a9d2d78491
6dd6455fc6cca123e9c1206174817852402d85f7c710f684cea794cfa93108d0
6e067179e856423d441df4ceb4d52dd5fbd2334469b1d4423b708b180ffa3cc4
6ef1a1376ce32bec9e4242e144e4959c62aead08bbbe68ce06b255376401ad5a
6f58860008c13e4535a2dce3fcabedad0740fad5f8139cdb83945ac95cf8ac87
706494a230ae9c22ebbda2b9fce9af786bac0ea5f315c80e3fbe9f44e7883c38
74935268619be1f087ce67765abd72f80107125f23b346f7615cc9e6a19d4595
74fef67cd959aa83f19c3de42c44e45c118b30c1059cbbc7db544381c3e6bbef
76d732af8696670aa1272960d2e8e75863c858af9182993743983bff86bf8b79
77a28f40294bb5dbf7d9e358798967d8d9439a2ce132e34353e52337ec26d3f4
79452657130da8f365c79c8c685c0f5938b74b94da2e033fd9f75c19dd19c8c2
7a057a268ecc7b9e29943551af59f937bee65584a19b53a5bb178f8b84f412bf
7ca42272a778eeb6a9f338ae7f88b39009ca4ecc2d96e907cadbece10d73edc2
7ef8a267de455c3a72237bf7db0c97c97e35e52452ff9ece15876d0d60f9c0e9
7fb58f6c6c2c3b61909e3b4bb9e199d95d5e2a4e39b58f25d1a9894971ed16b9
8117d3b33e034afa99ecd47613ce9a619fcaaf79ac5010751c7e462b80d02189
832189d4c059ec67e38db1e3fb19c6147543ec57edc7552c895bbc7b2c0a61a5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
879eb9d29de4eb7ddc1c7cc94b63bb3469534b7f798b6b077aef6fbc0b27ded6
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
88ddaf0c5c89f488473f65baaa6ba54425859023c297f8802607edb1629ac083
8a9ca95247dd58b99a5063e356df3c932aad4075968488f89c9e67c7229515a0
8adf090be4e081e6ae614a03d24c8349d07348c274c7194aa48761edf6e38ba6
8bcc3a9ffeebc98a247a0ce4a5aa53d1844152e29eadd5c9d5343e04cff91184
90ab560b774f327c4b590ad52be4c0d2f8e94cf82ae400410e21b3943732fb48
90e6881eacc9e3205733c34c7ef1be8d231d73ef44faf40d38610ef3a6705fa9
9121f6c3b4fefef8a8693eda00aa22cc844bf549697c2ca41dd7853f52135d1e
91a9192422a4fc5e96851438289da04938712e94a1e8f9ef0f5301537f688327
965c0ca2665a04fcecaf633ae9549071d635109f2e91251ccd525e31243e7e76
9769cd4f39fb0096f922de43bb58281e1ab33a07bcf03617c0c40ad40d998206
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99614852f59e7c1e6be9b4b81cf6194cfba323b85d81c28a9d7f5a29014d87af
9ab49e447f2fe04a592970794b8f23bb604e738aed8288a53bbf42f4f0372aba
9d90c5b66f7e06efd28521279de5ddd5508c19fb8231bfb50fa644526e2204b2
9faf25857e2b71b113ef06adec190e50c3d37ff1593f1af516f5e671e1c756d9
a117f36dba1eb2100f340bb68f3cc4d4c04d50d8a1d61c36a5d0a682aed9d362
a249bcffb2d8e92a3bdff919def43b14841803ad93b80ffa864db1090e007594
a3003382aeda1ee34986ad9b467e4d4f197c4caadf41a4869e338ae9afaf2627
a7299a6e60c51fc4452e4d5ae68dad334b46b0789bd1c50e6b537ebf81134bed
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2
aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013
ab5f6957f62e41a1d99a3534746627fbf38aa9a6a442d994aecece4dea143682
ad7b37c1ef58751afa261d9a86667d8047114b33ce7822f494a90f2f90a8bfc3
add1426fc76b98f70e4ec7c4123e2cd8b4a1a5d5668710b81e7c0e515a733a62
adeebcef6f3c97dd55bace3a71888caa363f538b53bd974317620df2f6e74c53
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5840616d8bf9540bbe45a42f6841f92b78c70dabd3b8ee60abb51e79c47d5d6
b5ae93cd8487bcb5ead39efb67a4fb36984e0ffc2a923d70b611c5a96a2c9ed0
b98e0f76f97857fce1b3fbd8e9ed5775988e85fffd71dcc2422f8d012378ea34
bef63fdeac2142057db2ecc9979b79e3d4d4b7912521d2943c10a83552dadc33
c14924583e2443792aa8943ec7d47b85798f66c375971b6a845b7f055cf147d4
c16183b1c48dd78bf824af20ba3a8d30818221af2f96f745a986778de2cd57bf
c1cd0852f3077f1b059e16529d8de16acb490990d6cb796dd74873de0bfd8a91
c38bd0b0b1d32ae8be2e25b416c1c629256e21ad8e6c90f780096bb4c679cb1b
c4c037b0c6b4797a3ba9a9de20bf9bdc7251a43e485ad44e7ef7687b1926fb89
c665ff20e14938ff62a9ef5c08f3c69d72ad46bbe5cf15c21ce8d4fa852ebd10
d0062ad8888fd9a175a8e602287a89546687943c11deb37486d53d4ef99a4ea2
d034b6f2e35abd63a2b381b565488e54c071a338e58d219cfb19ebbd5c6cd958
d054f842d897a1e7524a632609473c4db1ed9292366c56158ee41f5111c6a561
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d124d1f887285722d91918c1519269eb4c38243ad91b46d638051c8ce5581965
d4761d421bbf2f059126b9ce4f5e0a9f7bc83b046a58162780a2b9c3ab8c9a56
d519532a1fb31478c0229ed3e05cda7cbe9da592e3058942a049c2e41854e4b2
d747dbf5ec116dc12d77880f32c204f886b60c73c24977f7bca666e1efbd0cff
dbfe57981517fb06081dfdc343e0a6ebb3bb5222e6042e1e87bc256dd20337e5
ddd44b243a2166987e1f2a5a567127ff469061bd4168fac5aa9100a32866c242
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e08cd9caf747ae36d269aab5a23b84d2ea553ddc5be15d1704b3c7c10e07c3fc
e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51d79219ea2d15067c31db64afef2c97c43180c9f81bfa73363724d8f27f7fd
e6df6b8e7ae078cd4669e3cb25e2025eeed5dcf9482c80d1c5890df813c51a70
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ee61600b6ea445eacfb77ecafb2796f04ff4189b9924a8e9ea3cca6044610d2e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f8230afa3eb1c498737ecefc807bfa82d309697ee3196b77b7af678e5b9a9c4d

www.cyberark.com Open in urlscan Pro 104.17.194.105 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

185 Requests

99 %HTTPS

38 %IPv6

43 Domains

59 Subdomains

53 IPs

9 Countries

5746 kBTransfer

10085 kBSize

26 Cookies

32 Outgoing links

Page URL History

Redirected requests

185 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cyberark.com Open in urlscan Pro
104.17.194.105 Public Scan

Screenshot
Live screenshot

Full Image

185
Requests

99 %
HTTPS

38 %
IPv6

43
Domains

59
Subdomains

53
IPs

9
Countries

5746 kB
Transfer

10085 kB
Size

26
Cookies

185 HTTP transactions
2 data transactions