URL: http://www.corp-internal.com/3805f56f12?l=18
Submission: On February 11 via manual from El Dorado Hills, US

Summary

This website contacted 15 IPs in 3 countries across 12 domains to perform 113 HTTP transactions.
The main IP is 35.172.112.0, located in Seattle, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is www.corp-internal.com.
This is the first time this domain was scanned on urlscan.io!

Domain & IP information

IP Address AS Autonomous System
23 35.172.112.0 14618 (AMAZON-AES)
16 52.216.168.107 16509 (AMAZON-02)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 143.204.208.162 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
41 52.5.106.253 14618 (AMAZON-AES)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 143.204.208.88 16509 (AMAZON-02)
3 143.204.208.7 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 151.101.2.110 54113 (FASTLY)
1 162.247.242.18 23467 (NEWRELIC-...)
113 15
Domain Requested by
42 www.corp-internal.com www.corp-internal.com
22 dataentry.threatsim.com ajax.googleapis.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
www.corp-internal.com
16 tslp.s3.amazonaws.com www.corp-internal.com
12 www.google-analytics.com 6 redirects www.corp-internal.com
4 d25q7gseii1o1q.cloudfront.net www.corp-internal.com
3 ajax.googleapis.com www.corp-internal.com
2 fonts.gstatic.com www.corp-internal.com
2 d2wy8f7a9ursnm.cloudfront.net www.corp-internal.com
2 java.com www.corp-internal.com
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com www.corp-internal.com
1 fonts.googleapis.com www.corp-internal.com
113 12

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2
2018-11-07 -
2020-02-07
a year
www.java.com
DigiCert ECC Extended Validation Server CA
2018-02-21 -
2020-02-21
2 years
*.google-analytics.com
Google Internet Authority G3
2019-01-23 -
2019-04-17
3 months
*.threatsim.com
COMODO RSA Domain Validation Secure Server CA
2018-07-11 -
2020-07-25
2 years
*.googleapis.com
Google Internet Authority G3
2019-01-23 -
2019-04-17
3 months
*.cloudfront.net
DigiCert Global CA G2
2018-10-08 -
2019-10-09
a year
*.google.com
Google Internet Authority G3
2019-01-23 -
2019-04-17
3 months

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /ATS\/?([\d.]+)?/i

Web
Overall confidence: 100%
Detected patterns
  • env /^BugSnag$/i

Web
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Web
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Web
Overall confidence: 100%
Detected patterns
  • env /^NREUM/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

113 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set 3805f56f12?l=18
4 KB
2 KB
Document
General
Full URL
http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
5767069749cd73c3a1edc5afad5cf8f33e344780909aa86daaec77d9bbbc153a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.corp-internal.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=0, private, must-revalidate
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Mon, 11 Feb 2019 17:04:34 GMT
ETag
W/"6ae5d31efcc87fa2d2e6477af5d351cc"
Server
ThreatSim-Web-Server
Set-Cookie
EXFILGUID=3805f56f12; path=/ link_clicked_3805f56f12=1; path=/
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Request-Id
6e7cca3b-ad91-4143-a30c-95a04e1bee87
X-Runtime
0.020109
X-XSS-Protection
1; mode=block
Content-Length
952
Connection
keep-alive
Cookie set alt_pixel_click_3805f56f12.gif?correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2&email_opened_queued=false
0
652 B
Image
General
Full URL
http://www.corp-internal.com:49152/alt_pixel_click_3805f56f12.gif?correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2&email_opened_queued=false
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com:49152
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/3805f56f12?l=18
Cookie
EXFILGUID=3805f56f12; link_clicked_3805f56f12=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
2779c00a-e4ba-4699-b102-c59ceba17ad0
X-Runtime
0.006390
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/gif; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Set-Cookie
EXFILGUID=3805f56f12; path=/ link_clicked_3805f56f12=2; path=/
plugin_detect.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
49 KB
49 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified
Wed, 15 Feb 2017 17:56:07 GMT
Server
AmazonS3
x-amz-request-id
A3C8E77309573F96
ETag
"00a513f07603df01e3b99be00f370754"
Content-Type
text/javascript
Content-Length
50085
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
dPcNW4g/cBbfRcFkuc9VRTtfUNbx858iZqQ8T5lIySxV0RbP7G54b89c1Nlg5bdrPD5UsfxX3pQ=
java.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
50 KB
50 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/java.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4805fc6abdad8075af2165e241b781c3073d4769ae725e4004bf79064acb5f24

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified
Wed, 15 Feb 2017 14:38:28 GMT
Server
AmazonS3
x-amz-request-id
01A442ED72928DAB
ETag
"2bec0061039dc3fb25fc20aaf611d5b9"
Content-Type
text/javascript
Content-Length
50717
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
/MYRcajH8KsBWw79limOYbzE5VAiXpypQUwWOf+aiejtYum02iGiGVatwPAETStcxPLMQboYaaE=
deployJava.js
java.com/js
18 KB
18 KB
Script
General
Full URL
https://java.com/js/deployJava.js
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00:19a::196 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Oracle-HTTP-Server /
Resource Hash
358bb442f5d81ddc8e393d922458a9d84010efee2c346763ae87a45be92224d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Feb 2019 17:04:35 GMT
x-content-type-options
nosniff
last-modified
Fri, 07 Jul 2017 23:29:07 GMT
server
Oracle-HTTP-Server
status
200
x-frame-options
SAMEORIGIN
x-oracle-dms-ecid
005Kza_yrKd9Tcw70Fm3UF0003QU009rYR
content-type
application/javascript
x-oracle-dms-rid
0:1
expires
Tue, 12 Feb 2019 17:04:35 GMT
cache-control
max-age=86400
content-disposition
inline;filename=deployJava.js;filename*=UTF-8''deployJava.js
content-length
18444
x-xss-protection
1
mdt-type
abinary;charset=UTF-8
flash.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
7 KB
7 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/flash.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
a26d01d5912459798481786640dc44fd7605d09f2f9e6dd24720205efcab6861

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified
Wed, 15 Feb 2017 03:54:01 GMT
Server
AmazonS3
x-amz-request-id
BB44B4E6E9F5EA36
ETag
"f9ad9a096894ba248e4a1f73e7eba1be"
Content-Type
text/javascript
Content-Length
6680
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
h/hzL2fo4hwRR1zwkPKovssOnVQlTybFl6ZfRIn1aXQUJTYeV0dG6XKRqOG7j6Guu485utYYucU=
pdf.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
22 KB
23 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/pdf.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d9b7c6163477008469af64b211e2dbd4f4171b85b51e3714f11c99f9ba2c32f9

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified
Wed, 15 Feb 2017 14:39:34 GMT
Server
AmazonS3
x-amz-request-id
46A1B595BDB2C736
ETag
"0d5882d41c8b6e40059c8d9acbcf1518"
Content-Type
text/javascript
Content-Length
22855
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
5GuHHf3KHqT6Gkxh5lH0Xgj79bBixrYAa+cEzm9lXMYylgLhDeklLONEEmNhoDXQ+cVgjQMfXks=
quicktime.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
7 KB
7 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/quicktime.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
6ae53963f41133561c78b4332b564c01f551c471cd91d980436a9f5dacdd8f19

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified
Wed, 15 Feb 2017 14:41:05 GMT
Server
AmazonS3
x-amz-request-id
A0706C260FC638A5
ETag
"ee73f2f47d51116dc40b85a6b57eaf20"
Content-Type
text/javascript
Content-Length
6999
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
2yC9yEmJTe68pNyoiIY5bkQ1YRalHUB7iqnYHDfsiRUZtX6tMlODmsB/1+s7wEnxMYISR8dcvvg=
realplayer.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
10 KB
10 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/realplayer.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
88be902cc76b5ec1ec932b6ae93457b6b0ca69d7a36bfadefc2f24db225dc238

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified
Wed, 15 Feb 2017 14:45:02 GMT
Server
AmazonS3
x-amz-request-id
C6097FCC2BDFFCF4
ETag
"3d7be656672c16a34806c13388410325"
Content-Type
text/javascript
Content-Length
9775
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
BFOc7t4dHp1oLZON6NDLp7mEyswHBCmFu+EUY4WSQVVvayyfu6l/B2DjBDmLRxnnCkhZ5LEzwKc=
silverlight.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
4 KB
5 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/silverlight.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
0730a7e6770925fa4232096e4d9874514985ec791a63fe873f0e4e3cd7722381

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified
Wed, 15 Feb 2017 18:00:03 GMT
Server
AmazonS3
x-amz-request-id
3F528E7B31D98907
ETag
"e6dd596d2bc204ea573b868b92028c26"
Content-Type
text/javascript
Content-Length
4234
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
/VTxEX875YLYS5YLuLECNguTm7Z9F4SMlKknQ56IR+cBr9xoKtgA4KWHtbGOrZYcRFkXR3Og3VQ=
wmp.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
6 KB
6 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/wmp.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
cdb16ca3ddd3cead71121799751fa80d3033375abcdbc5fc84d35fb82c7fc9de

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:37 GMT
Last-Modified
Wed, 15 Feb 2017 15:07:14 GMT
Server
AmazonS3
x-amz-request-id
CB0C5CE3DD05BD08
ETag
"ffd2cc77bb64d40beeb5d561fffe1f79"
Content-Type
text/javascript
Content-Length
5941
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
pm3xd+qYa1BDpJqrz2YYPUsg+lSEq8y4uJmONNouUjjA00+7V/4kK+3i3I3jA/cz4har2VR9C78=
bugsnag-2.min.js
d2wy8f7a9ursnm.cloudfront.net
6 KB
3 KB
Script
General
Full URL
http://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Server
143.204.208.162 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-208-162.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 07 Feb 2019 00:21:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Aug 2016 00:30:49 GMT
Server
AmazonS3
Age
405928
ETag
"6103bb5e4ec6141e19e1100caafc780c"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront)
Cache-Control
public, max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2962
X-Amz-Cf-Id
zQ2dcWHG58ST3xDQ4YKMSBx7KHr0agJndLGQDXezUcylBvNezJFkrg==
Verified jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1
90 KB
33 KB
Script
General
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Server
2a00:1450:400c:c07::5f , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Verified resource
jquery/1.9.1/jquery.min.js at cdnjs.com, project jquery
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 07 Feb 2019 02:39:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
397527
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
33018
X-XSS-Protection
1; mode=block
Expires
Fri, 07 Feb 2020 02:39:08 GMT
Adblocked google-tracking.js?g=3805f56f12
/assets
455 B
707 B
Script
General
Full URL
http://www.corp-internal.com/assets/google-tracking.js?g=3805f56f12
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
fce517e48a56b76d45fd456264b90c82aa6e9ddb578f9f36d844ace5816d9841
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://www.corp-internal.com/3805f56f12?l=18
Cookie
EXFILGUID=3805f56f12; link_clicked_3805f56f12=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 23 Jan 2019 18:41:38 GMT
Server
ThreatSim-Web-Server
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000 public
Connection
keep-alive
Content-Length
316
Expires
Thu, 31 Dec 2037 23:55:55 GMT
all.js?g=3805f56f12
/assets
28 KB
7 KB
Script
General
Full URL
http://www.corp-internal.com/assets/all.js?g=3805f56f12
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
bae06f323013a94b766da34246d6439db4b57a1144e7b4f4c6a18848eb7a4cf8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://www.corp-internal.com/3805f56f12?l=18
Cookie
EXFILGUID=3805f56f12; link_clicked_3805f56f12=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 23 Jan 2019 18:41:38 GMT
Server
ThreatSim-Web-Server
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000 public
Connection
keep-alive
Content-Length
7149
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Adblocked analytics.js
www.google-analytics.com
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Jan 2019 20:01:45 GMT
server
Golfe2
age
4529
date
Mon, 11 Feb 2019 15:49:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
17543
expires
Mon, 11 Feb 2019 17:49:07 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
browser_post
dataentry.threatsim.com/secure
0
563 B
XHR
General
Full URL
https://dataentry.threatsim.com/secure/browser_post
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
http://www.corp-internal.com/3805f56f12?l=18
Origin
http://www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

X-Runtime
0.010517
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
233535c0-4e4f-46f9-aa56-465934267784
trace?id=3805f56f12&msg=BrowserDetect%20-%20localStorage%20%3D%20false&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20localStorage%20%3D%20false&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002650
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
77a0d321-df09-43db-b685-324d4f353543
trace?id=3805f56f12&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002975
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
0756ca27-4212-4cf0-89f9-5c454c28366e
trace?id=3805f56f12&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002610
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
adbd54ef-37cc-4e93-8b79-6a8dc3a2d6d1
trace?id=3805f56f12&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002768
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
b5c2838a-3304-4c2e-a562-50c72ed817a1
trace?id=3805f56f12&msg=BrowserDetect%20-%20browser_version%20%3D%2067&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20browser_version%20%3D%2067&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003539
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
3c33a7e7-7c6c-4d75-aae3-b37bb195149b
trace?id=3805f56f12&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002550
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
babf757f-0b20-442b-b557-1c4559a3806b
trace?id=3805f56f12&msg=BrowserDetect%20-%20os_version%20%3D%2010.13.5&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20os_version%20%3D%2010.13.5&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002679
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
12546261-a179-46dd-bdef-cca43c64d7b1
trace?id=3805f56f12&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002628
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
e72902b6-aea2-4fd1-bd59-526d03fde53e
trace?id=3805f56f12&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002941
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
86a1947c-fe97-458e-a887-a4e3ffc21ef8
trace?id=3805f56f12&msg=BrowserDetect%20-%20width%20%3D%201600&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20width%20%3D%201600&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003115
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-09d154253fd04c5f9, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
8c33c72f-2ba9-4de4-becc-0453c2ea0075
trace?id=3805f56f12&msg=BrowserDetect%20-%20height%20%3D%201200&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20height%20%3D%201200&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002731
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
cea3f13a-1fc4-44cd-a929-ab52a670e48a
trace?id=3805f56f12&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002522
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
701b881f-c779-4ce6-99bc-333034aa92c8
trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20pinlady&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20pinlady&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002668
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-09d154253fd04c5f9, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
85b2a979-0902-42b9-8a02-d58422039b40
trace?id=3805f56f12&msg=java_version_pl%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=java_version_pl%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002836
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
f29e7dcc-00d1-4cc5-a6b3-5c863fdb503b
trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20deployJava&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20deployJava&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002975
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
b98e18cd-e79c-4ff6-b29e-64a00cb5adb2
trace?id=3805f56f12&msg=java_version_jres%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=java_version_jres%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002710
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
31759030-8093-475d-862e-7edefcd45a68
trace?id=3805f56f12&msg=java_version%20%3D%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=java_version%20%3D%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002751
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
2392e676-10a9-4375-9e78-24ee151213e9
trace?id=3805f56f12&msg=Loading%20flash%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20flash%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002602
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
22860137-dfe6-437f-bb17-fa710c759fca
trace?id=3805f56f12&msg=flash%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=flash%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002542
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
5e7c1097-3e44-4d66-b3c8-a0e2e34d772c
trace?id=3805f56f12&msg=Loading%20pdf%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Loading%20pdf%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002793
Date
Mon, 11 Feb 2019 17:04:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
418a5194-c097-422b-882d-1cbdc9eee4c7
trace?id=3805f56f12&msg=Could%20not%20find%20AdobeReader%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
564 B
Image
General
Full URL
https://dataentry.threatsim.com/trace?id=3805f56f12&msg=Could%20not%20find%20AdobeReader%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003195
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a, ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
7f505f5b-0fc5-4792-9985-1055f0f9b474
trace?id=3805f56f12&msg=pdf%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

trace?id=3805f56f12&msg=Loading%20quicktime%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

trace?id=3805f56f12&msg=quicktime%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

trace?id=3805f56f12&msg=Loading%20RealPlayer%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

trace?id=3805f56f12&msg=realplayer%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

trace?id=3805f56f12&msg=Loading%20Silverlight%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

trace?id=3805f56f12&msg=silverlight%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

trace?id=3805f56f12&msg=Loading%20WindowsMediaPlayer%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

trace?id=3805f56f12&msg=wmp%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

trace?id=3805f56f12&msg=redirecting%20to%20%2Fload_training%3Fguid%3D3805f56f12%26correlation_id%3Da835cfc3-5f01-4349-8a58-d13e2b0da7b2&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

Adblocked collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=264010643&gjid=...
www.google-analytics.com/r
Redirect Chain
  • http://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=...
  • https://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je...
35 B
111 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=264010643&gjid=1459463859&cid=1382105944.1549904677&tid=UA-83403-17&_gid=1175953886.1549904677&_r=1&z=1113167129
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Feb 2019 17:04:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/r/collect?v=1&_v=j73&a=11467050&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=264010643&gjid=1459463859&cid=1382105944.1549904677&tid=UA-83403-17&_gid=1175953886.1549904677&_r=1&z=1113167129
Non-Authoritative-Reason
HSTS
Adblocked collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1382...
www.google-analytics.com
Redirect Chain
  • http://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&...
  • https://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0...
35 B
109 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1382105944.1549904677&uid=3805f56f12&tid=UA-83403-17&_gid=1175953886.1549904677&z=73228426
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/3805f56f12?l=18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.corp-internal.com/3805f56f12?l=18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Feb 2019 06:48:15 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
555381
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/collect?v=1&_v=j73&a=11467050&t=pageview&_s=2&dl=http%3A%2F%2Fwww.corp-internal.com%2F3805f56f12%3Fl%3D18&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=1382105944.1549904677&uid=3805f56f12&tid=UA-83403-17&_gid=1175953886.1549904677&z=73228426
Non-Authoritative-Reason
HSTS
trace?id=3805f56f12&msg=browser_post_successful&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
dataentry.threatsim.com
0
0

Cookie set load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
20 KB
6 KB
Document
General
Full URL
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/assets/all.js?g=3805f56f12
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
24cc75ac572a3836d883d5e63a2135af7cefd62cf1c6b54fe5811ac1b78ed92b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.corp-internal.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://www.corp-internal.com/3805f56f12?l=18
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://www.corp-internal.com/3805f56f12?l=18

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=0, private, must-revalidate
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Mon, 11 Feb 2019 17:04:38 GMT
ETag
W/"42034badaee0a8eb5c6a43c0c6dd4765"
Server
ThreatSim-Web-Server
Set-Cookie
EXFILGUID=3805f56f12; path=/
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Host-Info
lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Request-Id
adadd8ab-bef5-4194-8267-982cec815b57
X-Runtime
0.012587
X-XSS-Protection
1; mode=block
Content-Length
5819
Connection
keep-alive
css?family=Open+Sans:400,700
fonts.googleapis.com
5 KB
697 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,700
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:808::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
b3dd58a587d33c5200140cee13c1332ac4d7f59b2551d3a8b841738616e54eee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 11 Feb 2019 17:04:38 GMT
server
ESF
access-control-allow-origin
*
date
Mon, 11 Feb 2019 17:04:38 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
1; mode=block
expires
Mon, 11 Feb 2019 17:04:38 GMT
bugsnag-2.min.js
d2wy8f7a9ursnm.cloudfront.net
6 KB
3 KB
Script
General
Full URL
http://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
143.204.208.162 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-208-162.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 07 Feb 2019 00:22:10 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Aug 2016 00:30:49 GMT
Server
AmazonS3
Age
405930
ETag
"6103bb5e4ec6141e19e1100caafc780c"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 1f5757b46371746e677236d4fc67d364.cloudfront.net (CloudFront)
Cache-Control
public, max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2962
X-Amz-Cf-Id
1Y15LzxV1KPcu7dxKrbfnZ3ZT2NDxRBHse5ZX35IeFqJS4Y6tAzR3A==
Verified jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.0
94 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:821::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
Verified resource
zui/1.5.0/lib/jquery/jquery.js at cdnjs.com, project zui
unitegallery/1.7.28/js/jquery-11.0.min.js at cdnjs.com, project unitegallery
jquery/1.11.0/jquery.min.js at cdnjs.com, project jquery
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 31 Jan 2019 14:16:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
960478
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
33576
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 31 Jan 2020 14:16:40 GMT
plugin_detect.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
49 KB
49 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified
Wed, 15 Feb 2017 17:56:07 GMT
Server
AmazonS3
x-amz-request-id
57E206F97EB46A50
ETag
"00a513f07603df01e3b99be00f370754"
Content-Type
text/javascript
Content-Length
50085
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
kzEi3E2dvdROzZVL7ixu5kH8uJoJ8wsmYV6MCAWMLnI1e5gzvyDhLvzx+fBS5zto7drQIThqoiM=
java.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
50 KB
50 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/java.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4805fc6abdad8075af2165e241b781c3073d4769ae725e4004bf79064acb5f24

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified
Wed, 15 Feb 2017 14:38:28 GMT
Server
AmazonS3
x-amz-request-id
382E1DF2B9A3D57D
ETag
"2bec0061039dc3fb25fc20aaf611d5b9"
Content-Type
text/javascript
Content-Length
50717
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
fw50hDs5ZA2KMr+S/UzGVtxBQOpElfyds6NkXgKVAKOgsvl15amLR+ggxtP/BpJk8VgEBewGcUo=
deployJava.js
java.com/js
18 KB
18 KB
Script
General
Full URL
https://java.com/js/deployJava.js
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00:19a::196 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Oracle-HTTP-Server /
Resource Hash
358bb442f5d81ddc8e393d922458a9d84010efee2c346763ae87a45be92224d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Feb 2019 17:04:38 GMT
x-content-type-options
nosniff
last-modified
Fri, 07 Jul 2017 23:29:07 GMT
server
Oracle-HTTP-Server
status
200
x-frame-options
SAMEORIGIN
x-oracle-dms-ecid
005Kza_yrKd9Tcw70Fm3UF0003QU009rYR
content-type
application/javascript
x-oracle-dms-rid
0:1
expires
Tue, 12 Feb 2019 17:04:38 GMT
cache-control
max-age=86400
content-disposition
inline;filename=deployJava.js;filename*=UTF-8''deployJava.js
content-length
18444
x-xss-protection
1
mdt-type
abinary;charset=UTF-8
flash.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
7 KB
7 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/flash.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
a26d01d5912459798481786640dc44fd7605d09f2f9e6dd24720205efcab6861

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified
Wed, 15 Feb 2017 03:54:01 GMT
Server
AmazonS3
x-amz-request-id
05A05696A8323DCE
ETag
"f9ad9a096894ba248e4a1f73e7eba1be"
Content-Type
text/javascript
Content-Length
6680
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
ra6DeNVcQh2iWtdPBKBSaFpw3Hw0x8w3dEXwSKXf/HrG/z1WkbUjg3tYGJBs70aKdTvFX2MoYaY=
pdf.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
22 KB
23 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/pdf.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d9b7c6163477008469af64b211e2dbd4f4171b85b51e3714f11c99f9ba2c32f9

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified
Wed, 15 Feb 2017 14:39:34 GMT
Server
AmazonS3
x-amz-request-id
7E8E4A96E7B6F696
ETag
"0d5882d41c8b6e40059c8d9acbcf1518"
Content-Type
text/javascript
Content-Length
22855
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
LwwE+rkzaIEotZ6aOLjNUPS65MhtSkEyEQUO6yuF1mYutNwwhvGCT7aVhMG7/joXdNI4C9ilUUM=
quicktime.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
7 KB
7 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/quicktime.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
6ae53963f41133561c78b4332b564c01f551c471cd91d980436a9f5dacdd8f19

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified
Wed, 15 Feb 2017 14:41:05 GMT
Server
AmazonS3
x-amz-request-id
E94D17EA032D0212
ETag
"ee73f2f47d51116dc40b85a6b57eaf20"
Content-Type
text/javascript
Content-Length
6999
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
m329YknyYNxqP5JzF32ifXmubJMKJERqdvP5/wU4kbJm3tnAJTho0FaRK8TsRwL6gh2DCyCDtbQ=
realplayer.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
10 KB
10 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/realplayer.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
88be902cc76b5ec1ec932b6ae93457b6b0ca69d7a36bfadefc2f24db225dc238

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified
Wed, 15 Feb 2017 14:45:02 GMT
Server
AmazonS3
x-amz-request-id
3270FFE27CEC4C4C
ETag
"3d7be656672c16a34806c13388410325"
Content-Type
text/javascript
Content-Length
9775
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
BejY+HPD7SN1sX+yLKqsRe07lQ/sngVNRBw6j0cVr0jDWi4n+zq0ba4A+goJ6vArv/Gnk6QsipQ=
silverlight.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
4 KB
5 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/silverlight.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
0730a7e6770925fa4232096e4d9874514985ec791a63fe873f0e4e3cd7722381

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified
Wed, 15 Feb 2017 18:00:03 GMT
Server
AmazonS3
x-amz-request-id
C86DED99792F9C77
ETag
"e6dd596d2bc204ea573b868b92028c26"
Content-Type
text/javascript
Content-Length
4234
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
00D8AU/79B3TnTO2lB85geogcrvPHpfMGG3x/TkwHJ802QC2SYPUM60adnaOzlpYZbRq2JYCEbk=
wmp.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
tslp.s3.amazonaws.com/detect
6 KB
6 KB
Script
General
Full URL
https://tslp.s3.amazonaws.com/detect/wmp.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.168.107 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
cdb16ca3ddd3cead71121799751fa80d3033375abcdbc5fc84d35fb82c7fc9de

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:39 GMT
Last-Modified
Wed, 15 Feb 2017 15:07:14 GMT
Server
AmazonS3
x-amz-request-id
6ECFA39E7313C9C4
ETag
"ffd2cc77bb64d40beeb5d561fffe1f79"
Content-Type
text/javascript
Content-Length
5941
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
SZw35fGm+MOWlKXay4NfuLv1QMlBenO7WqLw9HKNfr0LWseFK3wdHmA8zprf8Jbsohtwn+yCKn0=
screenshot.png
d25q7gseii1o1q.cloudfront.net/training/fish
128 KB
128 KB
Image
General
Full URL
https://d25q7gseii1o1q.cloudfront.net/training/fish/screenshot.png
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.208.88 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-208-88.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d090ef088037f081a3e7d63f92c88ed5671434a23c73057603aab37e71e3420b

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:39 GMT
Via
1.1 c5c25772c7f14e267596e0f8ce51d9bc.cloudfront.net (CloudFront)
Last-Modified
Fri, 30 May 2014 14:17:49 GMT
Server
AmazonS3
ETag
"e1bcd3e8a8daaccba8850b73a16459fe"
X-Cache
Miss from cloudfront
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
130602
X-Amz-Cf-Id
OPkis8wz82MiKS2MyzeJeqe-ysdD5mtMkLLvHUtUAmeAIustKgUmMw==
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.2
91 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:821::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 04 Feb 2019 20:34:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
592220
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
33621
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Feb 2020 20:34:18 GMT
Adblocked google-tracking.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
/assets
455 B
707 B
Script
General
Full URL
http://www.corp-internal.com/assets/google-tracking.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
fce517e48a56b76d45fd456264b90c82aa6e9ddb578f9f36d844ace5816d9841
Blocked
Source: easylist, Type: privacy (This would have been blocked)

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
Last-Modified
Wed, 23 Jan 2019 18:41:38 GMT
Server
ThreatSim-Web-Server
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000 public
Connection
keep-alive
Content-Length
316
Expires
Thu, 31 Dec 2037 23:55:55 GMT
all.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
/assets
28 KB
7 KB
Script
General
Full URL
http://www.corp-internal.com/assets/all.js?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
bae06f323013a94b766da34246d6439db4b57a1144e7b4f4c6a18848eb7a4cf8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
Last-Modified
Wed, 23 Jan 2019 18:41:38 GMT
Server
ThreatSim-Web-Server
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000 public
Connection
keep-alive
Content-Length
7149
Expires
Thu, 31 Dec 2037 23:55:55 GMT
fish.png
d25q7gseii1o1q.cloudfront.net/training/fish
17 KB
17 KB
Image
General
Full URL
https://d25q7gseii1o1q.cloudfront.net/training/fish/fish.png
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.208.7 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-208-7.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ef08856966886b499b7640d39e41fbac21f509133d134b0bc9aee306c0cbbb29

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 15:26:39 GMT
Via
1.1 bc44333126502b410c97fe54a495ac36.cloudfront.net (CloudFront)
Last-Modified
Fri, 30 May 2014 14:17:49 GMT
Server
AmazonS3
Age
5880
ETag
"5cd7840d12eb932d2b16defed2ae1757"
X-Cache
Hit from cloudfront
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
16942
X-Amz-Cf-Id
HlSwaBzHPvllwWQPTYw6lALXk0OXGbwfJrfthfQq6zYV6EnosGA6ZA==
mail.png
d25q7gseii1o1q.cloudfront.net/training/fish
926 B
1 KB
Image
General
Full URL
https://d25q7gseii1o1q.cloudfront.net/training/fish/mail.png
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.208.7 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-208-7.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a35de3a30e58bf477febca8b47225959f48fd384faf088a218d6bf2251f06cbe

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 09:47:23 GMT
Via
1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
Last-Modified
Fri, 30 May 2014 15:01:28 GMT
Server
AmazonS3
Age
26236
ETag
"3c506b80d78539262795c9ba59a0631a"
X-Cache
Hit from cloudfront
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
926
X-Amz-Cf-Id
Ya1iBgB6lfkdaSgwnS-RbeOk95JiBZHH3NxSvbea62lRglNQG6alyw==
Verified pixel.gif
d25q7gseii1o1q.cloudfront.net/training/fish
43 B
479 B
Image
General
Full URL
https://d25q7gseii1o1q.cloudfront.net/training/fish/pixel.gif
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.208.7 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-208-7.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Verified resource
fancybox/2.1.5/blank.gif at cdnjs.com, project fancybox

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 15:26:39 GMT
Via
1.1 d7524ff4a82155dd51a24800cf39deec.cloudfront.net (CloudFront)
Last-Modified
Fri, 30 May 2014 15:14:30 GMT
Server
AmazonS3
Age
5880
ETag
"325472601571f31e1bf00674c368d335"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
d5pw15C5YtOlPJ6T_uas7Dxtrxz0VNopHYb5WYot8zOCr1EtgqD_lg==
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:818::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,700
Origin
http://www.corp-internal.com

Response headers

date
Mon, 04 Feb 2019 18:55:05 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:46 GMT
server
sffe
age
598173
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
8892
x-xss-protection
1; mode=block
expires
Tue, 04 Feb 2020 18:55:05 GMT
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:818::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,700
Origin
http://www.corp-internal.com

Response headers

date
Tue, 05 Feb 2019 06:45:25 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 21:49:39 GMT
server
sffe
age
555553
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
8800
x-xss-protection
1; mode=block
expires
Wed, 05 Feb 2020 06:45:25 GMT
Adblocked analytics.js
www.google-analytics.com
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Jan 2019 20:01:45 GMT
server
Golfe2
age
4531
date
Mon, 11 Feb 2019 15:49:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
17543
expires
Mon, 11 Feb 2019 17:49:07 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
trace?id=undefined&msg=window.tracking_id%20is%20not%20set%2C%20let%27s%20get%20it&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=undefined&msg=window.tracking_id%20is%20not%20set%2C%20let%27s%20get%20it&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002747
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
80a7ad3f-fbbe-4ce8-be2b-6edfc352fb36
trace?id=unknown&msg=get-id%20is%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=unknown&msg=get-id%20is%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002956
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
f1c42d04-bab4-4183-942a-702db0de9cb2
trace?id=unknown&msg=did%20not%20find%20guid%20in%20last%20part%20of%20location&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=unknown&msg=did%20not%20find%20guid%20in%20last%20part%20of%20location&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002914
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
f7f08dbc-b4f0-4608-9d06-01bbaeb431c2
trace?id=3805f56f12&msg=BrowserDetect%20-%20localStorage%20%3D%20false&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20localStorage%20%3D%20false&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002722
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
909f1951-0744-496b-a4bd-331e05497b58
trace?id=3805f56f12&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002980
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
a0dd26ee-9da0-446a-8713-76a0839a2f02
trace?id=3805f56f12&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003063
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
ad99bfa2-6bf6-4570-9f49-6d924e968bf1
trace?id=3805f56f12&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002528
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
37ff566d-56d2-4c49-9971-112d4b7581db
trace?id=3805f56f12&msg=BrowserDetect%20-%20browser_version%20%3D%2067&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20browser_version%20%3D%2067&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003277
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
f4f063f7-47bc-4712-a25a-b76b68b6cd5c
trace?id=3805f56f12&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003101
Date
Mon, 11 Feb 2019 17:04:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
4f38d63d-63f4-4e3d-813c-5331a76409b8
trace?id=3805f56f12&msg=BrowserDetect%20-%20os_version%20%3D%2010.13.5&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20os_version%20%3D%2010.13.5&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002584
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
85fe40fb-f684-499e-a8c6-94a00f61f75e
trace?id=3805f56f12&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002858
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
03012636-ad07-4cb9-b902-0cdf192f23b3
trace?id=3805f56f12&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002919
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
3f4dfeab-2c20-41ed-81ec-78eee395bdb0
trace?id=3805f56f12&msg=BrowserDetect%20-%20width%20%3D%201600&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20width%20%3D%201600&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003078
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-054a1a561925dc653 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
e63f4f27-089e-4e18-b1e4-a6963feeb96e
trace?id=3805f56f12&msg=BrowserDetect%20-%20height%20%3D%201200&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=BrowserDetect%20-%20height%20%3D%201200&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002747
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-09d154253fd04c5f9 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
10b73e8d-6ef8-485b-abee-f7dfbd21b362
trace?id=3805f56f12&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003022
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
e207f2cb-6c1b-49a3-becd-6b8df9d16880
trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20pinlady&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20pinlady&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003206
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
d7951f2a-5f40-469c-9ea3-32c071a1ab8d
trace?id=3805f56f12&msg=java_version_pl%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=java_version_pl%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002779
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
66a16a87-ea98-44fb-9035-49a7b15f91c5
trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20deployJava&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=Loading%20Java%20version%20from%20deployJava&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.002723
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-01bde8e1346f0e484 ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
63ad4fa8-c53e-4fdd-a714-ceeecdd281fe
trace?id=3805f56f12&msg=java_version_jres%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=java_version_jres%20%3D%20unknown&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
35.172.112.0 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-172-112-0.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.corp-internal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Cookie
EXFILGUID=3805f56f12; _ga=GA1.2.1769773026.1549904678; _gid=GA1.2.1984808054.1549904678; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Runtime
0.003510
Date
Mon, 11 Feb 2019 17:04:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-us-i-07a9d09a6f1a8140a ; e87fa0a9dd9dcd437e64f0c0cc86514014048b6e
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
b1a8cbeb-51f8-46eb-8a5a-3140f0ee758b
trace?id=3805f56f12&msg=java_version%20%3D%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
0
564 B
Image
General
Full URL
http://www.corp-internal.com/trace?id=3805f56f12&msg=java_version%20%3D%20undefined&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Requested by
Host: www.corp-internal.com
URL: http://www.corp-internal.com/load_training?guid=3805f56f12&correlation_id=a835cfc3-5f01-4349-8a58-d13e2b0da7b2
Protocol
HTTP/1.1
Server
52.5.106.253 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-106-253.compute-1.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855