Report - www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42

Report Overview

Submitted URL
www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42
IP
52.210.231.227
ASN
#16509 AMAZON-02
Submitted
2024-05-06 04:27:54
Access
public
Website Title
You've been Phished!
Final URL
www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-05	892 B	11 kB	142.250.74.74
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-05	444 B	94 kB	142.250.74.170
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-05	338 B	942 B	3.164.222.26
www.micrasoft-395office.com	unknown	2018-06-29	2019-05-09	2023-12-04	30 kB	218 kB	52.210.231.227
tslp.s3.amazonaws.com	209358	2005-08-18	2013-09-16	2024-02-08	2.4 kB	114 kB	52.216.56.137
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-05	1.6 kB	71 kB	142.250.74.131
ts-lp-eu.s3.amazonaws.com	unknown	unknown	2019-03-11	2022-09-27	469 B	6.1 kB	52.218.36.201
d25q7gseii1o1q.cloudfront.net	unknown	2008-04-25	2015-07-18	2024-04-15	2.4 kB	19 kB	143.204.42.177

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	76 B	2024-05-06	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-06 06:27:55 Last Seen2024-05-06 06:27:55 Times Seen1 Hash c55226d0c538d49faab959f510a518bd f8c669a0efa603c3daceabdf33d4173bdd7e6ef1 989250d3e540ac76a39fc02a7e31cc763e9e632274055f5ae348ebba6c2042b0 Loading...

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	33 B	2023-03-07	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 23:40:31 Last Seen2024-05-06 06:27:55 Times Seen59 Hash fd72869755dcb47bf3faba7ec3a75c5b 259f4b035d2560981123331422d65bca63c1f52b 3bdfdcb8ba03e889f78c369818fa399543c7f4f93ca2d8c09a8cd2db8e52aa3a Loading...

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	34 B	2023-03-07	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 23:40:31 Last Seen2024-05-06 06:27:55 Times Seen59 Hash 92f9b42564790d4a026995fb43c6e1f6 4f590c66f7518f09f9a82fe51f1575c583fa816a ee535cbe6802b32140e877171595ed49685b71bf81debfe93de6a42bfc726217 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js	93 kB	2023-03-07	2024-05-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12:05 Last Seen2024-05-18 20:31:34 Times Seen6395 Hash 0b6ecf17e30037994d3ffee51b525914 d09d3a99ed25d0f1fbe6856de9e14ffd33557256 f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729 Loading...

	tslp.s3.amazonaws.com/languages/language.18071.js	8.2 kB	2023-03-08	2024-05-08
Pretty URL tslp.s3.amazonaws.com/languages/language.18071.js IP 52.216.56.137 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:05:07 Last Seen2024-05-08 12:53:58 Times Seen45 Hash 8b9a9d305bd69c962b600c08f3c69edf 9a907e240cdf81d8265c9fb1322cfe10ed027288 73f360f08e8c2a1719c098491e17d53cdaa98d246585bfd0285a2afad75c51a7 Loading...

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	32 B	2023-03-07	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 23:40:31 Last Seen2024-05-06 06:27:55 Times Seen59 Hash e149c3d6252df2fed34066028347e296 d6529b916790e6d4ea035a63bd993d92fcbf2e85 afacc68b5c1dfe8c2b854923b4556b0090392348e05de75ee0200f7e7d7ce6ff Loading...

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	38 B	2023-03-07	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 23:40:31 Last Seen2024-05-06 06:27:55 Times Seen59 Hash f466c15081d7f19c968cf1f7ef1fc741 2118afb207a12da97fe66e0ea970ed431d84bfb9 c586bca21e1c55ca384dc198896df6d99a438a67e20c21a88db76eaa7622c1d0 Loading...

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	39 B	2023-03-07	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 23:40:31 Last Seen2024-05-06 06:27:55 Times Seen59 Hash 3edb839a93341bd03d3e249073420a45 bc4f12cdb7390d2270eb4c4a3e819ea07dd364a1 ac397a9ea18a741f1d534d591ce5dd79013833a3226c4858ff9b0a9282b971dd Loading...

	tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	50 kB	2023-03-07	2024-05-18
Pretty URL tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.216.56.137 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:34:53 Last Seen2024-05-18 23:13:49 Times Seen312 Hash 00a513f07603df01e3b99be00f370754 f0c03b1c50f39c95075df687cd55f18861631526 4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a Loading...

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	40 B	2023-03-07	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 23:40:31 Last Seen2024-05-06 06:27:55 Times Seen59 Hash a00e849745f22b50c529e3fed30a9f1e 3ec0b0683851840f2813b2cde77d9a56aeade091 6e20b9c5f65dc393c665ef26c43edd0629fa0f7e3544b95cd7c9918f680fe853 Loading...

	www.micrasoft-395office.com/assets/ajax/libs/jquery/1.11.0/jquery.min.js	96 kB	2023-03-07	2024-05-18
Pretty URL www.micrasoft-395office.com/assets/ajax/libs/jquery/1.11.0/jquery.min.js IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-05-18 23:13:50 Times Seen18963 Hash 8fc25e27d42774aeae6edbc0a18b72aa b66ed708717bf0b4a005a4d0113af8843ef3b8ff b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Loading...

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	32 B	2023-03-07	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 23:40:31 Last Seen2024-05-06 06:27:55 Times Seen59 Hash 5d88ecc7ba7865a272a0cb020115c77a cfb97d36f8fca4309b012d6aff997015a4e2dd7c 2033011fa42439d4d3f9a78037b3d42b84284449e4a4fb691505cd17cd27b93e Loading...

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	992 B	2024-05-06	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-06 06:27:55 Last Seen2024-05-06 06:27:55 Times Seen1 Hash 5c60fb46183d0e9736d3f3c0d678385c 3cee9fd5509448abcd8d282d1428331ab4c5f803 36a77aa1335f6a56621b13c07b97aede2bfd884bbfb061bad2a611a2f5188b24 Loading...

	unknown	46 B	2023-04-11	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:36:29 Last Seen2024-05-18 23:46:52 Times Seen6048 Hash 5c399557f73fcf0024f42259cf94ee17 d2f46cbd088e9b289e63cc23e2377462c6459e3f 254e737260e5ff4f6043abc4ab52ee1f9ea6e9eab066b5c7ac1665c4cf75692b Loading...

	www.micrasoft-395office.com/assets/all.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	28 kB	2023-03-07	2024-05-18
Pretty URL www.micrasoft-395office.com/assets/all.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:34:53 Last Seen2024-05-18 23:13:50 Times Seen559 Hash 097f74fc8f861ece148262a652ab806a 305ecb552c3ff6bd24b56333fab6e731eb81ed30 39b4614f1c87cf0cfd1bc3375642e95825cb2018e0318a36aad766ddb5a8cbe9 Loading...

	tslp.s3.amazonaws.com/assets/js/training.js	352 B	2023-03-07	2024-05-08
Pretty URL tslp.s3.amazonaws.com/assets/js/training.js IP 3.5.28.173 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:34:53 Last Seen2024-05-08 12:53:58 Times Seen70 Hash 029ab28ca3c245dc425e3f3f6599d480 845057d3630d0a06e797a7049b3e9658d7650af1 8a1170223599205267c6ee3a3072855f1727461d9dd1066bb94f39180f963af9 Loading...

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	121 B	2023-05-16	2024-05-06
Pretty URL www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-16 08:56:31 Last Seen2024-05-06 06:27:56 Times Seen2 Hash 59e17dbcf52e4c5c15c3355f7a4d9bf0 0ce7006cdd69628f4f04eb75c19e374b022fedfc dd0226427a5e3451744e48640c73cefaa70c9c999bc34393fcdd2144c5f0b478 Loading...

HTTP Transactions (62)

	URL	IP	Response	Size
	ocsp.r2m03.amazontrust.com/	3.164.222.26		471 B
URL ocsp.r2m03.amazontrust.com/ IP 3.164.222.26:0 ASN #0 File type data Size 471 B (471 bytes) Hash 827ba9ea1b79133f30dcec2b0a88a974 6a2ecdab0e1250c3709f96f2ac69cea35c93836a cda13a291fcef2270a12f4b2686cba5f1f209374b5491a9cdcd7c04ffc93b0c5 HTTP Headers `POST / HTTP/1.1 Host: ocsp.r2m03.amazontrust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Accept-Ranges: bytes Cache-Control: max-age=7200 Date: Mon, 06 May 2024 04:27:28 GMT Last-Modified: Mon, 06 May 2024 03:45:47 GMT Server: ECAcc (amb/6AC3) X-Cache: Miss from cloudfront Via: 1.1 79a8a1b412ce1417e50d9d69261c9066.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ARN53-P1 X-Amz-Cf-Id: WvxNcBulvPVyTNAO9brJ9bOxb3pxHIXmWVvpLaIFk67Kg3j1TRSTOg== Age: 2502`

	www.micrasoft-395office.com/assets/all.js?g=37cf237cfa	52.210.231.227		7.2 kB
URL www.micrasoft-395office.com/assets/all.js?g=37cf237cfa IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type JavaScript source, ASCII text Size 7.2 kB (7191 bytes) Hash 097f74fc8f861ece148262a652ab806a 305ecb552c3ff6bd24b56333fab6e731eb81ed30 39b4614f1c87cf0cfd1bc3375642e95825cb2018e0318a36aad766ddb5a8cbe9 HTTP Headers GET /assets/all.js?g=37cf237cfa HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK date: Mon, 06 May 2024 04:27:29 GMT content-type: application/javascript content-length: 7191 last-modified: Thu, 11 Apr 2024 12:55:27 GMT vary: Accept-Encoding content-encoding: gzip server: ThreatSim-Web-Server expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000, public access-control-allow-origin: * X-Firefox-Spdy: h2`

	tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.216.56.137	200 OK	50 kB
URL GET HTTP/1.1 tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.216.56.137:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.s3.amazonaws.com FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT File type JavaScript source, ASCII text, with very long lines (306) Size 50 kB (50085 bytes) Hash 00a513f07603df01e3b99be00f370754 f0c03b1c50f39c95075df687cd55f18861631526 4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a HTTP Headers `GET /detect/plugin_detect.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: tslp.s3.amazonaws.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK x-amz-id-2: jQ+7dcOHVG6o24DZrJiEl+Xr2uRaN22KoJZ43UCtV/zrcrM9/G6YRNXI9Y9J8tSQrn/yG7cOo+8= x-amz-request-id: 27BK9M953DD15YXW Date: Mon, 06 May 2024 04:27:30 GMT Last-Modified: Wed, 15 Feb 2017 17:56:07 GMT ETag: "00a513f07603df01e3b99be00f370754" x-amz-version-id: null Accept-Ranges: bytes Content-Type: text/javascript Server: AmazonS3 Content-Length: 50085`

	www.micrasoft-395office.com/favicon.ico	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/favicon.ico IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /favicon.ico HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK date: Mon, 06 May 2024 04:27:30 GMT content-type: image/x-icon content-length: 0 last-modified: Thu, 11 Apr 2024 12:55:27 GMT etag: "6617ddbf-0" server: ThreatSim-Web-Server access-control-allow-origin: * accept-ranges: bytes X-Firefox-Spdy: h2`

	www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227		523 B
URL www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type gzip compressed data, max compression, from Unix Size 523 B (523 bytes) Hash f332d3c79fb908a737b74a913eca70f7 7bc30a61ba764ae24629a9925c8a1d69e986fcf9 5767adb3b6e823e231c2cc2796a219b4c75c5bf10e18c9c96a3069540adf0296 HTTP Headers GET /trace?id=37cf237cfa&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:29 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 9eb25d4f-e210-4f8b-9700-6bb6082265ee x-runtime: 0.001919 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227		11 kB
URL www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type gzip compressed data, max compression, from Unix Size 11 kB (10580 bytes) Hash 3801c03d9a2ca4c05bb506464b1d8574 ca37f4b8c461bae797b4c71cb0a4710fb9dffbaa 9aa34e902ad8c47d2c67581f22066626909e1ec9af0afcbefe08a0b5eae8c884 HTTP Headers GET /trace?id=37cf237cfa&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:29 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 58c0d0f3-89a7-43ef-bf73-e458d9dd4eca x-runtime: 0.002341 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227		4.9 kB
URL www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type gzip compressed data, max compression, from Unix Size 4.9 kB (4870 bytes) Hash 5e57c660298a78cdbdbcd773f1fdd660 1a557b71faee9201de90f7f2795d6d95a1f74b79 6cf7536b6b9e9ee67c9a872e5d11e6975a7958357627ff997cda7cd44cbc9a94 HTTP Headers GET /trace?id=37cf237cfa&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:30 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 4bf4283a-d639-4637-b605-7f8ce4660dd6 x-runtime: 0.001747 x-host-info: lw-prod-eu-i-0630ecaca960f15d1, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227		9.3 kB
URL www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type gzip compressed data, max compression, from Unix Size 9.3 kB (9271 bytes) Hash 1d31b7f36cacbfa97e39bc05e7dde040 b64b09bdfddc9c592be01aa437e13d6f8469f689 d80c1e5b4404b5a35338e44da5103980b1497f811245880ceca929436d3187d8 HTTP Headers GET /trace?id=37cf237cfa&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:30 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: a13e8301-83cb-4c2d-a5c8-1bf5ea0f132c x-runtime: 0.001337 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227		7.2 kB
URL www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type JavaScript source, ASCII text Size 7.2 kB (7211 bytes) Hash 097f74fc8f861ece148262a652ab806a 305ecb552c3ff6bd24b56333fab6e731eb81ed30 39b4614f1c87cf0cfd1bc3375642e95825cb2018e0318a36aad766ddb5a8cbe9 HTTP Headers GET /trace?id=37cf237cfa&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:30 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 6968239d-75c7-4a0e-9a46-d14dbefa71fe x-runtime: 0.001470 x-host-info: lw-prod-eu-i-0630ecaca960f15d1, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/assets/ajax/libs/jquery/1.11.0/jquery.min.js	52.210.231.227	200 OK	34 kB
URL GET HTTP/2 www.micrasoft-395office.com/assets/ajax/libs/jquery/1.11.0/jquery.min.js IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type gzip compressed data, max compression, from Unix Size 34 kB (33828 bytes) Hash 74d05f2c144e746ec51ccc953012c06a 31021fa7f50c54c1fbc790181e44822842cacc35 6d3b24c7f6530116d5a8c85b21dd6ca1d2a69c0e57047b25fb36f6106177046a HTTP Headers GET /assets/ajax/libs/jquery/1.11.0/jquery.min.js HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: application/javascript last-modified: Thu, 11 Apr 2024 12:55:27 GMT vary: Accept-Encoding server: ThreatSim-Web-Server expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000, public access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2`

	www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227		34 kB
URL www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65480) Size 34 kB (33641 bytes) Hash 0b6ecf17e30037994d3ffee51b525914 d09d3a99ed25d0f1fbe6856de9e14ffd33557256 f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729 HTTP Headers GET /trace?id=37cf237cfa&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:30 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 6dd431b5-93da-4c14-9c43-08c00422066d x-runtime: 0.001757 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.216.56.137	200 OK	50 kB
URL GET HTTP/1.1 tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.216.56.137:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.s3.amazonaws.com FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT File type JavaScript source, ASCII text, with very long lines (306) Size 50 kB (50085 bytes) Hash 00a513f07603df01e3b99be00f370754 f0c03b1c50f39c95075df687cd55f18861631526 4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a HTTP Headers `GET /detect/plugin_detect.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: tslp.s3.amazonaws.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK x-amz-id-2: XR/6xVol8Q/Cm4+Ye2A/oNtO3uoB9mTBFpC1w4fqUpoWhOD5GYXxJOMiGgzr2nxt4N2METQTVaE= x-amz-request-id: G1R9ENHB7H5NRBNA Date: Mon, 06 May 2024 04:27:32 GMT Last-Modified: Wed, 15 Feb 2017 17:56:07 GMT ETag: "00a513f07603df01e3b99be00f370754" x-amz-version-id: null Accept-Ranges: bytes Content-Type: text/javascript Server: AmazonS3 Content-Length: 50085`

	www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227		491 B
URL www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type gzip compressed data, max compression, from Unix Size 491 B (491 bytes) Hash 756955758217989651aefd30a0e265fb 032d2daeb276bf5a4ab3b129b98ab03334987e2d 9cee702b3080abdbfbdff4b41c97c45a951873b492e212caef95e18213629af9 HTTP Headers GET /trace?id=37cf237cfa&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:30 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 6c19aeaf-8b1a-4fef-87fc-00d0235b6ce6 x-runtime: 0.001872 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	tslp.s3.amazonaws.com/languages/language.18071.js	52.216.56.137	200 OK	8.2 kB
URL GET HTTP/1.1 tslp.s3.amazonaws.com/languages/language.18071.js IP 52.216.56.137:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.s3.amazonaws.com FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT File type JavaScript source, ASCII text Size 8.2 kB (8207 bytes) Hash 8b9a9d305bd69c962b600c08f3c69edf 9a907e240cdf81d8265c9fb1322cfe10ed027288 73f360f08e8c2a1719c098491e17d53cdaa98d246585bfd0285a2afad75c51a7 HTTP Headers `GET /languages/language.18071.js HTTP/1.1 Host: tslp.s3.amazonaws.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK x-amz-id-2: VXwemDT+nVWFSTAegNWaHMDBhNAP58cW4ZCLO4wpTQCbd0uQryzm/qoaT2Nb/SA1eb2e/jjhiEY= x-amz-request-id: G1RA85BWZ2YQJNVK Date: Mon, 06 May 2024 04:27:32 GMT Last-Modified: Fri, 26 Aug 2022 14:07:38 GMT ETag: "8b9a9d305bd69c962b600c08f3c69edf" x-amz-server-side-encryption: AES256 x-amz-version-id: U_kpSjDDW4npfowvZPZnd2_aKVkUaKPA Accept-Ranges: bytes Content-Type: application/javascript Server: AmazonS3 Content-Length: 8207`

	fonts.gstatic.com/s/benchnine/v16/ahcbv8612zF4jxrwMosbUMl0.woff2	142.250.74.131	200 OK	20 kB
URL GET HTTP/2 fonts.gstatic.com/s/benchnine/v16/ahcbv8612zF4jxrwMosbUMl0.woff2 IP 142.250.74.131:443 ASN #15169 GOOGLE Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT File type Web Open Font Format (Version 2), TrueType, length 20196, version 1.0 Size 20 kB (20196 bytes) Hash d056bf3055437ed0bccae4176b65336e 9049f5482de61d9a66806a292701787d5524fb85 f60c3e8ac9f319f101cf1d20290469aba1eb7cdc63c64d092a02764beae55d9f HTTP Headers GET /s/benchnine/v16/ahcbv8612zF4jxrwMosbUMl0.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://www.micrasoft-395office.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 20196 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 02 May 2024 02:12:53 GMT expires: Fri, 02 May 2025 02:12:53 GMT cache-control: public, max-age=31536000 last-modified: Tue, 19 Apr 2022 19:06:50 GMT content-type: font/woff2 age: 353678 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227		372 B
URL www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type gzip compressed data, max compression, from Unix Size 372 B (372 bytes) Hash c95ff97d1024790d638e172045f09261 8397726ac08ce8a76558ec3346eb76e0e46a9445 b9f356324f87e13ba29600fdb96f695ea02edb425ef809fe81c1b9412f7b9871 HTTP Headers GET /trace?id=37cf237cfa&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:30 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: f95fb1c7-1edd-4b97-b6d9-5ebab59278d3 x-runtime: 0.001507 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	fonts.gstatic.com/s/benchnine/v16/ahcev8612zF4jxrwMosT6-xhgmy9.woff2	142.250.74.131	200 OK	20 kB
URL GET HTTP/2 fonts.gstatic.com/s/benchnine/v16/ahcev8612zF4jxrwMosT6-xhgmy9.woff2 IP 142.250.74.131:443 ASN #15169 GOOGLE Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT File type Web Open Font Format (Version 2), TrueType, length 20208, version 1.0 Size 20 kB (20208 bytes) Hash e7b92dfcb712afa964f20d6d6f208d94 33602bf4239f1b1f84960d1920030dae82bc6c9d c36dfd12461ec822d8b6cd3ee8c04082152a0631e830bd208523590a523598cd HTTP Headers GET /s/benchnine/v16/ahcev8612zF4jxrwMosT6-xhgmy9.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://www.micrasoft-395office.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 20208 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Fri, 03 May 2024 06:10:59 GMT expires: Sat, 03 May 2025 06:10:59 GMT cache-control: public, max-age=31536000 last-modified: Tue, 19 Apr 2022 19:07:04 GMT content-type: font/woff2 age: 252992 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227		28 kB
URL www.micrasoft-395office.com/trace?id=37cf237cfa&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:0 ASN #16509 AMAZON-02 File type gzip compressed data, max compression, from Unix Size 28 kB (28288 bytes) Hash dbd7c71f377765c9d2ee0bd140c0e916 611a026ebcc21774fc7a5067fffd544e0c7f65a4 3e9374228507f47fe92117f8a333c12cab360621edf9c08883ae70308246b313 HTTP Headers GET /trace?id=37cf237cfa&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:30 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: c8f4827d-c4bf-498d-8c5d-ed00978d4252 x-runtime: 0.002200 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	ts-lp-eu.s3.amazonaws.com/prod/758ded82-a15c-4/MTAzODItdmF.jpg	52.218.36.201	200 OK	5.7 kB
URL GET HTTP/1.1 ts-lp-eu.s3.amazonaws.com/prod/758ded82-a15c-4/MTAzODItdmF.jpg IP 52.218.36.201:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.s3.amazonaws.com FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT File type PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced Size 5.7 kB (5749 bytes) Hash aefda98c4815242aee603e822503c201 25f016da2702d8e4ef8c284e6d8ed801b448fc0d 7f2b22e225f1d79ed96a733955f2aae8670c33561a5aa8e02053ec50509aa83b HTTP Headers `GET /prod/758ded82-a15c-4/MTAzODItdmF.jpg HTTP/1.1 Host: ts-lp-eu.s3.amazonaws.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK x-amz-id-2: TtUjShVq5VJXk41ZOrT8u1TQkdzjYq1XF38/3Cc+jb+N9nZPhzC7oAxn3JhMMaWHdxDCsKWaM3M= x-amz-request-id: G1RCG9DP35VR0SSV Date: Mon, 06 May 2024 04:27:32 GMT Last-Modified: Tue, 23 Apr 2024 09:37:06 GMT ETag: "aefda98c4815242aee603e822503c201" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: image/png Server: AmazonS3 Content-Length: 5749`

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	20 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type gzip compressed data, max compression, from Unix Size 20 B (20 bytes) Hash 4a4dd3598707603b3f76a2378a4504aa a0fddd5458378c1bf3c10dd2f5c060d1347741ed f61f27bd17de546264aa58f40f3aafaac7021e0ef69c17f6b1b4cd7664a037ec HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 9df3f0b9-f038-4f10-b85b-f8eea7b72491 x-runtime: 0.001715 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	d25q7gseii1o1q.cloudfront.net/training/how_it_works/transfer-docs.png	143.204.42.177	200 OK	2.3 kB
URL GET HTTP/1.1 d25q7gseii1o1q.cloudfront.net/training/how_it_works/transfer-docs.png IP 143.204.42.177:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT File type PNG image data, 180 x 92, 8-bit/color RGBA, non-interlaced Size 2.3 kB (2274 bytes) Hash 0a86569f3b5f660cc111525c2d28454b 7d1594796dad9953efb6cd306757716166cdea39 18b4f27003cbeeeab9f2c44d80493b5dc689faff6cbbf96f6f7586584786922e HTTP Headers `GET /training/how_it_works/transfer-docs.png HTTP/1.1 Host: d25q7gseii1o1q.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: image/png Content-Length: 2274 Connection: keep-alive Date: Sun, 05 May 2024 17:29:52 GMT Last-Modified: Fri, 30 May 2014 19:21:22 GMT ETag: "0a86569f3b5f660cc111525c2d28454b" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: RnpHRHr7CpnWaxFlWY1Zv0e5CaVF3KNOYd1hCLqMgXO2zV3egPPkxg== Age: 39460`

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	3.3 kB
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type gzip compressed data, max compression, from Unix Size 3.3 kB (3261 bytes) Hash 94a0d36bc177c542fcc13d9318c2e48f 7604700c5f41765b9e918b3725f7f05bca2275bd cf5d73b8d6acfeca8b0cc9aef0a85e57099b4039b90884389a4ea691a88a2582 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 958b94b7-a878-4025-89ea-4dcbd3476a45 x-runtime: 0.001254 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	d25q7gseii1o1q.cloudfront.net/training/how_it_works/office-staff.png	143.204.42.177	200 OK	4.4 kB
URL GET HTTP/1.1 d25q7gseii1o1q.cloudfront.net/training/how_it_works/office-staff.png IP 143.204.42.177:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT File type PNG image data, 192 x 87, 8-bit/color RGBA, non-interlaced Size 4.4 kB (4373 bytes) Hash 6b3d39c6a48fa82a2dc10a9b91dd14f0 e205ff5957d673e712fbd28db90109b7135c33d9 67a2c3e319a6167b225580368016ae2a6a304aaee56f87121ae3b526c83ec817 HTTP Headers `GET /training/how_it_works/office-staff.png HTTP/1.1 Host: d25q7gseii1o1q.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: image/png Content-Length: 4373 Connection: keep-alive Date: Sun, 05 May 2024 19:44:39 GMT Last-Modified: Fri, 30 May 2014 19:21:22 GMT ETag: "6b3d39c6a48fa82a2dc10a9b91dd14f0" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: _zATtM8dNBkSQ2QCbvUGXuzhGNskvkfFj5EWLzfg0J92pjWDXjJ1jA== Age: 31372`

	www.micrasoft-395office.com/trace?id=unknown&msg=did%20not%20find%20guid%20in%20last%20part%20of%20location&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	4.3 kB
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=unknown&msg=did%20not%20find%20guid%20in%20last%20part%20of%20location&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type gzip compressed data, max compression, from Unix Size 4.3 kB (4334 bytes) Hash 33e22cdf36d95b1df50fe5e89aeb7e60 92d1b8a59f66959fbfd4db1f4f3e2d2f7cc0c7eb b811131b18fbc35999bc2aabcb752b3235e477f54d5357d60b7b646d6a314096 HTTP Headers GET /trace?id=unknown&msg=did%20not%20find%20guid%20in%20last%20part%20of%20location&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 164c3d2a-5bd4-4f07-a571-30cdc0c0c037 x-runtime: 0.001404 x-host-info: lw-prod-eu-i-0630ecaca960f15d1, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/log?id=37cf237cfa&campaign_guid=a30f5f4537&msg=logo_object%20exists	52.210.231.227	200 OK	2.1 kB
URL GET HTTP/2 www.micrasoft-395office.com/log?id=37cf237cfa&campaign_guid=a30f5f4537&msg=logo_object%20exists IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type gzip compressed data, max compression, from Unix Size 2.1 kB (2081 bytes) Hash 56946f7a2e434acc4cfedebee4a09ee4 11bd9d72259a05ac46d60dde18188dc92a1af1a0 2c4d9d4105246859a064d7b7297a4f36013cc756a2e172d42c83cba799b1dbf9 HTTP Headers GET /log?id=37cf237cfa&campaign_guid=a30f5f4537&msg=logo_object%20exists HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: image/gif; charset=utf-8 vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 55e7ac8e-e4c3-467b-97bf-5b2aeab09b33 x-runtime: 0.001804 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	3.0 kB
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type gzip compressed data, max compression, from Unix Size 3.0 kB (2983 bytes) Hash f7dfa5d3b8a81280d05ae897b5078930 b410b6e318edcef17bfd8692cd46e026f1a801c1 ebbd22b304474255aa42de6b3755caacd92f846423881a6b12426f20d2070777 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: c5c517e1-9ccb-461a-a388-d3ab1b24df79 x-runtime: 0.001256 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	fonts.googleapis.com/css?family=Amatic+SC	142.250.74.74	200 OK	8.2 kB
URL GET HTTP/2 fonts.googleapis.com/css?family=Amatic+SC IP 142.250.74.74:443 ASN #15169 GOOGLE Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT File type gzip compressed data, max compression Size 8.2 kB (8166 bytes) Hash 7e6ee24afd30d6b61c6ca5e4d74d3d86 b55b723572abebd747fdaf32e3ef7ce8ad23bb0a ea260b29d958f74eb59415050f2f1222569c7b899a853dc0bbd830d9b152edef HTTP Headers `GET /css?family=Amatic+SC HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Mon, 06 May 2024 04:27:31 GMT date: Mon, 06 May 2024 04:27:31 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=undefined&msg=window.tracking_id%20is%20not%20set%2C%20let%27s%20get%20it&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=undefined&msg=window.tracking_id%20is%20not%20set%2C%20let%27s%20get%20it&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=undefined&msg=window.tracking_id%20is%20not%20set%2C%20let%27s%20get%20it&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 3bab24f1-5d9a-43fa-b743-2585bc9c1c7c x-runtime: 0.001740 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=unknown&msg=get-id%20is%20undefined&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=unknown&msg=get-id%20is%20undefined&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=unknown&msg=get-id%20is%20undefined&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: b5e46a7b-42f4-44a5-9070-504bbc9ce9cb x-runtime: 0.001291 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20Silverlight%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20Silverlight%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=Skipping%20Silverlight%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: d3774020-0ff9-4cad-83ce-492886a65e41 x-runtime: 0.001671 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	fonts.googleapis.com/css?family=BenchNine:400,700	142.250.74.74	200 OK	1.5 kB
URL GET HTTP/2 fonts.googleapis.com/css?family=BenchNine:400,700 IP 142.250.74.74:443 ASN #15169 GOOGLE Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT File type ASCII text, with very long lines (1540), with no line terminators Size 1.5 kB (1508 bytes) Hash 836ca6e4178ced9464ae50df62e56b88 7b92e35e8333e244dcd694179bb90e0ea163e53a 3de168dfe16544918a32da428d7c6dfda5473bae14ace622ee92ccb9b6955be4 HTTP Headers `GET /css?family=BenchNine:400,700 HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Mon, 06 May 2024 04:27:31 GMT date: Mon, 06 May 2024 04:27:31 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.micrasoft-395office.com/assets/all.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	28 kB
URL GET HTTP/2 www.micrasoft-395office.com/assets/all.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type JavaScript source, ASCII text Size 28 kB (28406 bytes) Hash 097f74fc8f861ece148262a652ab806a 305ecb552c3ff6bd24b56333fab6e731eb81ed30 39b4614f1c87cf0cfd1bc3375642e95825cb2018e0318a36aad766ddb5a8cbe9 HTTP Headers GET /assets/all.js?guid=37cf237cfa&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: application/javascript content-length: 7191 last-modified: Thu, 11 Apr 2024 12:55:30 GMT vary: Accept-Encoding content-encoding: gzip server: ThreatSim-Web-Server expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000, public access-control-allow-origin: * X-Firefox-Spdy: h2`

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 6744ec7d-b207-425d-9221-291f6c01bdb4 x-runtime: 0.002625 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 02d5c7c8-135f-4c09-afa0-c532e2dd2f8b x-runtime: 0.001891 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	fonts.gstatic.com/s/amaticsc/v26/TUZyzwprpvBS1izr_vOECuSf.woff2	142.250.74.131	200 OK	28 kB
URL GET HTTP/2 fonts.gstatic.com/s/amaticsc/v26/TUZyzwprpvBS1izr_vOECuSf.woff2 IP 142.250.74.131:443 ASN #15169 GOOGLE Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT File type Web Open Font Format (Version 2), TrueType, length 28268, version 1.0 Size 28 kB (28268 bytes) Hash 984f3d0bafc2a066eeda8a0b64fe7a3c 79b1714ae47302c451d9150f648f3a4a622b3818 9ee1dd0b37fcea476e4142696cb034a466ad84101dff157b5dde311a02c8c35b HTTP Headers GET /s/amaticsc/v26/TUZyzwprpvBS1izr_vOECuSf.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://www.micrasoft-395office.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 28268 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 02 May 2024 17:30:24 GMT expires: Fri, 02 May 2025 17:30:24 GMT cache-control: public, max-age=31536000 age: 298627 last-modified: Thu, 24 Aug 2023 17:53:15 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 53d6184f-5d82-4282-97e9-c4b35161f63e x-runtime: 0.001585 x-host-info: lw-prod-eu-i-0630ecaca960f15d1, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 21056306-4ee6-459d-a4c4-210e354144ed x-runtime: 0.001317 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20Chromium%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 6fddd604-641b-4126-a63f-4bbd42a1878e x-runtime: 0.001921 x-host-info: lw-prod-eu-i-0630ecaca960f15d1, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20flash%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20flash%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=Skipping%20flash%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: ca74c406-308c-4c9f-b4a6-c31d0100fca3 x-runtime: 0.002218 x-host-info: lw-prod-eu-i-0630ecaca960f15d1, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	tslp.s3.amazonaws.com/languages/how_it_works/lang_en-US.json	52.216.56.137	200 OK	3.0 kB
URL GET HTTP/1.1 tslp.s3.amazonaws.com/languages/how_it_works/lang_en-US.json IP 52.216.56.137:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.s3.amazonaws.com FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT File type HTML document, ASCII text, with very long lines (3068), with no line terminators Size 3.0 kB (2963 bytes) Hash bcc605d72760e67dadb6d4275156b47d 58de9334cc340142d10b30a596aeebe901baf012 90dc84a87596fb3fc5a7aa7d7a043e4e2bcaa8768937e54e876c421cb9d49965 HTTP Headers GET /languages/how_it_works/lang_en-US.json HTTP/1.1 Host: tslp.s3.amazonaws.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ Origin: https://www.micrasoft-395office.com DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK x-amz-id-2: h9RRGYnBCnZnu+VW+OWFxBnW36lFpjygZcdn4xAMf5xKo7Se3+gHZYYfgasydE/3C0odl/0y4Io= x-amz-request-id: G1R9ZFH783FRYYH1 Date: Mon, 06 May 2024 04:27:32 GMT Access-Control-Allow-Origin: Access-Control-Allow-Methods: GET Access-Control-Max-Age: 3000 Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method Last-Modified: Wed, 26 Jul 2023 17:07:29 GMT ETag: "410c70bc4fab9e236733caec9ef0d9a8" x-amz-server-side-encryption: AES256 x-amz-version-id: o.034VYcJV8oaI8eLFe1aEeUDzhB3PF4 Accept-Ranges: bytes Content-Type: application/json Server: AmazonS3 Content-Length: 2963

	www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	15 kB
URL User Request GET HTTP/2 www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 15 kB (14773 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/Valentino/System/Update/1437cf22937cfa3d?l=42 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:30 GMT content-type: text/html; charset=utf-8 vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin etag: W/"bd9be615bb8cc5e5911067afa96e48f6" cache-control: max-age=0, private, must-revalidate x-request-id: c90b4e54-5d4e-4214-bdce-c0f9517e4c43 x-runtime: 0.013101 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 32a9a1c1-cd17-4abe-bd04-55c3b9fd6e68 x-runtime: 0.001360 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20WebKit%20built-in%20PDF&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 105dbd4a-1dbd-4812-b525-0afdda5fa30b x-runtime: 0.002076 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20Microsoft%20Edge%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: d5c98602-3494-4fa1-ab21-2b5af75ec25f x-runtime: 0.001763 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 62701081-2afc-45f0-ac00-8e8c23303f97 x-runtime: 0.001349 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 9e8be104-47ac-4e62-afd5-0765c86c6a7f x-runtime: 0.001329 x-host-info: lw-prod-eu-i-0630ecaca960f15d1, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 756c6880-6139-47b1-8242-68800cdc7214 x-runtime: 0.001411 x-host-info: lw-prod-eu-i-0630ecaca960f15d1, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	d25q7gseii1o1q.cloudfront.net/training/how_it_works/spy-email.png	143.204.42.177	200 OK	2.1 kB
URL GET HTTP/1.1 d25q7gseii1o1q.cloudfront.net/training/how_it_works/spy-email.png IP 143.204.42.177:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT File type PNG image data, 208 x 86, 8-bit colormap, non-interlaced Size 2.1 kB (2061 bytes) Hash ea2f9829972b7b49df6f3cfc6574ae6d 9ff42f567b78a3303b8322b297eed5128da44ce0 67b7dba0ebe8608d37fc33da66f771f34e5d05ccab76a898c99b7fba6f6fb9bf HTTP Headers `GET /training/how_it_works/spy-email.png HTTP/1.1 Host: d25q7gseii1o1q.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: image/png Content-Length: 2061 Connection: keep-alive Date: Mon, 06 May 2024 03:33:55 GMT Last-Modified: Fri, 30 May 2014 19:21:22 GMT ETag: "ea2f9829972b7b49df6f3cfc6574ae6d" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: 8VhLBQvsfnTl090javbi2XRGXzWDt5HYeSu_Plf5gnKdI39-9aH26Q== Age: 3217`

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: af7303c6-6575-4bb2-9e28-cad1a2af286f x-runtime: 0.001510 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	d25q7gseii1o1q.cloudfront.net/training/how_it_works/malware-mail.png	143.204.42.177	200 OK	3.2 kB
URL GET HTTP/1.1 d25q7gseii1o1q.cloudfront.net/training/how_it_works/malware-mail.png IP 143.204.42.177:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT File type PNG image data, 150 x 82, 8-bit/color RGBA, non-interlaced Size 3.2 kB (3241 bytes) Hash 85716f6eec7bf6efa199d97f34689f07 c88da4df88a2f51a71c9d0a69091f4e1cb7f5afa ea81675d3b35a515651b0d5610e71ce648c890049f47f1da087c1b872858623e HTTP Headers `GET /training/how_it_works/malware-mail.png HTTP/1.1 Host: d25q7gseii1o1q.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: image/png Content-Length: 3241 Connection: keep-alive Last-Modified: Fri, 30 May 2014 19:21:22 GMT Accept-Ranges: bytes Server: AmazonS3 Date: Sun, 05 May 2024 17:29:52 GMT ETag: "85716f6eec7bf6efa199d97f34689f07" X-Cache: Hit from cloudfront Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: IpelniNsKRsWsYf8e4Jh1eIBTv_hyGyk5nvl7qAqoR_53Nzf_oRqNg== Age: 39460`

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20pdf%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20pdf%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=Skipping%20pdf%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 6eb9fb5c-2e77-4cbd-931e-f351d903519b x-runtime: 0.001435 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20quicktime%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20quicktime%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=Skipping%20quicktime%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 4515d25d-26ee-460c-bbd5-7291812b124a x-runtime: 0.001238 x-host-info: lw-prod-eu-i-0630ecaca960f15d1, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	tslp.s3.amazonaws.com/assets/js/training.js	3.5.28.173	200 OK	352 B
URL GET HTTP/1.1 tslp.s3.amazonaws.com/assets/js/training.js IP 3.5.28.173:443 ASN #14618 AMAZON-AES Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.s3.amazonaws.com FingerprintDC:41:A6:3E:EE:32:6F:36:76:5A:EF:9D:17:AF:14:13:E3:05:C6:D1 ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 03 Jul 2024 23:59:59 GMT File type JavaScript source, ASCII text, with very long lines (365), with no line terminators Size 352 B (352 bytes) Hash 3c7f5fd60686b49523236de4cbb32d69 4e9835b68d0a734cfaba922ef4de9ca086d9e07d 42723a08247f31d6d95f1305aa683f1337fc697e129b3167b463951614639863 HTTP Headers `GET /assets/js/training.js HTTP/1.1 Host: tslp.s3.amazonaws.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK x-amz-id-2: HiiuB9i8tlCn+9qEa/UuM8x6Z3h4rRIwF4SvwMiJLFG3W8sw4rfYi3pRhIiiI46gwHo7xR2iCoFZTBRtHfFKlN5IB2l4vaON5Z6gxjSqmf8= x-amz-request-id: G1RED89KDQHZQ2G2 Date: Mon, 06 May 2024 04:27:32 GMT Last-Modified: Fri, 26 Aug 2022 14:07:38 GMT ETag: "029ab28ca3c245dc425e3f3f6599d480" x-amz-server-side-encryption: AES256 x-amz-version-id: 6KvPBARKn9Wl5VW3Hl_LtK2bIq68QrGH Accept-Ranges: bytes Content-Type: application/javascript Server: AmazonS3 Content-Length: 352`

	www.micrasoft-395office.com/log?id=37cf237cfa&campaign_guid=a30f5f4537&msg=window.account_logo%20is%20set%20to%20https%3A%2F%2Fts-lp-eu.s3.amazonaws.com%2Fprod%2F758ded82-a15c-4%2FMTAzODItdmF.jpg	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/log?id=37cf237cfa&campaign_guid=a30f5f4537&msg=window.account_logo%20is%20set%20to%20https%3A%2F%2Fts-lp-eu.s3.amazonaws.com%2Fprod%2F758ded82-a15c-4%2FMTAzODItdmF.jpg IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /log?id=37cf237cfa&campaign_guid=a30f5f4537&msg=window.account_logo%20is%20set%20to%20https%3A%2F%2Fts-lp-eu.s3.amazonaws.com%2Fprod%2F758ded82-a15c-4%2FMTAzODItdmF.jpg HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: image/gif; charset=utf-8 vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: fe52cf7e-4f39-4582-bea9-e939e6a0bfa6 x-runtime: 0.001985 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=Skipping%20WindowsMediaPlayer%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: ce4bf4fd-96e6-40da-a2fa-b0920868946a x-runtime: 0.001069 x-host-info: lw-prod-eu-i-0acc5e90dd72f7192, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	d25q7gseii1o1q.cloudfront.net/training/how_it_works/malware-infect.png	143.204.42.177	200 OK	4.3 kB
URL GET HTTP/1.1 d25q7gseii1o1q.cloudfront.net/training/how_it_works/malware-infect.png IP 143.204.42.177:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subject.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT File type PNG image data, 203 x 110, 8-bit/color RGBA, non-interlaced Size 4.3 kB (4314 bytes) Hash dc2be8899631a535000a52f7d86d4947 4d192245f72b4f2c82a07a338050baa1a40b82e7 b7bf0daa121bf5923d1d8ea3b97197248df7c71ae72cafc060a0963bbdb56d3e HTTP Headers `GET /training/how_it_works/malware-infect.png HTTP/1.1 Host: d25q7gseii1o1q.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: image/png Content-Length: 4314 Connection: keep-alive Date: Sun, 05 May 2024 19:44:39 GMT Last-Modified: Fri, 30 May 2014 19:21:21 GMT ETag: "dc2be8899631a535000a52f7d86d4947" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-C1 X-Amz-Cf-Id: x9ogyMgJn34HyQZHBe1ovVsaGGwl7y4ZZgehHvzVAcDSqG-B7R2_Zg== Age: 31372`

	ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js	142.250.74.170	200 OK	93 kB
URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js IP 142.250.74.170:443 ASN #15169 GOOGLE Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT File type Size 93 kB (93435 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /ajax/libs/jquery/1.8.2/jquery.min.js HTTP/1.1 Host: ajax.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers" report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} timing-allow-origin: * content-length: 33621 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 02 May 2024 20:42:51 GMT expires: Fri, 02 May 2025 20:42:51 GMT cache-control: public, max-age=31536000, stale-while-revalidate=2592000 last-modified: Tue, 03 Mar 2020 19:15:00 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding age: 287080 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=BrowserDetect%20-%20plugin%20Chrome%20PDF%20Viewer&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: e527b78b-6411-4510-a74c-cc78cea8ec6b x-runtime: 0.002026 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20RealPlayer%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20RealPlayer%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=Skipping%20RealPlayer%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: c6a5f9ac-4ea0-4597-baa3-7af39e9ee34a x-runtime: 0.001891 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=training_page_no_browser_post&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=training_page_no_browser_post&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=training_page_no_browser_post&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: 093d5642-53ca-4aa8-9359-d3f46ffe3eab x-runtime: 0.001604 x-host-info: lw-prod-eu-i-034fcb0b4e2cb4302, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=redirect_url%20is%20undefined&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=redirect_url%20is%20undefined&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=redirect_url%20is%20undefined&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: a3e3bac3-2ee5-4e99-914d-fb31f85ca7dc x-runtime: 0.001458 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

	www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20java%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4	52.210.231.227	200 OK	0 B
URL GET HTTP/2 www.micrasoft-395office.com/trace?id=6337cf22337cfaa2&msg=Skipping%20java%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 IP 52.210.231.227:443 ASN #16509 AMAZON-02 Requested by https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 Certificate IssuerAmazon Subjectinternalitsupport.net FingerprintFB:48:76:0A:4D:DF:9A:6C:82:EE:C7:69:2A:55:4E:62:A1:25:15:7C ValidityMon, 18 Mar 2024 00:00:00 GMT - Wed, 16 Apr 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /trace?id=6337cf22337cfaa2&msg=Skipping%20java%20detection&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 HTTP/1.1 Host: www.micrasoft-395office.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.micrasoft-395office.com/load_training?guid=6337cf22337cfaa2&correlation_id=8da2bd79-a9ed-4891-bee5-0817bb182df4 DNT: 1 Connection: keep-alive Cookie: EXFILGUID=37cf237cfa; link_clicked_37cf237cfa=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 06 May 2024 04:27:31 GMT content-type: text/html vary: Accept-Encoding x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin cache-control: no-cache x-request-id: b411f61e-41a3-43c3-b928-fd5a9acd06cd x-runtime: 0.001955 x-host-info: lw-prod-eu-i-06164ae2ecae76ca0, ; 7ab042967e623923e817fbc8931e097004f737c7 server: ThreatSim-Web-Server access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML