open.corpbenefitplan.com Open in urlscan Pro
52.5.100.157 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://urldefense.proofpoint.com/v2/url?u=http-3A__open.corpbenefitplan.com_1019dd279a-3Fl-3D60&d=DwMFaQ&c=eJFcuPw3OEcOgXL2mmMpuw...
Effective URL:
http://open.corpbenefitplan.com/load_training?guid=1019dd279a&correlation_id=666ba285-eddc-4ee7-a945-f78f65964186
Submission: On October 10 via manual (October 10th 2017, 5:56:37 pm UTC) from US

Summary HTTP 127 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 13 domains to perform 127 HTTP transactions. The main IP is 52.5.100.157, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is open.corpbenefitplan.com.

This is the only time open.corpbenefitplan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.231.146.66 67.231.146.66	26211 (PROOFPOIN...) (PROOFPOINT-ASN-US-WEST - Proofpoint)
55	52.5.100.157 52.5.100.157	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
21	54.231.32.123 54.231.32.123	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a02:26f0:eb:... 2a02:26f0:eb:1a9::196	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	54.240.184.21 54.240.184.21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:81b::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
1 6	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
22	34.230.155.77 34.230.155.77	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2a00:1450:400... 2a00:1450:400c:c04::9d	15169 (GOOGLE) (GOOGLE - Google Inc.)
2	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
8	54.231.49.24 54.231.49.24	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	198.232.125.113 198.232.125.113	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	162.247.242.19 162.247.242.19	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
127	15

1 67.231.146.66 (Sunnyvale, United States) 1 redirects

ASN26211 (PROOFPOINT-ASN-US-WEST - Proofpoint, Inc., US)
PTR: urldefense.proofpoint.com

urldefense.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

55 52.5.100.157 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-5-100-157.compute-1.amazonaws.com

open.corpbenefitplan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dataentry.threatsim.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 54.231.32.123 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com

tslp.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:eb:1a9::196 (European Union)

ASN20940 (AKAMAI-ASN1, US)

java.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.240.184.21 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-240-184-21.ams50.r.cloudfront.net

d2wy8f7a9ursnm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81b::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 34.230.155.77 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-230-155-77.compute-1.amazonaws.com

dataentry.threatsim.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
open.corpbenefitplan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9d (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.110 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.231.49.24 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com

ts-uploads.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tslp.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.232.125.113 (Los Angeles, United States)

ASN3257 (GTT-BACKBONE GTT, DE)
PTR: 113-125-232-198.static.unitasglobal.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.19 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-7.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	corpbenefitplan.com open.corpbenefitplan.com	39 KB
33	threatsim.com dataentry.threatsim.com	53 B
29	amazonaws.com tslp.s3.amazonaws.com ts-uploads.s3.amazonaws.com	487 KB
6	google-analytics.com 1 redirects www.google-analytics.com	28 KB
3	gstatic.com fonts.gstatic.com	86 KB
3	googleapis.com ajax.googleapis.com fonts.googleapis.com	65 KB
2	newrelic.com js-agent.newrelic.com	17 KB
2	cloudfront.net d2wy8f7a9ursnm.cloudfront.net	6 KB
2	java.com java.com	36 KB
1	jquery.com code.jquery.com	37 KB
1	nr-data.net bam.nr-data.net Failed	57 B
1	doubleclick.net stats.g.doubleclick.net	53 B
1	proofpoint.com 1 redirects urldefense.proofpoint.com	180 B
127	13

	Domain	Requested by
44	open.corpbenefitplan.com	open.corpbenefitplan.com
33	dataentry.threatsim.com	open.corpbenefitplan.com
28	tslp.s3.amazonaws.com	open.corpbenefitplan.com
6	www.google-analytics.com	1 redirects open.corpbenefitplan.com
3	fonts.gstatic.com	open.corpbenefitplan.com
2	js-agent.newrelic.com	open.corpbenefitplan.com
2	ajax.googleapis.com	open.corpbenefitplan.com
2	d2wy8f7a9ursnm.cloudfront.net	open.corpbenefitplan.com
2	java.com	open.corpbenefitplan.com
1	code.jquery.com	open.corpbenefitplan.com
1	ts-uploads.s3.amazonaws.com	open.corpbenefitplan.com
1	fonts.googleapis.com	open.corpbenefitplan.com
1	bam.nr-data.net	js-agent.newrelic.com
1	stats.g.doubleclick.net	open.corpbenefitplan.com
1	urldefense.proofpoint.com	1 redirects
127	15

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2016-07-29` - `2017-11-29`	a year	crt.sh
www.java.com Symantec Class 3 ECC 256 bit EV CA - G2	`2017-03-06` - `2019-05-05`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G2	`2017-09-26` - `2017-12-19`	3 months	crt.sh
*.threatsim.com COMODO RSA Domain Validation Secure Server CA	`2016-07-25` - `2018-07-26`	2 years	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2017-10-03` - `2017-12-26`	3 months	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2017-10-10` - `2018-05-04`	7 months	crt.sh
*.googleapis.com Google Internet Authority G2	`2017-09-26` - `2017-12-19`	3 months	crt.sh
code.jquery.com AlphaSSL CA - SHA256 - G2	`2017-07-25` - `2018-07-26`	a year	crt.sh
*.google.com Google Internet Authority G2	`2017-09-26` - `2017-12-19`	3 months	crt.sh
*.nr-data.net GeoTrust SSL CA - G3	`2017-07-18` - `2018-03-17`	8 months	crt.sh

This page contains 1 frames:

Primary Page: http://open.corpbenefitplan.com/load_training?guid=1019dd279a&correlation_id=666ba285-eddc-4ee7-a945-f78f65964186
Frame ID: 5752.1
Requests: 128 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://urldefense.proofpoint.com/v2/url?u=http-3A__open.corpbenefitplan.com_1019dd279a-3Fl-3D60&d=DwMFaQ&c=eJ... HTTP 302
http://open.corpbenefitplan.com/1019dd279a?l=60 Page URL
http://open.corpbenefitplan.com/load_training?guid=1019dd279a&correlation_id=666ba285-eddc-4ee7-a945-f78f659... Page URL

Detected technologies

Apache Traffic Server (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /ATS\/?([\d.]+)?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i

Page Statistics

127
Requests

57 %
HTTPS

40 %
IPv6

13
Domains

15
Subdomains

15
IPs

3
Countries

801 kB
Transfer

1232 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://urldefense.proofpoint.com/v2/url?u=http-3A__open.corpbenefitplan.com_1019dd279a-3Fl-3D60&d=DwMFaQ&c=eJFcuPw3OEcOgXL2mmMpuw&r=dsQrjEn85zPEkJ1ZBh_Yig&m=uknlgR2jfkU74g2BM4EbrJBypercUiXV7bq4-qsmeaI&s=FduyrQ4QI_jyYl9dzgSd8Asoi0Ztll14nelHe6fe5_E&e= HTTP 302
http://open.corpbenefitplan.com/1019dd279a?l=60 Page URL
http://open.corpbenefitplan.com/load_training?guid=1019dd279a&correlation_id=666ba285-eddc-4ee7-a945-f78f65964186 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://urldefense.proofpoint.com/v2/url?u=http-3A__open.corpbenefitplan.com_1019dd279a-3Fl-3D60&d=DwMFaQ&c=eJFcuPw3OEcOgXL2mmMpuw&r=dsQrjEn85zPEkJ1ZBh_Yig&m=uknlgR2jfkU74g2BM4EbrJBypercUiXV7bq4-qsmeaI&s=FduyrQ4QI_jyYl9dzgSd8Asoi0Ztll14nelHe6fe5_E&e= HTTP 302
http://open.corpbenefitplan.com/1019dd279a?l=60

Request Chain 15

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 48

http://www.google-analytics.com/r/collect?v=1&_v=j64&a=955199398&t=pageview&_s=1&dl=http%3A%2F%2Fopen.corpbenefitplan.com%2F1019dd279a%3Fl%3D60&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABI~&jid=673996999&gjid=250281025&cid=366036606.1507658183&tid=UA-83403-17&_gid=843958081.1507658183&_r=1&z=446170433 HTTP 307
https://www.google-analytics.com/r/collect?v=1&_v=j64&a=955199398&t=pageview&_s=1&dl=http%3A%2F%2Fopen.corpbenefitplan.com%2F1019dd279a%3Fl%3D60&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABI~&jid=673996999&gjid=250281025&cid=366036606.1507658183&tid=UA-83403-17&_gid=843958081.1507658183&_r=1&z=446170433 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-83403-17&cid=366036606.1507658183&jid=673996999&_gid=843958081.1507658183&gjid=250281025&_v=j64&z=446170433

Request Chain 49

http://www.google-analytics.com/collect?v=1&_v=j64&a=955199398&t=pageview&_s=2&dl=http%3A%2F%2Fopen.corpbenefitplan.com%2F1019dd279a%3Fl%3D60&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABI~&jid=&gjid=&cid=366036606.1507658183&uid=1019dd279a&tid=UA-83403-17&_gid=843958081.1507658183&z=1106793351 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j64&a=955199398&t=pageview&_s=2&dl=http%3A%2F%2Fopen.corpbenefitplan.com%2F1019dd279a%3Fl%3D60&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABI~&jid=&gjid=&cid=366036606.1507658183&uid=1019dd279a&tid=UA-83403-17&_gid=843958081.1507658183&z=1106793351

Request Chain 84

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 122

http://www.google-analytics.com/collect?v=1&_v=j64&a=1039951568&t=pageview&_s=1&dl=http%3A%2F%2Fopen.corpbenefitplan.com%2Fload_training%3Fguid%3D1019dd279a%26correlation_id%3D666ba285-eddc-4ee7-a945-f78f65964186&ul=en-us&de=UTF-8&dt=You%27ve%20been%20phished!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=AACAAEABI~&jid=&gjid=&cid=366036606.1507658183&tid=UA-83403-17&_gid=843958081.1507658183&z=1842922479 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j64&a=1039951568&t=pageview&_s=1&dl=http%3A%2F%2Fopen.corpbenefitplan.com%2Fload_training%3Fguid%3D1019dd279a%26correlation_id%3D666ba285-eddc-4ee7-a945-f78f65964186&ul=en-us&de=UTF-8&dt=You%27ve%20been%20phished!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=AACAAEABI~&jid=&gjid=&cid=366036606.1507658183&tid=UA-83403-17&_gid=843958081.1507658183&z=1842922479

Request Chain 123

http://www.google-analytics.com/collect?v=1&_v=j64&a=1039951568&t=pageview&_s=2&dl=http%3A%2F%2Fopen.corpbenefitplan.com%2Fload_training%3Fguid%3D1019dd279a%26correlation_id%3D666ba285-eddc-4ee7-a945-f78f65964186&ul=en-us&de=UTF-8&dt=You%27ve%20been%20phished!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=QACAAEABI~&jid=&gjid=&cid=366036606.1507658183&tid=UA-83403-17&_gid=843958081.1507658183&z=25125450 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j64&a=1039951568&t=pageview&_s=2&dl=http%3A%2F%2Fopen.corpbenefitplan.com%2Fload_training%3Fguid%3D1019dd279a%26correlation_id%3D666ba285-eddc-4ee7-a945-f78f65964186&ul=en-us&de=UTF-8&dt=You%27ve%20been%20phished!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=QACAAEABI~&jid=&gjid=&cid=366036606.1507658183&tid=UA-83403-17&_gid=843958081.1507658183&z=25125450

127 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set 1019dd279a Show response
open.corpbenefitplan.com/
Redirect Chain

https://urldefense.proofpoint.com/v2/url?u=http-3A__open.corpbenefitplan.com_1019dd279a-3Fl-3D60&d=DwMFaQ&c=eJFcuPw3OEcOgXL2mmMpuw&r=dsQrjEn85zPEkJ1ZBh_Yig&m=uknlgR2jfkU74g2BM4EbrJBypercUiXV7bq4-qs...
http://open.corpbenefitplan.com/1019dd279a?l=60

19 KB
7 KB

267ms
115ms

Document
text/html

52.5.100.157
Amazon.com

General

Domain/Path	Expires	Name / Value
.corpbenefitplan.com/	2017-10-11 17:56:24	Name: _gid Value: GA1.2.843958081.1507658183
.corpbenefitplan.com/	2019-10-10 17:56:24	Name: _ga Value: GA1.2.366036606.1507658183
.corpbenefitplan.com/	2017-10-10 17:57:22	Name: _gat Value: 1
open.corpbenefitplan.com/	1970-01-01 00:00:00	Name: link_clicked_1019dd279a Value: 2
open.corpbenefitplan.com/	1970-01-01 00:00:00	Name: EXFILGUID Value: 1019dd279a

open.corpbenefitplan.com Open in urlscan Pro 52.5.100.157 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

127 Requests

57 %HTTPS

40 %IPv6

13 Domains

15 Subdomains

15 IPs

3 Countries

801 kBTransfer

1232 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

127 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

open.corpbenefitplan.com Open in urlscan Pro
52.5.100.157 Public Scan

Screenshot
Live screenshot

Full Image

127
Requests

57 %
HTTPS

40 %
IPv6

13
Domains

15
Subdomains

15
IPs

3
Countries

801 kB
Transfer

1232 kB
Size

5
Cookies

127 HTTP transactions
1 data transactions