Windows Analysis Report
http://www.corp-internal.co/ae90cbd9826866b7?l=8

Overview

General Information

Sample URL: http://www.corp-internal.co/ae90cbd9826866b7?l=8
Analysis ID: 1431610
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Source: http://www.corp-internal.co/load_training?guid=e390cbdd12686627&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP Parser: No favicon
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49740 version: TLS 1.0
Source: unknown HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.5:49734 version: TLS 1.2
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49740 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.200.130
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 25 Apr 2024 12:24:45 GMTContent-Type: application/javascriptContent-Length: 7191Connection: keep-aliveLast-Modified: Thu, 11 Apr 2024 12:55:27 GMTVary: Accept-EncodingContent-Encoding: gzipServer: ThreatSim-Web-ServerExpires: Thu, 31 Dec 2037 23:55:55 GMTCache-Control: max-age=315360000Cache-Control: publicAccess-Control-Allow-Origin: *Data Raw: 1f 8b 08 00 c1 89 3e 60 02 03 cd 3d 6d 7b e3 36 8e df fd 2b 14 ed 5c 2b cd 38 8e 33 ed 76 af ce e5 72 99 4c a6 cd ee a4 99 9d 4c db bd 8b 53 3f b2 45 db 4c 64 c9 95 e4 bc ec 24 ff fd 00 f0 45 a4 4c 39 76 da ed 5d 9f 3e 49 44 82 00 08 80 20 48 82 9c 60 bc 48 47 25 cf d2 20 f4 3e b7 6e 79 1a 67 b7 9d 61 54 b0 c1 3c 2b ca c1 22 4f bc 87 07 2f 70 56 ec 7b be 1f b6 3d 59 97 64 93 01 cb f3 2c 87 72 8d 94 b5 3d 6e 20 46 98 32 1b 8c b2 b4 c8 12 16 70 68 9d b2 5b ef 64 16 4d 58 10 76 8a 7c 04 8d 9d b4 5e 79 fe 0e b4 3e e0 f1 be 0f 1f 2c 1d 65 31 fb f1 e3 c9 51 36 9b 67 29 4b 4b c5 62 99 47 a3 6b 9e 4e 06 3c 0e b1 d5 17 05 bb 69 6a c2 04 c4 ac 98 34 41 70 01 31 ca f2 9c 25 11 76 69 20 39 90 e4 ec 9a bd d6 a3 25 8f aa af a6 50 50 20 37 19 8f bd ae b7 b5 bf 5f 61 22 c0 41 cc 86 8b 89 f7 c5 17 9e 2c 40 44 75 bc 33 56 14 20 32 4b d2 cd 62 66 9b 89 19 25 c8 9e 21 e8 15 62 64 1b 8b 11 fe 0f 3b a3 28 49 82 72 ca 8b d0 d9 7b c3 30 57 09 e5 ff ba eb d8 95 bd 56 eb 26 ca bd 37 79 76 5b b0 fc 2d 2b d9 a8 04 46 3e b7 78 ca cb 9e 6d 1a d8 e1 ce 50 40 02 0c 7d 16 2c ca 47 d3 f3 32 07 aa 24 91 4e 1c 95 91 44 17 a2 24 fc 45 7a 9d 66 b7 a9 df f6 4c 04 a2 89 42 23 0b 3b 65 26 51 85 9d 9c cd 13 e8 74 b0 b3 b7 33 69 7b fe bf 7d f5 06 c7 b4 60 e2 86 e5 05 70 65 33 f1 93 28 54 b2 48 a3 1b 3e 89 ca 2c ef 2c 00 f3 e1 04 fa 4c fc 38 5a 54 a0 d1 7c 2e 0b eb bc 5b 84 6d e6 65 e1 d3 cc 13 f4 d9 f9 6a d9 9d 9d bb 49 9f 9d db 54 cf ce 57 51 c9 8a 9f 5c ac ea 62 e0 b1 62 57 91 e0 c5 61 1a e7 e0 00 40 dd 30 ce 83 8a 5f 5f 56 68 fc bc 78 03 a4 af 87 e0 58 ef 97 a1 a9 ee 0d d6 f9 68 65 ed d6 60 1a 15 ef 33 18 36 e7 20 65 b0 f8 9e 97 2e 92 a4 dd 5a 2a b6 0c 8e 8f bd 00 e1 c8 1b 11 fa 3a 9e d0 cb 59 b9 c8 53 c7 28 0c 7c db a8 b7 bd a3 c3 a3 ef 8f 7b 5e 62 b4 47 66 61 78 b8 71 2b b1 d4 2b f6 5a 65 7e 8f ae 12 06 0e 62 c0 71 fc 36 2a 61 18 ef 55 8e ae 02 07 3d 97 27 25 9b e1 9c c3 4c 87 61 80 4c 14 48 43 7d ce 66 d9 0d d3 20 6e be 80 95 ad 2e 88 db 1b 45 e5 68 ea 05 5c 0f 5a 17 e4 2e 40 b6 36 90 de ef 20 36 69 08 e7 40 82 2c b3 6e 0a f5 8a 35 8c c1 6e f2 1c 73 28 2c 0c f5 9e d5 f0 9b 7d b3 ab 94 51 d8 e8 b4 ee fd 68 34 90 4e 0e 26 52 e4 00 06 b6 5f b2 a2 d4 43 6a 19 27 29 14 48 d6 70 1a c6 b0 0a ad 61 09 cc b2 84 65 22 9b da c2 ef 26 33 69 11 47 59 76 cd 59 61 98 82 2e 59 c3 06 24 ec 73 94 5f b5 ae 77 42 21 35 b9 97 65 4a d5 f5 72 94 64 00 7e 3b 66 63 9e b2 d8 f7 90 c9 fb 39 cb c6 5e 9c 8d 16 33 98 81 20 9e 40 50 74 f0 5b d5 ac 23 0a 8f d3 68 98 b0 b8 59 6f 06 99 4d 15 b6 4e 3f 97 bb 09 da 01 c7 44 53 67 4d 11 92 b4 63 8e 85 69 e5 7d 76 cb f2 23 88 61 02 e1 fc 79 f1 33 1b fe cd 0a 27 98 d2 a6 20 aa 20
Source: global traffic HTTP traffic detected: GET /detect/plugin_detect.js?guid=90cbd26866&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: tslp.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.corp-internal.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /ae90cbd9826866b7?l=8 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /assets/all.js?g=90cbd26866 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20browser_version%20%3D%20117&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20os%20%3D%20Windows&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20os_version%20%3D%2010&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /secure/browser_post HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20browser_version%20%3D%20117&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20java%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20flash%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20pdf%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20os%20%3D%20Windows&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20os_version%20%3D%2010&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20quicktime%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20RealPlayer%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20Silverlight%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=redirecting%20to%20%2Fload_training%3Fguid%3De390cbdd12686627%26correlation_id%3D3fac3af0-74a1-4072-a0f1-391c2d2ad2d0&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=browser_post_successful&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /load_training?guid=e390cbdd12686627&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://www.corp-internal.co/ae90cbd9826866b7?l=8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20java%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20flash%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20pdf%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20quicktime%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20RealPlayer%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20Silverlight%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=redirecting%20to%20%2Fload_training%3Fguid%3De390cbdd12686627%26correlation_id%3D3fac3af0-74a1-4072-a0f1-391c2d2ad2d0&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=browser_post_successful&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /trace?id=90cbd26866&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.corp-internal.co/load_training?guid=e390cbdd12686627&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.corp-internal.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: EXFILGUID=90cbd26866; link_clicked_90cbd26866=1
Source: global traffic DNS traffic detected: DNS query: www.corp-internal.co
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: _49153._https.www.corp-internal.co
Source: global traffic DNS traffic detected: DNS query: tslp.s3.amazonaws.com
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714047866016&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 12:24:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingX-Request-Id: af743820-06dc-48c3-9150-917e4762c7abX-Runtime: 0.000906X-Host-Info: lw-prod-eu-i-06164ae2ecae76ca0X-Host-Info: ; 7ab042967e623923e817fbc8931e097004f737c7Server: ThreatSim-Web-ServerContent-Encoding: gzipData Raw: 33 66 63 0d 0a 1f 8b 08 00 00 00 00 00 02 03 ad 56 51 4f e3 38 10 7e e7 57 cc e5 09 24 88 5b 60 25 c4 26 5d b1 85 3b 90 96 03 1d 3d ad f6 e9 e4 d8 a6 31 38 76 d6 9e 34 5b 9d ee bf df 38 69 69 59 c8 09 ed 6d 1f aa d8 99 19 7f 33 f3 7d e3 64 bf 9c df 4c 67 5f 6e 2f e0 72 76 fd 09 6e ff fc f8 e9 6a 0a c9 01 63 9f 8f a6 8c 9d cf ce fb 17 c7 e9 68 cc d8 c5 ef c9 4e 52 22 d6 a7 8c b5 6d 9b b6 47 a9 f3 73 36 fb 83 95 58 99 63 16 d0 6b 81 a9 44 99 4c 76 b2 b8 37 d9 01 fa 65 a5 e2 b2 7f ec 96 41 78 5d e3 a4 d5 56 ba 36 45 15 f0 af ca 49 05 39 a0 6f d4 fb 8c ad 0c 36 1e a8 d1 a8 cd 3a fe 66 a5 82 9a cf 15 08 6e ad 43 28 14 dc bb c6 ca 8d 13 fb ce 2b ab 14 72 88 f8 0f d4 d7 46 2f f2 64 ea 2c 2a 8b 07 b3 65 ad 12 10 fd 2a 4f 50 7d c3 2e a5 f7 20 4a ee 83 c2 bc 09 07 3c 08 ad 93 ed 34 70 69 14 20 f9 ae 5c 44 08 5b ef 3f de 9c 7f 81 bf 09 94 c5 53 38 a9 91 8d 0f 6b 84 85 f2 92 5b 0e ff 3c d9 5d 8e 9f ac c6 47 d1 ec dd eb 66 87 6f 09 76 76 6a b4 7d 24 4b e1 8c f3 a7 e0 95 7c f6 76 a1 83 46 da 7b 32 a8 b8 77 ce 6e d9 50 f5 63 5e ab ce b1 4d eb b2 c2 c9 e5 8b 2e 42 f0 22 4f 18 0f 54 a5 c0 f8 03 ff c6 8c 2e 02 7b f8 da 28 bf 64 e3 f4 24 1d ad 16 69 a5 6d fa 10 92 ed 92 3d f0 05 ef 03 45 ca ac 1b ff 7a 6c 63 c8 fb c3 3c 3f 1e 1d bf 21 c6 16 79 78 41 7d 6a b5 c4 32 4f de 8d 46 09 14 ce 4b e5 f3 84 1e 85 32 26 d4 5c 68 3b cf 93 f1 28 79 4e b2 0c fd f3 8d 7e 53 be dc ec 79 3e 7e fd c5 9b f8 fa 2c 12 a3 50 4f 1e 4b d7 00 f7 0a 8c 73 8f 84 93 fc 3c 54 7a 5e 22 94 7c a1 28 92 b2 d4 e8 ca 2d 94 dc a7 2d 09 1a 03 58 5e a9 48 5f 3b 8f bb e4 a1 03 a0 aa 6a e7 b9 d7 66 09 8d a5 b2 69 13 6b 93 0e 64 e3 07 d2 ac 87 b3 bc 35 8a 07 12 85 5f 02 96 31 43 63 1c e9 7c 7e 3a 90 e6 40 a8 ac 31 c3 67 64 46 4f ae f9 a3 82 d0 50 51 b0 e4 d8 9d f5 59 15 10 c9 0d 5c 4a af 42 00 a9 43 6d f8 92 d8 ae 6d 67 b1 7e 51 70 0f ee 3e 96 d5 43 e1 5d 1b 54 57 9d 50 13 17 c8 9a 5b 19 4b 5c 71 8c 4a 11 ce 7b 25 d0 2c d3 61 40 44 f9 ff 86 7b d5 9d 46 4d e2 a2 a4 98 58 d2 71 5d 6b 8b 25 08 a3 45 d7 56 0e 51 bb fb dd 1c e2 e2 45 52 a4 1e 4d 13 96 23 f5 12 1d 70 a3 7c 67 53 6d 4a d0 69 9f 42 6b fb 84 7a 93 c9 8f e0 cf d8 50 23 b2 f2 70 38 e5 cb d9 ec 16 2e bc 27 a4 24 56 38 80 5f 35 29 90 56 52 47 54 8e d8 11 25 d0 f1 3f cd 0a 3f 1c e9 8a 46 b2 b7 0a e9 a1 4f 44 d3 b0 ba 53 7e a1 85 0a b0 7b 75 75 b7 37 24 a0 c3 c9 cf a3 f5 4c 89 d2 6a c1 cd 33 1c bb 51 88 a1 a9 49 53 08 b5 f2 c1 59 ab cc de 4f a6 fa 6f 2e b6 3b a3 9b cb ab fb 7c 7d ff ce 1d 8d 53 e1 5d 70 f7 98 0a 57 b1 fb 36 76 9f 7d 88 ff 5a e6 27 e3 13 1a 66 d7 6b 13 b8 f5 4e 36 44 aa bb 15 dc 75 0d 33 c6 27 1d e3 09 7f cc 8c 58 d8 5d 9b 10 14 f7
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.54.200.130:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: classification engine Classification label: clean1.win@16/95@10/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2016,i,1715222104164893096,13145483760006011228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.corp-internal.co/ae90cbd9826866b7?l=8"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2016,i,1715222104164893096,13145483760006011228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431610 URL: http://www.corp-internal.co... Startdate: 25/04/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 9 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.5, 137, 443, 49153 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.9.104, 443, 49713, 49746 GOOGLEUS United States 10->17 19 34.248.78.201, 49153, 49722, 49723 AMAZON-02US United States 10->19 21 6 other IPs or domains 10->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.9.104
 www.google.com United States
15169 GOOGLEUS false
34.248.78.201
 unknown United States
16509 AMAZON-02US false
52.216.26.156
 s3-w.us-east-1.amazonaws.com United States
16509 AMAZON-02US false
52.213.98.16
 prod-lp-alb-323408969.eu-west-1.elb.amazonaws.com United States
16509 AMAZON-02US false

Private

IP
192.168.2.5

Contacted Domains

Name IP Active
s3-w.us-east-1.amazonaws.com 52.216.26.156 true
bg.microsoft.map.fastly.net 199.232.210.172 true
prod-lp-alb-323408969.eu-west-1.elb.amazonaws.com 52.213.98.16 true
www.google.com 142.250.9.104 true
fp2e7a.wpc.phicdn.net 192.229.211.108 true
tslp.s3.amazonaws.com unknown unknown
_49153._https.www.corp-internal.co unknown unknown
www.corp-internal.co unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20os_version%20%3D%2010&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=browser_post_successful&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20browser_version%20%3D%20117&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/secure/browser_post false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20os%20%3D%20Windows&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=Skipping%20flash%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=redirecting%20to%20%2Fload_training%3Fguid%3De390cbdd12686627%26correlation_id%3D3fac3af0-74a1-4072-a0f1-391c2d2ad2d0&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=Skipping%20pdf%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=Skipping%20java%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/trace?id=90cbd26866&msg=Skipping%20quicktime%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
  • Avira URL Cloud: safe
 unknown
http://www.corp-internal.co/load_training?guid=e390cbdd12686627&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
    		unknown
    http://www.corp-internal.co/trace?id=90cbd26866&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
    • Avira URL Cloud: safe
    		 unknown
    http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
    • Avira URL Cloud: safe
    		 unknown
    http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
    • Avira URL Cloud: safe
    		 unknown
    http://www.corp-internal.co/favicon.ico false
    • 2%, Virustotal, Browse
    • Avira URL Cloud: safe
    		 unknown
    http://www.corp-internal.co/ae90cbd9826866b7?l=8 false
      		unknown
      http://www.corp-internal.co/trace?id=90cbd26866&msg=Skipping%20Silverlight%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
      • Avira URL Cloud: safe
      		 unknown
      https://tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=90cbd26866&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
        		high
        http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
        • Avira URL Cloud: safe
        		 unknown
        http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
        • Avira URL Cloud: safe
        		 unknown
        http://www.corp-internal.co/assets/all.js?g=90cbd26866 false
        • Avira URL Cloud: safe
        		 unknown
        http://www.corp-internal.co/trace?id=90cbd26866&msg=Skipping%20RealPlayer%20detection&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
        • Avira URL Cloud: safe
        		 unknown
        http://www.corp-internal.co/assets/ajax/libs/jquery/1.9.1/jquery.min.js false
        • Avira URL Cloud: safe
        		 unknown
        http://www.corp-internal.co/trace?id=90cbd26866&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=3fac3af0-74a1-4072-a0f1-391c2d2ad2d0 false
        • Avira URL Cloud: safe
        		 unknown