www.corp-internal.com Open in urlscan Pro
52.5.106.253 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.corp-internal.com/3805f56f12?l=18
Effective URL:
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Submission: On February 11 via manual (February 11th 2019, 5:04:56 pm UTC) from US

Summary HTTP 113 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 10 domains to perform 113 HTTP transactions. The main IP is 52.5.106.253, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is www.corp-internal.com.

This is the only time www.corp-internal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	35.172.112.0 35.172.112.0	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
16	52.216.168.107 52.216.168.107	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a02:26f0:6c0... 2a02:26f0:6c00:19a::196	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	143.204.208.162 143.204.208.162	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:400c:c07::5f	15169 (GOOGLE) (GOOGLE - Google LLC)
41	52.5.106.253 52.5.106.253	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
6	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	143.204.208.88 143.204.208.88	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	143.204.208.7 143.204.208.7	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.2.110 151.101.2.110	54113 (FASTLY) (FASTLY - Fastly)
1	162.247.242.18 162.247.242.18	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
113	15

23 35.172.112.0 (Seattle, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-172-112-0.compute-1.amazonaws.com

www.corp-internal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.216.168.107 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com

tslp.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:19a::196 (European Union)

ASN20940 (AKAMAI-ASN1, US)

java.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.208.162 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-208-162.fra53.r.cloudfront.net

d2wy8f7a9ursnm.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::5f (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 52.5.106.253 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-5-106-253.compute-1.amazonaws.com

www.corp-internal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dataentry.threatsim.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:821::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.208.88 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-208-88.fra53.r.cloudfront.net

d25q7gseii1o1q.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.208.7 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-208-7.fra53.r.cloudfront.net

d25q7gseii1o1q.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.110 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.18 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-6.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	corp-internal.com www.corp-internal.com	44 KB
22	threatsim.com dataentry.threatsim.com	12 KB
16	amazonaws.com tslp.s3.amazonaws.com	313 KB
6	google-analytics.com www.google-analytics.com	35 KB
6	cloudfront.net d2wy8f7a9ursnm.cloudfront.net d25q7gseii1o1q.cloudfront.net	154 KB
4	googleapis.com ajax.googleapis.com fonts.googleapis.com	99 KB
2	gstatic.com fonts.gstatic.com	17 KB
2	java.com java.com	37 KB
1	nr-data.net bam.nr-data.net	254 B
1	newrelic.com js-agent.newrelic.com	9 KB
113	10

	Domain	Requested by
42	www.corp-internal.com	www.corp-internal.com
22	dataentry.threatsim.com	ajax.googleapis.com www.corp-internal.com
16	tslp.s3.amazonaws.com	www.corp-internal.com
6	www.google-analytics.com	www.corp-internal.com
4	d25q7gseii1o1q.cloudfront.net	www.corp-internal.com
3	ajax.googleapis.com	www.corp-internal.com
2	fonts.gstatic.com	www.corp-internal.com
2	d2wy8f7a9ursnm.cloudfront.net	www.corp-internal.com
2	java.com	www.corp-internal.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.corp-internal.com
1	fonts.googleapis.com	www.corp-internal.com
113	12

This site contains no links.

Subject Issuer	Validity	Valid
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2018-11-07` - `2020-02-07`	a year	crt.sh
www.java.com DigiCert ECC Extended Validation Server CA	`2018-02-21` - `2020-02-21`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-01-23` - `2019-04-17`	3 months	crt.sh
*.threatsim.com COMODO RSA Domain Validation Secure Server CA	`2018-07-11` - `2020-07-25`	2 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-01-23` - `2019-04-17`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2018-10-08` - `2019-10-09`	a year	crt.sh
*.google.com Google Internet Authority G3	`2019-01-23` - `2019-04-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Frame ID: 29EB2CA0318A64CCB02DECCC25A3965E
Requests: 113 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.corp-internal.com/3805f56f12?l=18 Page URL
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0... Page URL

Detected technologies

Apache Traffic Server (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /ATS\/?([\d.]+)?/i

BugSnag (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^BugSnag$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

New Relic (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^NREUM/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

113
Requests

49 %
HTTPS

43 %
IPv6

10
Domains

12
Subdomains

15
IPs

3
Countries

720 kB
Transfer

988 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.corp-internal.com/3805f56f12?l=18 Page URL
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 48

http://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=264010643&gjid=1459463859&cid=1382105944.1549904677&tid=UA-83403-17&_gid=1175953886.1549904677&_r=1&z=1113167129 HTTP 307
https://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=264010643&gjid=1459463859&cid=1382105944.1549904677&tid=UA-83403-17&_gid=1175953886.1549904677&_r=1&z=1113167129

Request Chain 49

http://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1382105944.1549904677&uid=3805f56f12&tid=UA-83403-17&_gid=1175953886.1549904677&z=73228426 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1382105944.1549904677&uid=3805f56f12&tid=UA-83403-17&_gid=1175953886.1549904677&z=73228426

Request Chain 72

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 108

http://www.google-analytics.com/r/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&ul=en-us&de=UTF-8&dt=You%27ve%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=215267693&gjid=1077365760&cid=1769773026.1549904678&tid=UA-83403-17&_gid=1984808054.1549904678&_r=1&z=878373616 HTTP 307
https://www.google-analytics.com/r/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&ul=en-us&de=UTF-8&dt=You%27ve%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=215267693&gjid=1077365760&cid=1769773026.1549904678&tid=UA-83403-17&_gid=1984808054.1549904678&_r=1&z=878373616

Request Chain 109

http://www.google-analytics.com/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&ul=en-us&de=UTF-8&dt=You%27ve%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1769773026.1549904678&tid=UA-83403-17&_gid=1984808054.1549904678&z=1645954970 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&ul=en-us&de=UTF-8&dt=You%27ve%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1769773026.1549904678&tid=UA-83403-17&_gid=1984808054.1549904678&z=1645954970

113 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set 3805f56f12 Show response
www.corp-internal.com/ 4 KB
2 KB 1262ms
122ms Document
text/html 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

5767069749cd73c3a1edc5afad5cf8f33e344780909aa86daaec77d9bbbc153a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.corp-internal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 11 Feb 2019 17:04:34 GMT
ETag: W/"6ae5d31efcc87fa2d2e6477af5d351cc"
Server: ThreatSim-Web-Server
Set-Cookie: EXFILGUID=3805f56f12; path=/ link_clicked_3805f56f12=1; path=/
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Request-Id: 6e7cca3b-ad91-4143-a30c-95a04e1bee87
X-Runtime: 0.020109
X-XSS-Protection: 1; mode=block
Content-Length: 952
Connection: keep-alive

GET
H/1.1 200
OK Cookie set alt_pixel_click_3805f56f12.gif
www.corp-internal.com/ 0
652 B 1443ms
116ms Image
image/gif 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com:49152/alt_pixel_click_3805f56f12.gif?correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2&email_opened_queued=false

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com:49152
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/3805f56f12?l=18
Cookie: EXFILGUID=3805f56f12; link_clicked_3805f56f12=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:36 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 2779c00a-e4ba-4699-b102-c59ceba17ad0
X-Runtime: 0.006390
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/gif; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Set-Cookie: EXFILGUID=3805f56f12; path=/ link_clicked_3805f56f12=2; path=/

GET
H/1.1 200
OK plugin_detect.js Show response
tslp.s3.amazonaws.com/detect/ 49 KB
49 KB 1455ms
107ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified: Wed, 15 Feb 2017 17:56:07 GMT
Server: AmazonS3
x-amz-request-id: A3C8E77309573F96
ETag: "00a513f07603df01e3b99be00f370754"
Content-Type: text/javascript
Content-Length: 50085
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: dPcNW4g/cBbfRcFkuc9VRTtfUNbx858iZqQ8T5lIySxV0RbP7G54b89c1Nlg5bdrPD5UsfxX3pQ=

GET
H/1.1 200
OK java.js Show response
tslp.s3.amazonaws.com/detect/ 50 KB
50 KB 1452ms
106ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/java.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4805fc6abdad8075af2165e241b781c3073d4769ae725e4004bf79064acb5f24

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified: Wed, 15 Feb 2017 14:38:28 GMT
Server: AmazonS3
x-amz-request-id: 01A442ED72928DAB
ETag: "2bec0061039dc3fb25fc20aaf611d5b9"
Content-Type: text/javascript
Content-Length: 50717
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: /MYRcajH8KsBWw79limOYbzE5VAiXpypQUwWOf+aiejtYum02iGiGVatwPAETStcxPLMQboYaaE=

GET
H2 200 deployJava.js Show response
java.com/js/ 18 KB
18 KB 497ms
10ms Script
application/javascript 2a02:26f0:6c00:19a::196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://java.com/js/deployJava.js

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19a::196 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Oracle-HTTP-Server /

Resource Hash

358bb442f5d81ddc8e393d922458a9d84010efee2c346763ae87a45be92224d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 11 Feb 2019 17:04:35 GMT
x-content-type-options: nosniff
last-modified: Fri, 07 Jul 2017 23:29:07 GMT
server: Oracle-HTTP-Server
status: 200
x-frame-options: SAMEORIGIN
x-oracle-dms-ecid: 005Kza_yrKd9Tcw70Fm3UF0003QU009rYR
content-type: application/javascript
x-oracle-dms-rid: 0:1
expires: Tue, 12 Feb 2019 17:04:35 GMT
cache-control: max-age=86400
content-disposition: inline;filename=deployJava.js;filename*=UTF-8''deployJava.js
content-length: 18444
x-xss-protection: 1
mdt-type: abinary;charset=UTF-8

GET
H/1.1 200
OK flash.js Show response
tslp.s3.amazonaws.com/detect/ 7 KB
7 KB 1458ms
112ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/flash.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: a26d01d5912459798481786640dc44fd7605d09f2f9e6dd24720205efcab6861

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified: Wed, 15 Feb 2017 03:54:01 GMT
Server: AmazonS3
x-amz-request-id: BB44B4E6E9F5EA36
ETag: "f9ad9a096894ba248e4a1f73e7eba1be"
Content-Type: text/javascript
Content-Length: 6680
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: h/hzL2fo4hwRR1zwkPKovssOnVQlTybFl6ZfRIn1aXQUJTYeV0dG6XKRqOG7j6Guu485utYYucU=

GET
H/1.1 200
OK pdf.js Show response
tslp.s3.amazonaws.com/detect/ 22 KB
23 KB 1469ms
117ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/pdf.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: d9b7c6163477008469af64b211e2dbd4f4171b85b51e3714f11c99f9ba2c32f9

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified: Wed, 15 Feb 2017 14:39:34 GMT
Server: AmazonS3
x-amz-request-id: 46A1B595BDB2C736
ETag: "0d5882d41c8b6e40059c8d9acbcf1518"
Content-Type: text/javascript
Content-Length: 22855
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: 5GuHHf3KHqT6Gkxh5lH0Xgj79bBixrYAa+cEzm9lXMYylgLhDeklLONEEmNhoDXQ+cVgjQMfXks=

GET
H/1.1 200
OK quicktime.js Show response
tslp.s3.amazonaws.com/detect/ 7 KB
7 KB 1587ms
128ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/quicktime.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6ae53963f41133561c78b4332b564c01f551c471cd91d980436a9f5dacdd8f19

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified: Wed, 15 Feb 2017 14:41:05 GMT
Server: AmazonS3
x-amz-request-id: A0706C260FC638A5
ETag: "ee73f2f47d51116dc40b85a6b57eaf20"
Content-Type: text/javascript
Content-Length: 6999
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: 2yC9yEmJTe68pNyoiIY5bkQ1YRalHUB7iqnYHDfsiRUZtX6tMlODmsB/1+s7wEnxMYISR8dcvvg=

GET
H/1.1 200
OK realplayer.js Show response
tslp.s3.amazonaws.com/detect/ 10 KB
10 KB 1702ms
133ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/realplayer.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 88be902cc76b5ec1ec932b6ae93457b6b0ca69d7a36bfadefc2f24db225dc238

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified: Wed, 15 Feb 2017 14:45:02 GMT
Server: AmazonS3
x-amz-request-id: C6097FCC2BDFFCF4
ETag: "3d7be656672c16a34806c13388410325"
Content-Type: text/javascript
Content-Length: 9775
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: BFOc7t4dHp1oLZON6NDLp7mEyswHBCmFu+EUY4WSQVVvayyfu6l/B2DjBDmLRxnnCkhZ5LEzwKc=

GET
H/1.1 200
OK silverlight.js Show response
tslp.s3.amazonaws.com/detect/ 4 KB
5 KB 230ms
100ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/silverlight.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0730a7e6770925fa4232096e4d9874514985ec791a63fe873f0e4e3cd7722381

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified: Wed, 15 Feb 2017 18:00:03 GMT
Server: AmazonS3
x-amz-request-id: 3F528E7B31D98907
ETag: "e6dd596d2bc204ea573b868b92028c26"
Content-Type: text/javascript
Content-Length: 4234
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: /VTxEX875YLYS5YLuLECNguTm7Z9F4SMlKknQ56IR+cBr9xoKtgA4KWHtbGOrZYcRFkXR3Og3VQ=

GET
H/1.1 200
OK wmp.js Show response
tslp.s3.amazonaws.com/detect/ 6 KB
6 KB 164ms
98ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/wmp.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: cdb16ca3ddd3cead71121799751fa80d3033375abcdbc5fc84d35fb82c7fc9de

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified: Wed, 15 Feb 2017 15:07:14 GMT
Server: AmazonS3
x-amz-request-id: CB0C5CE3DD05BD08
ETag: "ffd2cc77bb64d40beeb5d561fffe1f79"
Content-Type: text/javascript
Content-Length: 5941
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: pm3xd+qYa1BDpJqrz2YYPUsg+lSEq8y4uJmONNouUjjA00+7V/4kK+3i3I3jA/cz4har2VR9C78=

GET
H/1.1 200
OK bugsnag-2.min.js Show response
d2wy8f7a9ursnm.cloudfront.net/ 6 KB
3 KB 1044ms
8ms Script
application/javascript 143.204.208.162
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Server: 143.204.208.162 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-208-162.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 00:21:56 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 00:30:49 GMT
Server: AmazonS3
Age: 405928
ETag: "6103bb5e4ec6141e19e1100caafc780c"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
Cache-Control: public, max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2962
X-Amz-Cf-Id: zQ2dcWHG58ST3xDQ4YKMSBx7KHr0agJndLGQDXezUcylBvNezJFkrg==

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ 90 KB
33 KB 50ms
15ms Script
text/javascript 2a00:1450:400c:c07::5f
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Server

2a00:1450:400c:c07::5f , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 02:39:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
Server: sffe
Age: 397527
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 33018
X-XSS-Protection: 1; mode=block
Expires: Fri, 07 Feb 2020 02:39:08 GMT

GET
H/1.1 200
OK google-tracking.js Show response
www.corp-internal.com/assets/ 455 B
707 B 353ms
104ms Script
application/javascript 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://www.corp-internal.com/assets/google-tracking.js?g=3805f56f12
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Server: 52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-5-106-253.compute-1.amazonaws.com
Software: ThreatSim-Web-Server /
Resource Hash: fce517e48a56b76d45fd456264b90c82aa6e9ddb578f9f36d844ace5816d9841

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://www.corp-internal.com/3805f56f12?l=18
Cookie: EXFILGUID=3805f56f12; link_clicked_3805f56f12=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 23 Jan 2019 18:41:38 GMT
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000 public
Connection: keep-alive
Content-Length: 316
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK all.js Show response
www.corp-internal.com/assets/ 28 KB
7 KB 325ms
104ms Script
application/javascript 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://www.corp-internal.com/assets/all.js?g=3805f56f12
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol: HTTP/1.1
Server: 52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-5-106-253.compute-1.amazonaws.com
Software: ThreatSim-Web-Server /
Resource Hash: bae06f323013a94b766da34246d6439db4b57a1144e7b4f4c6a18848eb7a4cf8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://www.corp-internal.com/3805f56f12?l=18
Cookie: EXFILGUID=3805f56f12; link_clicked_3805f56f12=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 23 Jan 2019 18:41:38 GMT
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000 public
Connection: keep-alive
Content-Length: 7149
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

43 KB
17 KB

6ms
5ms

Script
text/javascript

2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 4529
date: Mon, 11 Feb 2019 15:49:07 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 17543
expires: Mon, 11 Feb 2019 17:49:07 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS

POST
H/1.1 200
OK browser_post Show response
dataentry.threatsim.com/secure/ 0
563 B 456ms
108ms XHR
image/gif 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://dataentry.threatsim.com/secure/browser_post

Requested by

Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: http://www.corp-internal.com/3805f56f12?l=18
Origin: http://www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

X-Runtime: 0.010517
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 233535c0-4e4f-46f9-aa56-465934267784

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 475ms
107ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20localStorage%20%3D%20false&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002650
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 77a0d321-df09-43db-b685-324d4f353543

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 481ms
107ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002975
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 0756ca27-4212-4cf0-89f9-5c454c28366e

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 583ms
107ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002610
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: adbd54ef-37cc-4e93-8b79-6a8dc3a2d6d1

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 588ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002768
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: b5c2838a-3304-4c2e-a562-50c72ed817a1

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 691ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20browser_version%20%3D%2067&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003539
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 3c33a7e7-7c6c-4d75-aae3-b37bb195149b

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 245ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002550
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: babf757f-0b20-442b-b557-1c4559a3806b

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 324ms
107ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20os_version%20%3D%2010.13.5&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002679
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 12546261-a179-46dd-bdef-cca43c64d7b1

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 325ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002628
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: e72902b6-aea2-4fd1-bd59-526d03fde53e

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 238ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002941
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 86a1947c-fe97-458e-a887-a4e3ffc21ef8

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 318ms
107ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20width%20%3D%201600&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003115
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 8c33c72f-2ba9-4de4-becc-0453c2ea0075

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 223ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20height%20%3D%201200&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002731
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: cea3f13a-1fc4-44cd-a929-ab52a670e48a

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 233ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002522
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 701b881f-c779-4ce6-99bc-333034aa92c8

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 215ms
107ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20pinlady&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002668
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 85b2a979-0902-42b9-8a02-d58422039b40

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 217ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=java_version_pl%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002836
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: f29e7dcc-00d1-4cc5-a6b3-5c863fdb503b

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 218ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20deployJava&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002975
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: b98e18cd-e79c-4ff6-b29e-64a00cb5adb2

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 215ms
107ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=java_version_jres%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002710
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 31759030-8093-475d-862e-7edefcd45a68

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 216ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=java_version%20%3D%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002751
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 2392e676-10a9-4375-9e78-24ee151213e9

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 218ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20flash%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002602
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 22860137-dfe6-437f-bb17-fa710c759fca

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 215ms
107ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=flash%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002542
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 5e7c1097-3e44-4d66-b3c8-a0e2e34d772c

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 216ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20pdf%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002793
Date: Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 418a5194-c097-422b-882d-1cbdc9eee4c7

GET
H/1.1 200
OK trace
dataentry.threatsim.com/ 0
564 B 219ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Could%20not%20find%20AdobeReader%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003195
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 7f505f5b-0fc5-4792-9985-1055f0f9b474

GET trace
dataentry.threatsim.com/ 0
0

GET
H2

200

collect
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=...
https://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je...

35 B
111 B

14ms
14ms

Image
image/gif

2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=264010643&gjid=1459463859&cid=1382105944.1549904677&tid=UA-83403-17&_gid=1175953886.1549904677&_r=1&z=1113167129

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Feb 2019 17:04:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=264010643&gjid=1459463859&cid=1382105944.1549904677&tid=UA-83403-17&_gid=1175953886.1549904677&_r=1&z=1113167129
Non-Authoritative-Reason: HSTS

GET
H2

200

collect
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&...
https://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0...

35 B
109 B

6ms
6ms

Image
image/gif

2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1382105944.1549904677&uid=3805f56f12&tid=UA-83403-17&_gid=1175953886.1549904677&z=73228426

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.corp-internal.com/3805f56f12?l=18
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Feb 2019 06:48:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 555381
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1382105944.1549904677&uid=3805f56f12&tid=UA-83403-17&_gid=1175953886.1549904677&z=73228426
Non-Authoritative-Reason: HSTS

GET trace
dataentry.threatsim.com/ 0
0

GET
H/1.1 200
OK Primary Request Cookie set load_training Show response
www.corp-internal.com/ 20 KB
6 KB 279ms
120ms Document
text/html 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/assets/all.js?g=3805f56f12

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

24cc75ac572a3836d883d5e63a2135af7cefd62cf1c6b54fe5811ac1b78ed92b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.corp-internal.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://www.corp-internal.com/3805f56f12?l=18
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://www.corp-internal.com/3805f56f12?l=18

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 11 Feb 2019 17:04:38 GMT
ETag: W/"42034badaee0a8eb5c6a43c0c6dd4765"
Server: ThreatSim-Web-Server
Set-Cookie: EXFILGUID=3805f56f12; path=/
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Request-Id: adadd8ab-bef5-4194-8267-982cec815b57
X-Runtime: 0.012587
X-XSS-Protection: 1; mode=block
Content-Length: 5819
Connection: keep-alive

GET
H2 200 css
fonts.googleapis.com/ 5 KB
697 B 18ms
14ms Stylesheet
text/css 2a00:1450:4001:808::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:808::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

b3dd58a587d33c5200140cee13c1332ac4d7f59b2551d3a8b841738616e54eee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 11 Feb 2019 17:04:38 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 11 Feb 2019 17:04:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 1; mode=block
expires: Mon, 11 Feb 2019 17:04:38 GMT

GET
H/1.1 200
OK bugsnag-2.min.js Show response
d2wy8f7a9ursnm.cloudfront.net/ 6 KB
3 KB 22ms
8ms Script
application/javascript 143.204.208.162
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Server: 143.204.208.162 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-208-162.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Feb 2019 00:22:10 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2016 00:30:49 GMT
Server: AmazonS3
Age: 405930
ETag: "6103bb5e4ec6141e19e1100caafc780c"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 1f5757b46371746e677236d4fc67d364.cloudfront.net (CloudFront)
Cache-Control: public, max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2962
X-Amz-Cf-Id: 1Y15LzxV1KPcu7dxKrbfnZ3ZT2NDxRBHse5ZX35IeFqJS4Y6tAzR3A==

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 94 KB
33 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:821::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 31 Jan 2019 14:16:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 960478
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 33576
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Jan 2020 14:16:40 GMT

GET
H/1.1 200
OK plugin_detect.js Show response
tslp.s3.amazonaws.com/detect/ 49 KB
49 KB 100ms
97ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified: Wed, 15 Feb 2017 17:56:07 GMT
Server: AmazonS3
x-amz-request-id: 57E206F97EB46A50
ETag: "00a513f07603df01e3b99be00f370754"
Content-Type: text/javascript
Content-Length: 50085
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: kzEi3E2dvdROzZVL7ixu5kH8uJoJ8wsmYV6MCAWMLnI1e5gzvyDhLvzx+fBS5zto7drQIThqoiM=

GET
H/1.1 200
OK java.js Show response
tslp.s3.amazonaws.com/detect/ 50 KB
50 KB 109ms
107ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/java.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4805fc6abdad8075af2165e241b781c3073d4769ae725e4004bf79064acb5f24

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified: Wed, 15 Feb 2017 14:38:28 GMT
Server: AmazonS3
x-amz-request-id: 382E1DF2B9A3D57D
ETag: "2bec0061039dc3fb25fc20aaf611d5b9"
Content-Type: text/javascript
Content-Length: 50717
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: fw50hDs5ZA2KMr+S/UzGVtxBQOpElfyds6NkXgKVAKOgsvl15amLR+ggxtP/BpJk8VgEBewGcUo=

GET
H2 200 deployJava.js Show response
java.com/js/ 18 KB
18 KB 13ms
10ms Script
application/javascript 2a02:26f0:6c00:19a::196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://java.com/js/deployJava.js

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:19a::196 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Oracle-HTTP-Server /

Resource Hash

358bb442f5d81ddc8e393d922458a9d84010efee2c346763ae87a45be92224d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 11 Feb 2019 17:04:38 GMT
x-content-type-options: nosniff
last-modified: Fri, 07 Jul 2017 23:29:07 GMT
server: Oracle-HTTP-Server
status: 200
x-frame-options: SAMEORIGIN
x-oracle-dms-ecid: 005Kza_yrKd9Tcw70Fm3UF0003QU009rYR
content-type: application/javascript
x-oracle-dms-rid: 0:1
expires: Tue, 12 Feb 2019 17:04:38 GMT
cache-control: max-age=86400
content-disposition: inline;filename=deployJava.js;filename*=UTF-8''deployJava.js
content-length: 18444
x-xss-protection: 1
mdt-type: abinary;charset=UTF-8

GET
H/1.1 200
OK flash.js Show response
tslp.s3.amazonaws.com/detect/ 7 KB
7 KB 105ms
103ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/flash.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: a26d01d5912459798481786640dc44fd7605d09f2f9e6dd24720205efcab6861

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified: Wed, 15 Feb 2017 03:54:01 GMT
Server: AmazonS3
x-amz-request-id: 05A05696A8323DCE
ETag: "f9ad9a096894ba248e4a1f73e7eba1be"
Content-Type: text/javascript
Content-Length: 6680
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: ra6DeNVcQh2iWtdPBKBSaFpw3Hw0x8w3dEXwSKXf/HrG/z1WkbUjg3tYGJBs70aKdTvFX2MoYaY=

GET
H/1.1 200
OK pdf.js Show response
tslp.s3.amazonaws.com/detect/ 22 KB
23 KB 103ms
101ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/pdf.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: d9b7c6163477008469af64b211e2dbd4f4171b85b51e3714f11c99f9ba2c32f9

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified: Wed, 15 Feb 2017 14:39:34 GMT
Server: AmazonS3
x-amz-request-id: 7E8E4A96E7B6F696
ETag: "0d5882d41c8b6e40059c8d9acbcf1518"
Content-Type: text/javascript
Content-Length: 22855
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: LwwE+rkzaIEotZ6aOLjNUPS65MhtSkEyEQUO6yuF1mYutNwwhvGCT7aVhMG7/joXdNI4C9ilUUM=

GET
H/1.1 200
OK quicktime.js Show response
tslp.s3.amazonaws.com/detect/ 7 KB
7 KB 210ms
106ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/quicktime.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6ae53963f41133561c78b4332b564c01f551c471cd91d980436a9f5dacdd8f19

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified: Wed, 15 Feb 2017 14:41:05 GMT
Server: AmazonS3
x-amz-request-id: E94D17EA032D0212
ETag: "ee73f2f47d51116dc40b85a6b57eaf20"
Content-Type: text/javascript
Content-Length: 6999
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: m329YknyYNxqP5JzF32ifXmubJMKJERqdvP5/wU4kbJm3tnAJTho0FaRK8TsRwL6gh2DCyCDtbQ=

GET
H/1.1 200
OK realplayer.js Show response
tslp.s3.amazonaws.com/detect/ 10 KB
10 KB 205ms
99ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/realplayer.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 88be902cc76b5ec1ec932b6ae93457b6b0ca69d7a36bfadefc2f24db225dc238

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified: Wed, 15 Feb 2017 14:45:02 GMT
Server: AmazonS3
x-amz-request-id: 3270FFE27CEC4C4C
ETag: "3d7be656672c16a34806c13388410325"
Content-Type: text/javascript
Content-Length: 9775
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: BejY+HPD7SN1sX+yLKqsRe07lQ/sngVNRBw6j0cVr0jDWi4n+zq0ba4A+goJ6vArv/Gnk6QsipQ=

GET
H/1.1 200
OK silverlight.js Show response
tslp.s3.amazonaws.com/detect/ 4 KB
5 KB 290ms
100ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/silverlight.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0730a7e6770925fa4232096e4d9874514985ec791a63fe873f0e4e3cd7722381

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified: Wed, 15 Feb 2017 18:00:03 GMT
Server: AmazonS3
x-amz-request-id: C86DED99792F9C77
ETag: "e6dd596d2bc204ea573b868b92028c26"
Content-Type: text/javascript
Content-Length: 4234
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: 00D8AU/79B3TnTO2lB85geogcrvPHpfMGG3x/TkwHJ802QC2SYPUM60adnaOzlpYZbRq2JYCEbk=

GET
H/1.1 200
OK wmp.js Show response
tslp.s3.amazonaws.com/detect/ 6 KB
6 KB 306ms
100ms Script
text/javascript 52.216.168.107
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tslp.s3.amazonaws.com/detect/wmp.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: cdb16ca3ddd3cead71121799751fa80d3033375abcdbc5fc84d35fb82c7fc9de

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified: Wed, 15 Feb 2017 15:07:14 GMT
Server: AmazonS3
x-amz-request-id: 6ECFA39E7313C9C4
ETag: "ffd2cc77bb64d40beeb5d561fffe1f79"
Content-Type: text/javascript
Content-Length: 5941
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: SZw35fGm+MOWlKXay4NfuLv1QMlBenO7WqLw9HKNfr0LWseFK3wdHmA8zprf8Jbsohtwn+yCKn0=

GET
H/1.1 200
OK screenshot.png
d25q7gseii1o1q.cloudfront.net/training/fish/ 128 KB
128 KB 683ms
376ms Image
image/png 143.204.208.88
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d25q7gseii1o1q.cloudfront.net/training/fish/screenshot.png
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.208.88 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-208-88.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d090ef088037f081a3e7d63f92c88ed5671434a23c73057603aab37e71e3420b

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:39 GMT
Via: 1.1 c5c25772c7f14e267596e0f8ce51d9bc.cloudfront.net (CloudFront)
Last-Modified: Fri, 30 May 2014 14:17:49 GMT
Server: AmazonS3
ETag: "e1bcd3e8a8daaccba8850b73a16459fe"
X-Cache: Miss from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 130602
X-Amz-Cf-Id: OPkis8wz82MiKS2MyzeJeqe-ysdD5mtMkLLvHUtUAmeAIustKgUmMw==

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.2/ 91 KB
33 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:821::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Feb 2019 20:34:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 592220
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 33621
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Feb 2020 20:34:18 GMT

GET
H/1.1 200
OK google-tracking.js Show response
www.corp-internal.com/assets/ 455 B
707 B 105ms
105ms Script
application/javascript 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://www.corp-internal.com/assets/google-tracking.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Server: 52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-5-106-253.compute-1.amazonaws.com
Software: ThreatSim-Web-Server /
Resource Hash: fce517e48a56b76d45fd456264b90c82aa6e9ddb578f9f36d844ace5816d9841

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 23 Jan 2019 18:41:38 GMT
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000 public
Connection: keep-alive
Content-Length: 316
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK all.js Show response
www.corp-internal.com/assets/ 28 KB
7 KB 106ms
105ms Script
application/javascript 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://www.corp-internal.com/assets/all.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Server: 52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-5-106-253.compute-1.amazonaws.com
Software: ThreatSim-Web-Server /
Resource Hash: bae06f323013a94b766da34246d6439db4b57a1144e7b4f4c6a18848eb7a4cf8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 23 Jan 2019 18:41:38 GMT
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000 public
Connection: keep-alive
Content-Length: 7149
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK fish.png
d25q7gseii1o1q.cloudfront.net/training/fish/ 17 KB
17 KB 60ms
12ms Image
image/png 143.204.208.7
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d25q7gseii1o1q.cloudfront.net/training/fish/fish.png
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.208.7 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-208-7.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ef08856966886b499b7640d39e41fbac21f509133d134b0bc9aee306c0cbbb29

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 15:26:39 GMT
Via: 1.1 bc44333126502b410c97fe54a495ac36.cloudfront.net (CloudFront)
Last-Modified: Fri, 30 May 2014 14:17:49 GMT
Server: AmazonS3
Age: 5880
ETag: "5cd7840d12eb932d2b16defed2ae1757"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16942
X-Amz-Cf-Id: HlSwaBzHPvllwWQPTYw6lALXk0OXGbwfJrfthfQq6zYV6EnosGA6ZA==

GET
H/1.1 200
OK mail.png
d25q7gseii1o1q.cloudfront.net/training/fish/ 926 B
1 KB 59ms
11ms Image
image/png 143.204.208.7
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d25q7gseii1o1q.cloudfront.net/training/fish/mail.png
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.208.7 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-208-7.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a35de3a30e58bf477febca8b47225959f48fd384faf088a218d6bf2251f06cbe

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 09:47:23 GMT
Via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
Last-Modified: Fri, 30 May 2014 15:01:28 GMT
Server: AmazonS3
Age: 26236
ETag: "3c506b80d78539262795c9ba59a0631a"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 926
X-Amz-Cf-Id: Ya1iBgB6lfkdaSgwnS-RbeOk95JiBZHH3NxSvbea62lRglNQG6alyw==

GET
H/1.1 200
OK pixel.gif
d25q7gseii1o1q.cloudfront.net/training/fish/ 43 B
479 B 56ms
8ms Image
image/gif 143.204.208.7
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d25q7gseii1o1q.cloudfront.net/training/fish/pixel.gif
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.208.7 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-208-7.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 15:26:39 GMT
Via: 1.1 d7524ff4a82155dd51a24800cf39deec.cloudfront.net (CloudFront)
Last-Modified: Fri, 30 May 2014 15:14:30 GMT
Server: AmazonS3
Age: 5880
ETag: "325472601571f31e1bf00674c368d335"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
X-Amz-Cf-Id: d5pw15C5YtOlPJ6T_uas7Dxtrxz0VNopHYb5WYot8zOCr1EtgqD_lg==

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:818::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,700
Origin: http://www.corp-internal.com

Response headers

date: Mon, 04 Feb 2019 18:55:05 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:46 GMT
server: sffe
age: 598173
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8892
x-xss-protection: 1; mode=block
expires: Tue, 04 Feb 2020 18:55:05 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:818::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,700
Origin: http://www.corp-internal.com

Response headers

date: Tue, 05 Feb 2019 06:45:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:39 GMT
server: sffe
age: 555553
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8800
x-xss-protection: 1; mode=block
expires: Wed, 05 Feb 2020 06:45:25 GMT

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

43 KB
17 KB

6ms
5ms

Script
text/javascript

2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 4531
date: Mon, 11 Feb 2019 15:49:07 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 17543
expires: Mon, 11 Feb 2019 17:49:07 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 111ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=undefined&msg=window.tracking_id%20is%20not%20set%2C%20let%27s%20get%20it&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002747
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 80a7ad3f-fbbe-4ce8-be2b-6edfc352fb36

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 220ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=unknown&msg=get-id%20is%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002956
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: f1c42d04-bab4-4183-942a-702db0de9cb2

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 268ms
111ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=unknown&msg=did%20not%20find%20guid%20in%20last%20part%20of%20location&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002914
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: f7f08dbc-b4f0-4608-9d06-01bbaeb431c2

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 324ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20localStorage%20%3D%20false&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002722
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 909f1951-0744-496b-a4bd-331e05497b58

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 373ms
112ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002980
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: a0dd26ee-9da0-446a-8713-76a0839a2f02

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 433ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003063
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: ad99bfa2-6bf6-4570-9f49-6d924e968bf1

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 382ms
112ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002528
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 37ff566d-56d2-4c49-9971-112d4b7581db

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 329ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20browser_version%20%3D%2067&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003277
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: f4f063f7-47bc-4712-a25a-b76b68b6cd5c

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 338ms
112ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003101
Date: Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 4f38d63d-63f4-4e3d-813c-5331a76409b8

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 329ms
108ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20os_version%20%3D%2010.13.5&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002584
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 85fe40fb-f684-499e-a8c6-94a00f61f75e

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 338ms
112ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002858
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 03012636-ad07-4cb9-b902-0cdf192f23b3

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 329ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002919
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 3f4dfeab-2c20-41ed-81ec-78eee395bdb0

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 338ms
112ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20width%20%3D%201600&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003078
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: e63f4f27-089e-4e18-b1e4-a6963feeb96e

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 328ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20height%20%3D%201200&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002747
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 10b73e8d-6ef8-485b-abee-f7dfbd21b362

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 339ms
114ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003022
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: e207f2cb-6c1b-49a3-becd-6b8df9d16880

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 329ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20pinlady&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003206
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: d7951f2a-5f40-469c-9ea3-32c071a1ab8d

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 340ms
112ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=java_version_pl%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002779
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 66a16a87-ea98-44fb-9035-49a7b15f91c5

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 329ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20deployJava&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002723
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 63ad4fa8-c53e-4fdd-a714-ceeecdd281fe

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 341ms
113ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=java_version_jres%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003510
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: b1a8cbeb-51f8-46eb-8a5a-3140f0ee758b

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 329ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=java_version%20%3D%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002917
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 692c2af2-e435-4b83-85f7-48f99175e320

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 295ms
99ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20flash%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002249
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: b188bcdf-896d-484a-b3d2-3e3735392917

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 271ms
114ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=flash%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002980
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: b4d6c0e7-0d21-43e6-820e-68b2b9be41f0

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 202ms
110ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20pdf%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002563
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: fd0c8832-94ea-4818-985b-2fb78d0095d6

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 185ms
111ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Could%20not%20find%20AdobeReader%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002681
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 51dcd4dc-7738-4a33-91ae-d44d5756601f

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 145ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=pdf%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002986
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 2762dee8-219a-4ee9-a19f-e12aa9cec23c

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 134ms
100ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20quicktime%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002780
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 9636a7ee-575f-4b09-b882-583e8ae7f2d1

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 133ms
113ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=quicktime%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002631
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 77b43425-2d47-449f-989c-f64d6222b107

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 119ms
116ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20RealPlayer%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002766
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: df32a231-f998-4f28-ac8c-1b9e6537714e

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 132ms
110ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=realplayer%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002096
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: a7273b3e-f008-4e44-ad19-ece92414df20

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 143ms
109ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20Silverlight%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002981
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 3d97b3e9-49ff-4b1c-9ba3-4694eea9e935

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 130ms
105ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=silverlight%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002803
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: f23ded4d-b036-4246-8b1c-6cc3ef6174ad

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 148ms
115ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20WindowsMediaPlayer%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003035
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 9c73ab77-40a9-4cdd-9a6e-a9572d67d924

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 119ms
113ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=wmp%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002564
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: f5d7eec1-86b3-47fa-8e0d-d78dd45dcb8e

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 131ms
113ms Image
text/plain 35.172.112.0
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=training_page_no_browser_post&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-172-112-0.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.002472
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: 00ad5fd9-c38d-4282-a12e-89d4d27c374a

GET
H/1.1 200
OK trace
www.corp-internal.com/ 0
564 B 145ms
114ms Image
text/plain 52.5.106.253
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.corp-internal.com/trace?id=3805f56f12&msg=redirect_url%20is%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

HTTP/1.1

Server

52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-5-106-253.compute-1.amazonaws.com

Software

ThreatSim-Web-Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.corp-internal.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie: EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime: 0.003055
Date: Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: ThreatSim-Web-Server
X-Host-Info: lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
X-XSS-Protection: 1; mode=block
X-Request-Id: f51834fc-27d0-43bb-bfde-41abf43be346

GET
H2

200

collect
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a5...
https://www.google-analytics.com/r/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a...

35 B
111 B

15ms
14ms

Image
image/gif

2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&ul=en-us&de=UTF-8&dt=You%27ve%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=215267693&gjid=1077365760&cid=1769773026.1549904678&tid=UA-83403-17&_gid=1984808054.1549904678&_r=1&z=878373616

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Feb 2019 17:04:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&ul=en-us&de=UTF-8&dt=You%27ve%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=215267693&gjid=1077365760&cid=1769773026.1549904678&tid=UA-83403-17&_gid=1984808054.1549904678&_r=1&z=878373616
Non-Authoritative-Reason: HSTS

GET
H2

200

collect
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-...
https://www.google-analytics.com/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58...

35 B
109 B

6ms
6ms

Image
image/gif

2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&ul=en-us&de=UTF-8&dt=You%27ve%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1769773026.1549904678&tid=UA-83403-17&_gid=1984808054.1549904678&z=1645954970

Requested by

Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Feb 2019 06:48:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 555383
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/collect?v=1&_v=j73&a=1283822247&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&ul=en-us&de=UTF-8&dt=You%27ve%20been%20Phished!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1769773026.1549904678&tid=UA-83403-17&_gid=1984808054.1549904678&z=1645954970
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK nr-943.min.js Show response
js-agent.newrelic.com/ 22 KB
9 KB 64ms
7ms Script
application/javascript 151.101.2.110
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://js-agent.newrelic.com/nr-943.min.js
Requested by: Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol: HTTP/1.1
Server: 151.101.2.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 51b2c979abe4fbbc2ae657efdc95ecebe231870ef628a9e8cc7b953ba910fbb1

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 11 Feb 2019 17:04:40 GMT
Content-Encoding: gzip
x-amz-request-id: 67A19C7FE1A2DA53
X-Cache: HIT
Connection: keep-alive
Content-Length: 8646
x-amz-id-2: HzpueTfItLeQcGNRH/ugcbWnyx8OIBIvEuUPPlkAxN6GHjWuNHqqu1EyDsTdzjb/u/6TVhpkMgU=
X-Served-By: cache-hhn1545-HHN
Last-Modified: Wed, 28 Feb 2018 23:33:44 GMT
Server: AmazonS3
X-Timer: S1549904680.029590,VS0,VE0
ETag: "0909a6e7f1ea17aa3a97acab0754bb45"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 varnish
Cache-Control: public, max-age=7200, stale-if-error=604800
Accept-Ranges: bytes
X-Cache-Hits: 62

GET
H/1.1 200
OK 1eb02dae32 Show response
bam.nr-data.net/1/ 57 B
254 B 241ms
117ms Script
text/javascript 162.247.242.18
New Relic

General

Check archive.org

Show headers Download Go to

Full URL: http://bam.nr-data.net/1/1eb02dae32?a=16904076&v=943.9bd99bf&to=J1oIRBZeWVQHSxwAFQ0aEkIFWFtRDF5sFRwUUBUfF1laTw%3D%3D&rst=2260&ref=http://www.corp-internal.com/load_training&ap=30&be=288&fe=1888&dc=343&perf=%7B%22timing%22:%7B%22of%22:1549904677792,%22n%22:0,%22u%22:281,%22ue%22:281,%22dl%22:283,%22di%22:631,%22ds%22:631,%22de%22:641,%22dc%22:2176,%22l%22:2176,%22le%22:2176,%22f%22:0,%22dn%22:1,%22dne%22:55,%22c%22:55,%22ce%22:159,%22rq%22:160,%22rp%22:279,%22rpe%22:280%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: http://js-agent.newrelic.com/nr-943.min.js
Protocol: HTTP/1.1
Server: 162.247.242.18 , United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS: bam-6.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Referer: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=pdf%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20quicktime%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=quicktime%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20RealPlayer%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=realplayer%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20Silverlight%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=silverlight%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20WindowsMediaPlayer%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=wmp%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=redirecting%20to%20%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Domain: dataentry.threatsim.com
URL: https://dataentry.threatsim.com/trace?id=3805f56f12&msg=browser_post_successful&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.corp-internal.com/	1970-01-18 22:31:44	Name: _gat Value: 1
.corp-internal.com/	1970-01-18 22:33:11	Name: _gid Value: GA1.2.1984808054.1549904678
.corp-internal.com/	1970-01-19 16:02:56	Name: _ga Value: GA1.2.1769773026.1549904678
www.corp-internal.com/	1969-12-31 23:59:59	Name: EXFILGUID Value: 3805f56f12

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bam.nr-data.net
d25q7gseii1o1q.cloudfront.net
d2wy8f7a9ursnm.cloudfront.net
dataentry.threatsim.com
fonts.googleapis.com
fonts.gstatic.com
java.com
js-agent.newrelic.com
tslp.s3.amazonaws.com
www.corp-internal.com
www.google-analytics.com
dataentry.threatsim.com
143.204.208.162
143.204.208.7
143.204.208.88
151.101.2.110
162.247.242.18
2a00:1450:4001:808::200a
2a00:1450:4001:818::2003
2a00:1450:4001:821::200a
2a00:1450:4001:821::200e
2a00:1450:400c:c07::5f
2a02:26f0:6c00:19a::196
35.172.112.0
52.216.168.107
52.5.106.253
0730a7e6770925fa4232096e4d9874514985ec791a63fe873f0e4e3cd7722381
24cc75ac572a3836d883d5e63a2135af7cefd62cf1c6b54fe5811ac1b78ed92b
358bb442f5d81ddc8e393d922458a9d84010efee2c346763ae87a45be92224d1
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
4805fc6abdad8075af2165e241b781c3073d4769ae725e4004bf79064acb5f24
4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a
51b2c979abe4fbbc2ae657efdc95ecebe231870ef628a9e8cc7b953ba910fbb1
5767069749cd73c3a1edc5afad5cf8f33e344780909aa86daaec77d9bbbc153a
6ae53963f41133561c78b4332b564c01f551c471cd91d980436a9f5dacdd8f19
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
88be902cc76b5ec1ec932b6ae93457b6b0ca69d7a36bfadefc2f24db225dc238
9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc
a26d01d5912459798481786640dc44fd7605d09f2f9e6dd24720205efcab6861
a35de3a30e58bf477febca8b47225959f48fd384faf088a218d6bf2251f06cbe
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b3dd58a587d33c5200140cee13c1332ac4d7f59b2551d3a8b841738616e54eee
bae06f323013a94b766da34246d6439db4b57a1144e7b4f4c6a18848eb7a4cf8
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
cdb16ca3ddd3cead71121799751fa80d3033375abcdbc5fc84d35fb82c7fc9de
d090ef088037f081a3e7d63f92c88ed5671434a23c73057603aab37e71e3420b
d9b7c6163477008469af64b211e2dbd4f4171b85b51e3714f11c99f9ba2c32f9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef08856966886b499b7640d39e41fbac21f509133d134b0bc9aee306c0cbbb29
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
fce517e48a56b76d45fd456264b90c82aa6e9ddb578f9f36d844ace5816d9841
fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be

www.corp-internal.com Open in urlscan Pro 52.5.106.253 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

113 Requests

49 %HTTPS

43 %IPv6

10 Domains

12 Subdomains

15 IPs

3 Countries

720 kBTransfer

988 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

113 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.corp-internal.com Open in urlscan Pro
52.5.106.253 Public Scan

Screenshot
Live screenshot

Full Image

113
Requests

49 %
HTTPS

43 %
IPv6

10
Domains

12
Subdomains

15
IPs

3
Countries

720 kB
Transfer

988 kB
Size

4
Cookies

113 HTTP transactions
0 data transactions