Overview

URL login.micrasoft-office365.com/d260fff8e5131cb2?l=8
IP18.215.9.130
ASNAMAZON-AES
Location United States
Report completed2022-10-01 04:46:29 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (21)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-30 04:55:29 UTC 23.36.76.226
mnemonic passive DNS tslp.s3.amazonaws.com (14) 209358 2014-06-02 15:25:44 UTC 2022-09-30 18:26:03 UTC 52.216.249.236
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-09-30 04:55:27 UTC 142.250.74.3
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-10-01 01:41:12 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS login.micrasoft-office365.com (77) 0 2022-06-14 18:38:36 UTC 2022-10-01 04:46:03 UTC 52.20.28.170 Unknown ranking
mnemonic passive DNS java.com (1) 15670 2017-04-01 15:11:23 UTC 2022-09-30 18:26:03 UTC 96.6.16.111
mnemonic passive DNS js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-10-01 04:09:18 UTC 151.101.86.137
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-10-01 02:25:13 UTC 142.250.74.10
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-09-30 21:46:18 UTC 18.164.68.15
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-30 05:34:07 UTC 18.164.68.14
mnemonic passive DNS d2wy8f7a9ursnm.cloudfront.net (1) 0 2017-03-15 22:06:01 UTC 2022-09-30 22:58:39 UTC 18.165.196.229 Unknown ranking
mnemonic passive DNS www.java.com (1) 54045 2013-12-07 06:28:33 UTC 2022-09-30 18:25:50 UTC 96.6.16.111
mnemonic passive DNS ocsp.sca1b.amazontrust.com (5) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 18.165.196.18
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-30 05:12:28 UTC 100.20.30.105
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-01 04:02:08 UTC 34.120.237.76
mnemonic passive DNS ts-uploads.s3.amazonaws.com (1) 237596 2014-10-09 12:41:58 UTC 2022-09-30 18:25:52 UTC 52.216.249.236
mnemonic passive DNS bam.nr-data.net (5) 630 2015-02-10 00:06:27 UTC 2022-09-30 21:38:45 UTC 162.247.241.14
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-30 04:56:26 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-10-01 04:10:38 UTC 93.184.220.29
mnemonic passive DNS ajax.googleapis.com (1) 12905 2013-06-10 06:53:41 UTC 2022-10-01 01:13:53 UTC 216.58.211.10
mnemonic passive DNS d25q7gseii1o1q.cloudfront.net (1) 0 2016-11-08 17:01:01 UTC 2022-09-29 23:58:49 UTC 18.165.196.172 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 2 reports on IP: 18.215.9.130

Date UQ / IDS / BL URL IP
2022-10-01 04:46:29 +0000
0 - 0 - 0 login.micrasoft-office365.com/d260fff8e5131cb2?l=8 18.215.9.130
2022-09-30 18:26:00 +0000
0 - 0 - 0 etrade.tradeinternationai.com/95f5f4fac75b518 (...) 18.215.9.130

Last 5 reports on ASN: AMAZON-AES

Date UQ / IDS / BL URL IP
2022-12-01 13:51:00 +0000
0 - 0 - 5 curatedchannelinsights.com/cloudfactory-dc523 (...) 54.224.210.192
2022-12-01 13:42:54 +0000
17 - 0 - 2 broadleaf-zesty-condorraptor.glitch.me/tesoju.HTML 54.209.182.143
2022-12-01 13:16:36 +0000
0 - 0 - 2 crystal-sky-soul.glitch.me/?id%5C=3mail@slurp (...) 44.196.165.201
2022-12-01 13:07:12 +0000
0 - 0 - 1 icuba.me/contacts 52.72.49.79
2022-12-01 13:01:12 +0000
0 - 0 - 1 new.trlxcves01.com/t/clk 34.197.72.222

Last 1 reports on domain: micrasoft-office365.com

Date UQ / IDS / BL URL IP
2022-10-01 04:46:29 +0000
0 - 0 - 0 login.micrasoft-office365.com/d260fff8e5131cb2?l=8 18.215.9.130

No other reports with similar screenshot



JavaScript

Executed Scripts (28)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (137)


Request Response
                                        
                                            GET /d260fff8e5131cb2?l=8 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 01 Oct 2022 04:46:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
ETag: W/"03b9a0e002541d77722d4a931f152a3f"
Cache-Control: max-age=0, private, must-revalidate
Set-Cookie: EXFILGUID=60fff5131c; path=/ link_clicked_60fff5131c=1; path=/
X-Request-Id: a7707cdc-dbd8-4f39-a32c-dbd2d9ab25b3
X-Runtime: 0.015428
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (31070)
Size:   11889
Md5:    5d7e28a6b8b84b829e8f5c1ea617e504
Sha1:   5fb490c5260ed726c491573760ef343935dadea7
Sha256: 71eed74de7c5bba02393b488e69b4e3045d80ebc9a0fcbde39be3c106b853b57
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.15
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 04:02:25 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f138cee49761f5f7e3b88ec7b66614ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: KFdeJQrqCIreQDxV9p8iwhlhWkDt-X26Yk7ETSYhMEX4FTe-cLnG4w==
Age: 2633


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12869
Expires: Sat, 01 Oct 2022 08:20:47 GMT
Date: Sat, 01 Oct 2022 04:46:18 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.14
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 03:33:18 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 c3941d2249641ec51690205d7b1084ac.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: PZtpsm-k7X6GQFOpV8xvW_KUg8G3450ftTu4c7Gk2OpZ7lfTXrmOew==
age: 4382
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 01 Oct 2022 04:46:18 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4834
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 04:46:18 GMT
Last-Modified: Sat, 01 Oct 2022 03:25:44 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /bugsnag-2.min.js HTTP/1.1 
Host: d2wy8f7a9ursnm.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive

                                         
                                         18.165.196.229
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 2962
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2016 00:30:49 GMT
Content-Encoding: gzip
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 29 Sep 2022 05:57:53 GMT
Cache-Control: public, max-age=604800
ETag: "6103bb5e4ec6141e19e1100caafc780c"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04bb33465149b34afca4988622dca584.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: rBNtIh0HMiMc2YcAjm1cWLUfNOjZVBk_bhfhwHiKrU4XHxyfZL7lig==
Age: 168506


--- Additional Info ---
Magic:  ASCII text, with very long lines (6636), with no line terminators
Size:   2962
Md5:    6103bb5e4ec6141e19e1100caafc780c
Sha1:   1396838ef637042cbf702f6b5fdcd0281d93feb9
Sha256: ccba3500aa323de51765587835fcd4842d46e4e2384e5cfd067506d0b6fc8a78
                                        
                                            GET /js/deployJava.js HTTP/1.1 
Host: java.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         96.6.16.111
HTTP/2 302 Found
                                        
server: AkamaiGHost
content-length: 0
location: https://www.java.com/js/deployJava.js
cache-control: max-age=86400
expires: Sun, 02 Oct 2022 04:46:18 GMT
date: Sat, 01 Oct 2022 04:46:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
akamai-grn: 0.bc4d2417.1664599578.10df1563
set-cookie: akaalb_OCE_Failover=1664599638~op=JCOM_OCE:oceProdappJcomProdOrigin|~rv=15~m=oceProdappJcomProdOrigin:0|~os=2708f36cb43ca861e42dc0215e4669c5~id=7bad075f76f177ff5a2d5e74eacddcb6; path=/; Expires=Sat, 01 Oct 2022 04:47:18 GMT; Secure; SameSite=None
x-xss-protection: 1
X-Firefox-Spdy: h2

                                        
                                            GET /assets/all.js?g=60fff5131c HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 04:46:18 GMT
Content-Length: 7191
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 13:19:40 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Server: ThreatSim-Web-Server
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  ASCII text
Size:   7191
Md5:    db7c58fc21f4bbb0900fed3889f61df2
Sha1:   24047c64e0dbdbcc8eef175a42dc1911f7f8a6aa
Sha256: 5a1dcea95a97b018b93cc58089502fd2069d508c02088c0c6a49533fef91afb7
                                        
                                            GET /assets/ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 04:46:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 13:19:40 GMT
Vary: Accept-Encoding
Server: ThreatSim-Web-Server
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (32089)
Size:   32772
Md5:    1dca01c6231917aabe380a98f67dae36
Sha1:   c6c800587eadd27a45cd29ef6d05742182e1454c
Sha256: 47126bab74ac1fd0c429292dfde3face2f931752c30e527888763166088b451c
                                        
                                            GET /js/deployJava.js HTTP/1.1 
Host: www.java.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         96.6.16.111
HTTP/2 200 OK
content-type: application/javascript
                                        
content-disposition: attachment; filename="deployJava.js";filename*=UTF-8''deployJava.js
content-encoding: gzip
etag: D07B023847CD4DC5C4ED4AB4FC46AD47BDD6E99A0663:19
x-content-type-options: nosniff
x-oracle-dms-ecid: b53b70d7-8e10-469f-a56c-440abaee13cc-0469beae
x-oracle-dms-rid: 0
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
content-length: 5512
vary: Accept-Encoding
unused62: 8096267
cache-control: public, max-age=86400
expires: Sun, 02 Oct 2022 04:46:18 GMT
date: Sat, 01 Oct 2022 04:46:18 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=36
akamai-grn: 0.bc4d2417.1664599578.10df1572
set-cookie: akaalb_OCE_Failover=1664599638~op=JCOM_OCE:oceProdappJcomProdOrigin|~rv=47~m=oceProdappJcomProdOrigin:0|~os=2708f36cb43ca861e42dc0215e4669c5~id=b0dee084d0b727e280761b349ffd83e0; path=/; Expires=Sat, 01 Oct 2022 04:47:18 GMT; Secure; SameSite=None
x-xss-protection: 1
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (18444), with no line terminators
Size:   5512
Md5:    7f24f47af4c9617cb4d6f5642bf5938f
Sha1:   2b5514af68aeead50ee564396a4eae2997e54939
Sha256: 59ccf883b6624b37724c791977919c9116d1025c1a20def63f4fb8984d47b3e1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         18.165.196.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 04:46:18 GMT
Last-Modified: Sat, 01 Oct 2022 03:18:29 GMT
Server: ECS (nyb/1D24)
X-Cache: Miss from cloudfront
Via: 1.1 d1187be634e389e2e876be936bba8e74.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: GgGFYJ9u7k5t3cGbhc1mCiOb7MeVnwi5_HcZd_x_WzVQzMrjpNBgiA==
Age: 5269

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         18.165.196.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 04:46:18 GMT
Last-Modified: Sat, 01 Oct 2022 03:34:29 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 955b5f6b59fedae13d00dcc66f7085f2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: N6bPjuhV6lDpraGXXpNcR-_1NujtoXXJEnDkYg-Pm60LF0kLvBKlVA==
Age: 4309

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         18.165.196.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 04:46:18 GMT
Last-Modified: Sat, 01 Oct 2022 03:37:49 GMT
Server: ECS (nyb/1D19)
X-Cache: Miss from cloudfront
Via: 1.1 04bb33465149b34afca4988622dca584.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: CvyYha3qAgJ4DVAKtN7tE4NqLC_Bcm22vklQxyTBMuGcauAK4UXQ8Q==
Age: 4109

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         18.165.196.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 04:46:18 GMT
Last-Modified: Sat, 01 Oct 2022 03:34:29 GMT
Server: ECS (nyb/1D23)
X-Cache: Miss from cloudfront
Via: 1.1 cb9d66c261e91793be744f629d6e309e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ui1vj_yVl_fyZegoL9AnrIVqMXBAKUzdKZVZVwlZDilRJ0UZqxFO4A==
Age: 4309

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         18.165.196.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 04:46:18 GMT
Last-Modified: Sat, 01 Oct 2022 03:37:33 GMT
Server: ECS (nyb/1D14)
X-Cache: Miss from cloudfront
Via: 1.1 507372273c5029d1ae2439349f7f1458.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: fkowWDO5SaiD7fdZ4hZbjL4YIoQh-PnvCHCXIuEGeRNKCKa98x2eng==
Age: 4125

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.15
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 01 Oct 2022 04:33:04 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 01 Oct 2022 05:08:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c3ac810888cb46ee4166354c2171bcde.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: bDzTbZFIePGgvm0foxbLltNh6vD0c2nmjhVqd98KhrUo3BNcbxYZoA==
Age: 805


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /detect/flash.js?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: IA53+MMN6s7r978bSiQLKfNTJwjeGb3AXHgjkYR6bBSDzlXHM4z5ihxCUpzkCLYqbVoKeRl+x+o=
x-amz-request-id: FQ2GK3NB8N6YYWG5
Date: Sat, 01 Oct 2022 04:46:19 GMT
Last-Modified: Wed, 15 Feb 2017 03:54:01 GMT
ETag: "f9ad9a096894ba248e4a1f73e7eba1be"
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 6680


--- Additional Info ---
Magic:  ASCII text
Size:   6680
Md5:    f9ad9a096894ba248e4a1f73e7eba1be
Sha1:   f2449ce5f7a5c42ffdcc5f087a75b2513e73592c
Sha256: a26d01d5912459798481786640dc44fd7605d09f2f9e6dd24720205efcab6861
                                        
                                            GET /detect/realplayer.js?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: zusYqj4iAOUzJqx5WBYmXRx6FtVl9ZaNKIfjwe8ljXf82Fi4hM464qnsbtVyj8FVJXnHc535D9Y=
x-amz-request-id: FQ2GBSJQZ6ATFRQ4
Date: Sat, 01 Oct 2022 04:46:19 GMT
Last-Modified: Wed, 15 Feb 2017 14:45:02 GMT
ETag: "3d7be656672c16a34806c13388410325"
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 9775


--- Additional Info ---
Magic:  ASCII text
Size:   9775
Md5:    3d7be656672c16a34806c13388410325
Sha1:   c391646c980c60d75c35b33a974c97ae88114eef
Sha256: 88be902cc76b5ec1ec932b6ae93457b6b0ca69d7a36bfadefc2f24db225dc238
                                        
                                            GET /detect/quicktime.js?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: hpg8IYE+K/a9cu6yh94TzPXLN7Xb4ByYOyorSh1I+zo+YOkfYMASIxefuSqyusH1ogrHzCm9Fco=
x-amz-request-id: FQ2S7Z9QPAH1NCT0
Date: Sat, 01 Oct 2022 04:46:19 GMT
Last-Modified: Wed, 15 Feb 2017 14:41:05 GMT
ETag: "ee73f2f47d51116dc40b85a6b57eaf20"
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 6999


--- Additional Info ---
Magic:  ASCII text, with very long lines (322)
Size:   6999
Md5:    ee73f2f47d51116dc40b85a6b57eaf20
Sha1:   6c42011667bac1fa6c3272a11b510f22962d72a2
Sha256: 6ae53963f41133561c78b4332b564c01f551c471cd91d980436a9f5dacdd8f19
                                        
                                            GET /detect/plugin_detect.js?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: 2xhdAV1Kz0IHqnILx31+XO4manqSUE9tGK+g+3X8pN3LipI4pGPhBGb9GE58lrYKDLinMmGWgzU=
x-amz-request-id: FQ2PXP1GZC0M4D94
Date: Sat, 01 Oct 2022 04:46:19 GMT
Last-Modified: Wed, 15 Feb 2017 17:56:07 GMT
ETag: "00a513f07603df01e3b99be00f370754"
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 50085


--- Additional Info ---
Magic:  ASCII text, with very long lines (306)
Size:   50085
Md5:    00a513f07603df01e3b99be00f370754
Sha1:   f0c03b1c50f39c95075df687cd55f18861631526
Sha256: 4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a
                                        
                                            GET /detect/pdf.js?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: 6ofHg4gK7jaDCj0DAtvWg7oSqUgNGnGyz8wKlSMRrbbXyIByZ1fy0mzJkt9StdlzkPEuhQHIdvw=
x-amz-request-id: FQ2YGHC2K3R9S8WP
Date: Sat, 01 Oct 2022 04:46:19 GMT
Last-Modified: Wed, 15 Feb 2017 14:39:34 GMT
ETag: "0d5882d41c8b6e40059c8d9acbcf1518"
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 22855


--- Additional Info ---
Magic:  ASCII text
Size:   22855
Md5:    0d5882d41c8b6e40059c8d9acbcf1518
Sha1:   53103565f3c07416fc691583a43a91943dbf0809
Sha256: d9b7c6163477008469af64b211e2dbd4f4171b85b51e3714f11c99f9ba2c32f9
                                        
                                            GET /detect/java.js?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: n1ZTwxIvFfq8Ai3VSEjNyMLt5lTG2nulZIhcB972BB0FCtumXn3KNGZ0DCW4GCoDcp7BV+8xy7w=
x-amz-request-id: FQ2P2SY6M3S76H8X
Date: Sat, 01 Oct 2022 04:46:19 GMT
Last-Modified: Wed, 15 Feb 2017 14:38:28 GMT
ETag: "2bec0061039dc3fb25fc20aaf611d5b9"
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 50717


--- Additional Info ---
Magic:  ASCII text
Size:   50717
Md5:    2bec0061039dc3fb25fc20aaf611d5b9
Sha1:   dfc11b0662ac5950d309e2615e887032dd1dde0c
Sha256: 4805fc6abdad8075af2165e241b781c3073d4769ae725e4004bf79064acb5f24
                                        
                                            GET /detect/silverlight.js?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: omV98DryNyV6UIxHeWLCUU8El8LF68nrXR3vJqvD4Dt3vU3+mZ7W/FUPd3/2gH72MrkCCVW+wmU=
x-amz-request-id: JQ3MGXPKFCW9NJNM
Date: Sat, 01 Oct 2022 04:46:20 GMT
Last-Modified: Wed, 15 Feb 2017 18:00:03 GMT
ETag: "e6dd596d2bc204ea573b868b92028c26"
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 4234


--- Additional Info ---
Magic:  ASCII text
Size:   4234
Md5:    e6dd596d2bc204ea573b868b92028c26
Sha1:   fa58bba4c9a01b3764a881949a8423b773d8a338
Sha256: 0730a7e6770925fa4232096e4d9874514985ec791a63fe873f0e4e3cd7722381
                                        
                                            GET /detect/wmp.js?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
x-amz-id-2: qLobTcYUjd11R9qkCRkeC0+iAPUfB3pvp6t5p/toPBq1HmYiu04GnwmH2zAZaSgTnjY0OyR49YI=
x-amz-request-id: JQ3PDVDRNTWPB4YG
Date: Sat, 01 Oct 2022 04:46:20 GMT
Last-Modified: Wed, 15 Feb 2017 15:07:14 GMT
ETag: "ffd2cc77bb64d40beeb5d561fffe1f79"
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 5941


--- Additional Info ---
Magic:  ASCII text
Size:   5941
Md5:    ffd2cc77bb64d40beeb5d561fffe1f79
Sha1:   6cb535641677d27e4de591ceb3c4e2f408826e7d
Sha256: cdb16ca3ddd3cead71121799751fa80d3033375abcdbc5fc84d35fb82c7fc9de
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1646
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 04:46:19 GMT
Last-Modified: Sat, 01 Oct 2022 04:18:53 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 2f8627c8-10de-4d3f-9997-a2da1075ddb5
X-Runtime: 0.002534
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 8bfb7db8-aa32-4da8-ad9a-971bb59d2b69
X-Runtime: 0.002696
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 7c29938b-ca4c-41c4-be2c-7d39de534a2b
X-Runtime: 0.002589
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            POST /secure/browser_post HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
X-NewRelic-ID: XQ4GVVFACQAAU1dSDgQCVA==
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6Ijk4MTQ3IiwiYXAiOiIxMzA3NjEzMzY2IiwiaWQiOiJjNTc5ZWY5MDc0MzdjNThiIiwidHIiOiJmNzViNTZlZWMwOTE3NmQwYmVlNGZjYTdhNjU4ZWZmZSIsInRpIjoxNjY0NTk5NTc1Nzg3LCJ0ayI6IjE1MDY5MjQifX0=
traceparent: 00-f75b56eec09176d0bee4fca7a658effe-c579ef907437c58b-01
tracestate: 1506924@nr=0-1-98147-1307613366-c579ef907437c58b----1664599575787
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 1079
Origin: http://login.micrasoft-office365.com
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: image/gif; charset=utf-8
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Vary: Accept-Encoding, Accept
Cache-Control: no-cache
X-Request-Id: f163559c-b877-4a69-8efb-56b26f1dceef
X-Runtime: 0.007228
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 0a400295-8b52-44b0-87c7-eebdfde49814
X-Runtime: 0.003148
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 98d0609f-7265-499a-bc66-b274a4c2334c
X-Runtime: 0.002264
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 78727ec7-6cd7-42ae-a33a-a10bbafcb897
X-Runtime: 0.002703
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 81e6287a-b204-4168-9bc2-67c89e3da1df
X-Runtime: 0.003470
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: bc19f047-61af-457c-a58c-2ad6ea674b66
X-Runtime: 0.002618
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: r2w0db4LnA431f7S9rIG8A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         100.20.30.105
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GF7qRk3ADI0tl9WnRzdxAmhwHxg=

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 9e5d1f09-52e9-4719-88b8-6548410d1c4e
X-Runtime: 0.003566
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=Loading%20Java%20version%20from%20deployJava&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: f478b8c5-819a-4117-bd26-b80220095e1b
X-Runtime: 0.003275
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 49e68c0e-d0be-4ea2-8ae4-b636e33b0d79
X-Runtime: 0.002257
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=Loading%20Java%20version%20from%20pinlady&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: aa2c52d9-bcac-43b7-aeea-33e371457bc3
X-Runtime: 0.002195
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=java_version_pl%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: c58bad5b-a6d6-4630-8eeb-1246ceff8ae5
X-Runtime: 0.002319
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=java_version_jres%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 2038cd4f-fddb-4695-8afd-b601350bdaf3
X-Runtime: 0.002335
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=java_version%20%3D%20undefined&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 9cddfe81-eea3-49cb-b187-ea6f3af5e200
X-Runtime: 0.002601
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=Loading%20flash%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 963cecc7-f64e-4018-aae5-5abae6c67de4
X-Runtime: 0.003072
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=flash%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: a1a02c10-5c1b-4dc7-b410-496a2c16699d
X-Runtime: 0.003090
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=Could%20not%20find%20AdobeReader%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 85b534e2-5beb-4a86-a6e4-dcc1fca6a3de
X-Runtime: 0.003158
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=Loading%20pdf%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: e42a93d7-a63b-4ba4-863d-0ed46aa68d3d
X-Runtime: 0.002774
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=pdf%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 956e61ac-9e8d-4330-8afe-abc852dbcda4
X-Runtime: 0.002362
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=Loading%20quicktime%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: f82b096f-bd48-4f3e-905d-0200020b4450
X-Runtime: 0.002828
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=quicktime%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 4182d52d-e44c-4485-a4d7-d6f83c1e304e
X-Runtime: 0.001838
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=Loading%20Silverlight%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: ec6bcadc-27c2-4b0d-bcf4-82e3fcf3b3d0
X-Runtime: 0.002058
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=realplayer%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 5baee591-ceab-4a46-b645-8b6c9574aead
X-Runtime: 0.021535
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=Loading%20RealPlayer%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 6b1c283d-705f-452e-bc9a-e843b992f419
X-Runtime: 0.021890
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=silverlight%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 5ef48621-eee8-4c75-9f72-c55da18adb1d
X-Runtime: 0.002531
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=Loading%20WindowsMediaPlayer%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 2aa97fe6-3244-4629-8530-6e4a18ae7393
X-Runtime: 0.002243
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=wmp%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 93ec25b9-2bb7-4081-b5e8-ff5c13854999
X-Runtime: 0.002563
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=redirecting%20to%20%2Fload_training%3Fguid%3D5960ffff85131c80%26correlation_id%3Df0eb8f2c-be1a-4119-89f2-db7b40ea3249&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 61440e4f-f295-4415-bd4f-5fc67493d19c
X-Runtime: 0.002729
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=browser_post_successful&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 34af0f95-854d-4879-bf3f-190372b03633
X-Runtime: 0.002994
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=60fff5131c&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 75f0fed2-964b-409b-9c37-6475e6f74ae7
X-Runtime: 0.002054
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Sat, 01 Oct 2022 04:46:19 GMT
Content-Length: 0
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 13:19:40 GMT
ETag: "630776ec-0"
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

                                        
                                            GET /load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/d260fff8e5131cb2?l=8
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1
Upgrade-Insecure-Requests: 1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
ETag: W/"ae585a8209e2476ddad7b55a0315ef66"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: c3f8d978-ae3e-4823-a736-5ce589c8c173
X-Runtime: 0.014876
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31070)
Size:   14136
Md5:    45a47f24e23ec6846a8a58a77dd3ee8c
Sha1:   295b8201dbc064bb5956c8529b08375702837bb9
Sha256: 7016c5a485eb9bf47a7676475b9ca03fba0e23822fa0bfa988620a9eefca78d5
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/jquery/1.8.2/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33621
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 16:27:21 GMT
expires: Thu, 28 Sep 2023 16:27:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 217139
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65480)
Size:   33621
Md5:    b582b2eca79a750948dbb3777aeaaadb
Sha1:   bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f
Sha256: 04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82
                                        
                                            GET /assets/ajax/libs/jquery/1.11.0/jquery.min.js HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 13:19:40 GMT
Vary: Accept-Encoding
Server: ThreatSim-Web-Server
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (32341)
Size:   33357
Md5:    47fef3745452b8af6196adc0e73084f0
Sha1:   482da2d6a2499d3127eb3dc073bc80c530a047fd
Sha256: 416a096f0dce236c69c9376cb7571be669d610767262a9b940d3d34a34ee1058
                                        
                                            GET /assets/all.js?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Content-Length: 7191
Connection: keep-alive
Last-Modified: Thu, 25 Aug 2022 13:19:40 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Server: ThreatSim-Web-Server
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, public
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  ASCII text
Size:   7191
Md5:    db7c58fc21f4bbb0900fed3889f61df2
Sha1:   24047c64e0dbdbcc8eef175a42dc1911f7f8a6aa
Sha256: 5a1dcea95a97b018b93cc58089502fd2069d508c02088c0c6a49533fef91afb7
                                        
                                            GET /training/embedded/css/url.css HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/css
                                        
x-amz-id-2: zfQpIRpCPxljLoGmHsiB8Zbw2HvJwP/sV8rrhxb4SkRUgMFotnDJoGZ1XlI5W9/xDwG50Y27Tnk=
x-amz-request-id: CSAPXGMHQ8G2E9GC
Date: Sat, 01 Oct 2022 04:46:21 GMT
Last-Modified: Fri, 26 Aug 2022 14:07:46 GMT
ETag: "0560febf38cfe916ab8ffbee8ce4e9fc"
x-amz-server-side-encryption: AES256
x-amz-version-id: jWFW6Vb_IckPQFjf7Ej9_NT_HlQSyGGs
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 6367


--- Additional Info ---
Magic:  ASCII text, with very long lines (412)
Size:   6367
Md5:    0560febf38cfe916ab8ffbee8ce4e9fc
Sha1:   5e41bb9b576db52bcea94264b9929a286a20a0f4
Sha256: 18fd69a3bb1fc61221c8d6c3bbbd177c38a21d96392bf2b403ddd9969615cf22
                                        
                                            GET /training/teachable_moments/css/langdrop.css HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: text/css
                                        
x-amz-id-2: MTbaIS9X24fuL4KFCywtlIt8wCbmEsa3LOaoGQNNd+fqUVVpHXWFKM+CzoltoiWprI43su1WTt0=
x-amz-request-id: CSARD7K70A7R83TB
Date: Sat, 01 Oct 2022 04:46:21 GMT
Last-Modified: Fri, 26 Aug 2022 14:07:49 GMT
ETag: "bc7f970ad0f163bc72c9ae9aa09e1cde"
x-amz-server-side-encryption: AES256
x-amz-version-id: OhzuQr9n0bqd2zskiPVZjmnmHAmPcoAx
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 1713


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   1713
Md5:    bc7f970ad0f163bc72c9ae9aa09e1cde
Sha1:   bf67b0d0f3bb4038caf1021a692b6eb6024c3e02
Sha256: 5243766eedfcba70128c2931dbef8875f942b81e39002d80dc0110167d4ef742
                                        
                                            GET /languages/language.18071.js HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: unCp8ju5PGyJY+GsyTZ/hntiFMfMbmMKeOORfuJdXVA2vSql5mTTySbmyJBzsVHUA19WpXm3rNw=
x-amz-request-id: CSARD2MCYRA3Q6Q9
Date: Sat, 01 Oct 2022 04:46:21 GMT
Last-Modified: Fri, 26 Aug 2022 14:07:38 GMT
ETag: "8b9a9d305bd69c962b600c08f3c69edf"
x-amz-server-side-encryption: AES256
x-amz-version-id: U_kpSjDDW4npfowvZPZnd2_aKVkUaKPA
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 8207


--- Additional Info ---
Magic:  ASCII text
Size:   8207
Md5:    8b9a9d305bd69c962b600c08f3c69edf
Sha1:   9a907e240cdf81d8265c9fb1322cfe10ed027288
Sha256: 73f360f08e8c2a1719c098491e17d53cdaa98d246585bfd0285a2afad75c51a7
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets/js/training.js HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
x-amz-id-2: 5yTB8bLdhPN2sZbOcpb+AzCW6cvNA1GfuBQA1vhds6gakh3E1IW1YufawpqqOEEfJvBFpKXapew=
x-amz-request-id: CSAZYYQRRV6N2B8E
Date: Sat, 01 Oct 2022 04:46:21 GMT
Last-Modified: Fri, 26 Aug 2022 14:07:38 GMT
ETag: "029ab28ca3c245dc425e3f3f6599d480"
x-amz-server-side-encryption: AES256
x-amz-version-id: 6KvPBARKn9Wl5VW3Hl_LtK2bIq68QrGH
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 352


--- Additional Info ---
Magic:  ASCII text
Size:   352
Md5:    029ab28ca3c245dc425e3f3f6599d480
Sha1:   845057d3630d0a06e797a7049b3e9658d7650af1
Sha256: 8a1170223599205267c6ee3a3072855f1727461d9dd1066bb94f39180f963af9
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://login.micrasoft-office365.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 03:08:55 GMT
expires: Sun, 01 Oct 2023 03:08:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
age: 5845
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15230
Expires: Sat, 01 Oct 2022 09:00:10 GMT
Date: Sat, 01 Oct 2022 04:46:20 GMT
Connection: keep-alive

                                        
                                            GET /training/production/314/hooks-a3eab7.png HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tslp.s3.amazonaws.com/training/embedded/css/url.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: n44bfAbYE3De4Pca/WCJOehuB1uIaeAklEUd/oRdQDodgkCixc/dWQv/OsfKli6HV3u9VLqZlsU=
x-amz-request-id: CSANJBNGKNSK7J3E
Date: Sat, 01 Oct 2022 04:46:21 GMT
Last-Modified: Fri, 26 Aug 2022 14:07:48 GMT
ETag: "3e598c505586e70346fa62d104dd540f"
x-amz-server-side-encryption: AES256
x-amz-version-id: .YGCnRqbXkaDTSLNT7EWxvKvKu.lg1.r
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 5003


--- Additional Info ---
Magic:  PNG image data, 188 x 232, 8-bit/color RGBA, non-interlaced\012- data
Size:   5003
Md5:    3e598c505586e70346fa62d104dd540f
Sha1:   497e981085a062e5e4972635e775c740fb701ad1
Sha256: 7789f06bcf267ab54b9bc9c64ea04877c46aa141f67a21a501d908447fd95ebb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75296c6-86fa-46e7-b1f9-5afb645a7a08.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11252
x-amzn-requestid: 53406cae-6d5f-4700-ac5a-c26bb7762252
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPtTgEsHoAMF53w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633628e3-5a23515e02caea594e05e6a9;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 23:23:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sZ9hZoWRNQHI7VbLr5ygsJeXKr0OsnbSSas1v0O_vXKSEUK6canMKA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 16:23:58 GMT
age: 44542
etag: "feafba2465f9b352eef2a2dc57e7c52446ff2cc0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11252
Md5:    6d5dcd5bfb41659d9b347d19af17853b
Sha1:   feafba2465f9b352eef2a2dc57e7c52446ff2cc0
Sha256: 10904009b4b7b80c6931ea54981bc5ee51b5b71b5407da20e2d22962d9fab32e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a3fdfee-41fa-48e2-a92a-744050d16fbe.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13384
x-amzn-requestid: c643d8db-041f-4e98-888d-63375dde9721
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZM65TEujIAMFpmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63350b6e-232161f74a65138a122f7cf7;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 03:05:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0qGoRJUOZ5pSfaO1f7DWFB-oRI7zkyIFFfAcbOWNhy3p2EKCD1VdwA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 03:52:25 GMT
age: 3235
etag: "8b72969c2c5cff7c8200e8c8a4b3d504565a97fd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13384
Md5:    1d55a4b7e79062b396f5fd06b44cd637
Sha1:   8b72969c2c5cff7c8200e8c8a4b3d504565a97fd
Sha256: 338682591e594c0cf51fd671a43ff1b0d265b2713dc8504f05b00f93ddf5c57e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15230
Expires: Sat, 01 Oct 2022 09:00:10 GMT
Date: Sat, 01 Oct 2022 04:46:20 GMT
Connection: keep-alive

                                        
                                            GET /trace?id=undefined&msg=window.tracking_id%20is%20not%20set%2C%20let%27s%20get%20it&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 11ddf0da-a42f-42b3-ab75-39c589cd9833
X-Runtime: 0.002409
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=unknown&msg=get-id%20is%20undefined&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: a14da31c-1eea-4430-a8f0-e390535d0537
X-Runtime: 0.003880
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=unknown&msg=did%20not%20find%20guid%20in%20last%20part%20of%20location&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 12b13826-33ca-4ac5-865e-4551cf5a2076
X-Runtime: 0.003977
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F979b163e-e6cb-49a1-a2a2-de55e3c86685.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6655
x-amzn-requestid: ade9e38b-a622-4ec5-b8be-29d4ba80d883
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZP6jHGNioAMFVbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63363e13-02fb28271686b4c97d95bde3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 00:53:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wwTf6va45g9yXUUnmddByF22fmAQCX6ZVK6PwpElVK41tesFsq0mlA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 13:43:10 GMT
age: 54190
etag: "bb9a3611d2eb51e0eef79106f1497e3f460a03cb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6655
Md5:    72a92d7de4dd5ccce4cdf54dd132b948
Sha1:   bb9a3611d2eb51e0eef79106f1497e3f460a03cb
Sha256: 7654b1824c07d1c121e288c19ea587eff25579333a783978bc73dc37cc9b35a4
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15230
Expires: Sat, 01 Oct 2022 09:00:10 GMT
Date: Sat, 01 Oct 2022 04:46:20 GMT
Connection: keep-alive

                                        
                                            GET /training_screenshot?guid=60fff5131c&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1
Upgrade-Insecure-Requests: 1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
ETag: W/"6f7d6b3a08916ecb9893aa65f26cb0a2"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 50b12ed6-301b-4411-8896-a6bcbc95bbcc
X-Runtime: 0.005868
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31070)
Size:   12255
Md5:    fd16dd569dfc64a796154cdf91df383a
Sha1:   6f8666c62a2a54f82cc8385b96b6c181c4ad6d60
Sha256: 1bb9d8ef37dad8ddbe3db3dde49fb24b711093b3147565009c27e36b07aa28c4
                                        
                                            GET /log?id=60fff5131c&campaign_guid=a53f3209ef&msg=Loading%20embedded%20html HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: image/gif; charset=utf-8
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: f2f3ef1a-696c-43e7-8ad3-1d71eaa2478b
X-Runtime: 0.002127
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6315
x-amzn-requestid: f0791b53-3c5f-4d94-954d-992a529ebb60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPnunF35oAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63361ff6-2adb303349153ced73ccecf6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 22:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RGS_T9Cwl5Vjs_bxngHRomiYppE5fLe0SnH19VEfc5-PCT5tb5ku1A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 04:40:52 GMT
age: 328
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6315
Md5:    206fb65e75dbadf119512f71e0b78402
Sha1:   58ff0bf8ce7528b303d28bab01a80ad721705569
Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: b50c238e-8847-4363-b03d-cd70f1a791f7
X-Runtime: 0.002654
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15230
Expires: Sat, 01 Oct 2022 09:00:10 GMT
Date: Sat, 01 Oct 2022 04:46:20 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15230
Expires: Sat, 01 Oct 2022 09:00:10 GMT
Date: Sat, 01 Oct 2022 04:46:20 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7a423b5-e320-4013-8cd9-2455b244e410.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3069
x-amzn-requestid: 957bbcc7-0ce0-42b6-bec6-588f9e1c6369
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCH6DoAMFaHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-5a514967208e92343e0f3778;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tnGcmRZcp0_ckYfYvD37C_1Vswk5FoLIhno4dWw39OJ3fqmhIMss2Q==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:15:59 GMT
age: 23421
etag: "069a451b50182aed754301cbc2eb776abe469a52"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3069
Md5:    e22123802c6c1a89ff2b12b8ebb4478a
Sha1:   069a451b50182aed754301cbc2eb776abe469a52
Sha256: 4edccb57b366cf6460219d86ea13dd54cb0bcf3581604a5139859bf809df2b13
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8299
x-amzn-requestid: 91eed6b6-632f-472b-93d7-4192425fcdfd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF0SoAMFWgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-17bb04894cc786555d693ec3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8JvNUZRyYeZjd4ZxOrGMCbJxVf46NRhiHXsFvCAZn2QeUkdCzKoYbw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:15:58 GMT
age: 23422
etag: "2df7db53629c7adda2c0a4dfe9c17791b73a75e1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8299
Md5:    0d31a422078d02bda318c693c05a58dc
Sha1:   2df7db53629c7adda2c0a4dfe9c17791b73a75e1
Sha256: a07fe4e135b52da6dfa9d8a55684f0a3bf5f5ce52c4064c8ab37836a939902a9
                                        
                                            GET /log?id=60fff5131c&campaign_guid=a53f3209ef&msg=embeddedhtmlemail%20id%20exists%20with%20environment%20%3D%20production HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: image/gif; charset=utf-8
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: ffa391b2-65cf-4293-8c37-3cd1e6ebc4eb
X-Runtime: 0.002661
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=Loading%20flash%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 88dca6e9-b6b1-4fd1-804d-439db3d3c114
X-Runtime: 0.002623
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=Loading%20RealPlayer%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 587cacde-799b-47f7-b919-74cb3fb4c1ad
X-Runtime: 0.002559
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /training/embedded/translations/url/en-us.json HTTP/1.1 
Host: tslp.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/
Origin: http://login.micrasoft-office365.com
Connection: keep-alive

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: application/json
                                        
x-amz-id-2: YHcvHxN0qW2hpem8APRgLjZzV7IHJFXn/ygE881Iqk3Ma1CM2UlR98QSWXDN/Za1JCLR5Jhb5fs=
x-amz-request-id: CSAT908ZSVXB3JYN
Date: Sat, 01 Oct 2022 04:46:21 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Thu, 28 Jul 2022 16:04:00 GMT
ETag: "5113dad20241201a33ab81b33233bd01"
x-amz-server-side-encryption: AES256
x-amz-version-id: xV8j7ipjt7r5IXF867C5WtwFqd2iPiM7
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 1895


--- Additional Info ---
Magic:  JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (464)
Size:   1895
Md5:    5113dad20241201a33ab81b33233bd01
Sha1:   d39173a84981b0bb8efd20d22040e1fd5edd831b
Sha256: 6029db4e8a8928f728f865f2cb26f295ec030e46f621f8296d3af91481e01c27
                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 50a1d744-ccdf-4885-a209-1b3d5628384a
X-Runtime: 0.002403
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /log?id=60fff5131c&campaign_guid=a53f3209ef&msg=logo_object%20does%20not%20exist HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: image/gif; charset=utf-8
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 68264d13-87b9-44a9-91dd-c28bfbef70e4
X-Runtime: 0.002784
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 947a8f54-a9db-4635-8ba9-46f6fe58e31e
X-Runtime: 0.002367
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: d8a0559f-034c-474b-ad5b-e7cb2a94bd21
X-Runtime: 0.002444
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20browser_version%20%3D%2096&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: cf12ced2-0e84-4b7b-a185-74230d009410
X-Runtime: 0.002811
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 56504abd-f86b-4a96-9ff5-1f3a3f273f1d
X-Runtime: 0.002068
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20os_version%20%3D%20&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 5a86f2bc-edec-439d-95a0-c8a94838aa68
X-Runtime: 0.004362
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: c102740a-818a-418e-8f76-2c3521df0cab
X-Runtime: 0.004182
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20width%20%3D%201280&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: fb5f5525-8431-4833-b3a9-d823c14cf975
X-Runtime: 0.002325
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 8e89eda5-bdd3-4b83-ad9f-01d3d323f402
X-Runtime: 0.002520
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=Loading%20Java%20version%20from%20pinlady&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 2fd63975-6c03-4e31-b067-d03922db80be
X-Runtime: 0.002379
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=BrowserDetect%20-%20height%20%3D%201024&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: f5bc2a0c-5a84-44b6-9187-5625ae147203
X-Runtime: 0.002119
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=Loading%20Java%20version%20from%20deployJava&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 97de349c-b35a-40da-b616-2a3778632a37
X-Runtime: 0.002329
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=java_version_pl%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: eb712230-792b-45ef-9171-212f85939ec7
X-Runtime: 0.002725
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=java_version%20%3D%20undefined&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 33d6dec3-174d-4fb4-9828-930bd084b306
X-Runtime: 0.001927
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=java_version_jres%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 4bd2e656-203c-42d6-ac40-07d4b5a7d25a
X-Runtime: 0.002130
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=Loading%20pdf%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 81df0ae1-8905-49d3-a02d-13c46ba8d353
X-Runtime: 0.002396
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /trace?id=5960ffff85131c80&msg=flash%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 8123c0a4-3b68-40a8-bdb7-18a7f666dea4
X-Runtime: 0.002336
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=pdf%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 511bf782-80be-4948-bf31-074ecc9ad3f9
X-Runtime: 0.003395
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=Could%20not%20find%20AdobeReader%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 03466182-686c-469b-8146-f5dd1ec6b85d
X-Runtime: 0.003189
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=quicktime%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 6b98caec-fdf7-4f9f-8a35-a796c01778d2
X-Runtime: 0.002461
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=Loading%20quicktime%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 3c7a1505-0f74-426c-a29b-11b567b215ad
X-Runtime: 0.002418
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=realplayer%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 5e3dd776-95ec-4f12-a79d-b88c3fadf56a
X-Runtime: 0.002349
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=Loading%20Silverlight%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 9e64cd3d-0e14-4247-a1f1-e63667b5d6a2
X-Runtime: 0.002520
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /training/production/1500/picture1-df1a84.jpg HTTP/1.1 
Host: ts-uploads.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.249.236
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
x-amz-id-2: Y31YlbVrIjzfiPUGiUBXODBFqPmtyIlWaXkgW9DSID8YYkicQny/MB6BibfpsgKWdymR2xNzGPk=
x-amz-request-id: F958GJKY6RASXDD6
Date: Sat, 01 Oct 2022 04:46:22 GMT
Last-Modified: Thu, 22 Sep 2022 13:39:42 GMT
ETag: "ea46cb288381f3cb54c5b1d732d7bb9d"
x-amz-server-side-encryption: AES256
x-amz-version-id: ZCcbKemKBpCelqKmtqPKI4H3f9AgRqhA
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 4127


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 251x93, components 3\012- data
Size:   4127
Md5:    ea46cb288381f3cb54c5b1d732d7bb9d
Sha1:   d4d3c8bf013c428d22a235983a5348fbaedd72f6
Sha256: b414c2bfb48bc69a8bae56a1b26923f63606205a133e324cd878f4777a85dae9
                                        
                                            GET /trace?id=5960ffff85131c80&msg=silverlight%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 9ea48516-4eb9-46ea-b6a0-71598f888537
X-Runtime: 0.002233
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=wmp%20%3D%20unknown&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: 0168b8b1-0673-43f6-b907-f018a21a5b10
X-Runtime: 0.002392
X-Host-Info: lw-prod-us-i-08b8680cf3c18b5b1, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=Loading%20WindowsMediaPlayer%20version&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: cdd66a01-fecc-4bb5-b73e-90f495184599
X-Runtime: 0.002087
X-Host-Info: lw-prod-us-i-0127738a57bfad526, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /trace?id=5960ffff85131c80&msg=redirect_url%20is%20undefined&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: fb3e84df-f0f3-4981-90dd-a30472db69f9
X-Runtime: 0.002334
X-Host-Info: lw-prod-us-i-0fd22a97a28557dff, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /nr-spa-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 01 Oct 2022 04:46:21 GMT
via: 1.1 varnish
x-served-by: cache-bma1682-BMA
x-cache: HIT
x-cache-hits: 1169
x-timer: S1664599581.354552,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32010)
Size:   18216
Md5:    6561a2403142205f966207d61576f1a6
Sha1:   1310e72f494e12ab63a4280fc1600a2c89dc9bb8
Sha256: 0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
                                        
                                            GET /trace?id=5960ffff85131c80&msg=training_page_no_browser_post&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249 HTTP/1.1 
Host: login.micrasoft-office365.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.micrasoft-office365.com/load_training?guid=5960ffff85131c80&correlation_id=f0eb8f2c-be1a-4119-89f2-db7b40ea3249
Connection: keep-alive
Cookie: EXFILGUID=60fff5131c; link_clicked_60fff5131c=1

                                         
                                         52.20.28.170
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-cache
X-Request-Id: db64f489-3601-41b2-8ec0-0e39255b5316
X-Runtime: 0.002199
X-Host-Info: lw-prod-us-i-036429de2146341a4, ; cb7b0591eac108ad07b079b0fa686194fe64ff8b
Server: ThreatSim-Web-Server
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4948
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 04:46:21 GMT
Last-Modified: Sat, 01 Oct 2022 03:23:53 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /1/4b7a74eb40?a=1307609552&v=1216.487a282&to=dVtXQkUKCFpTQxtNFlddV19ZAjteQlxYZgFbVVBaGBYMWUE%3D&rst=727&ck=1&ref=http://login.micrasoft-office365.com/training_screenshot&ap=6&be=135&fe=644&dc=144&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664599577246,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:1,%22c%22:1,%22ce%22:1,%22rq%22:15,%22rp%22:119,%22rpe%22:119,%22dl%22:124,%22di%22:143,%22ds%22:143,%22de%22:144,%22dc%22:642,%22l%22:642,%22le%22:646%7D,%22navigation%22:%7B%7D%7D&fcp=132&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75328dd7d81ffabc-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=55e41736688139f5; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   77
Md5:    f1442f5831dbbe0210da2d7a4180d6b8
Sha1:   2ade23c6c7a001c66f0c0a9a101ec152747b434e
Sha256: c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
                                        
                                            POST /events/1/4b7a74eb40?a=1307609552&v=1216.487a282&to=dVtXQkUKCFpTQxtNFlddV19ZAjteQlxYZgFbVVBaGBYMWUE%3D&rst=922&ck=1&ref=http://login.micrasoft-office365.com/training_screenshot HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
content-type: text/plain
Content-Length: 179
Origin: http://login.micrasoft-office365.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Content-Length: 24
Connection: keep-alive
CF-Ray: 75328dd8e873fabc-OSL
Access-Control-Allow-Origin: http://login.micrasoft-office365.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   24
Md5:    bc32ed98d624acb4008f986349a20d26
Sha1:   2d3df8c11d2168ce2c27e0937421d11d85016361
Sha256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
                                        
                                            GET /training/fish/mail.png HTTP/1.1 
Host: d25q7gseii1o1q.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tslp.s3.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.196.172
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 926
Connection: keep-alive
Last-Modified: Fri, 30 May 2014 15:01:28 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 01 Oct 2022 04:46:22 GMT
ETag: "3c506b80d78539262795c9ba59a0631a"
X-Cache: RefreshHit from cloudfront
Via: 1.1 04bb33465149b34afca4988622dca584.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: I5a6OWTrJc0RbMrltiaU93XZ3baCBdHihdV6fgWFu6MFp_ae2K-Uqg==


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   926
Md5:    3c506b80d78539262795c9ba59a0631a
Sha1:   0b7ef5bdeade81c3ffc8abc8ef8a17f7566a10f4
Sha256: a35de3a30e58bf477febca8b47225959f48fd384faf088a218d6bf2251f06cbe
                                        
                                            GET /1/4b7a74eb40?a=1307609552&v=1216.487a282&to=dVtXQkUKCFpTQxtNFlddV19ZAktFXl5D&rst=1603&ck=1&ref=http://login.micrasoft-office365.com/load_training&ap=15&be=139&fe=1581&dc=431&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664599576804,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22ce%22:0,%22rq%22:9,%22rp%22:120,%22rpe%22:120,%22dl%22:123,%22di%22:430,%22ds%22:430,%22de%22:463,%22dc%22:1581,%22l%22:1581,%22le%22:1582%7D,%22navigation%22:%7B%7D%7D&fcp=422&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sat, 01 Oct 2022 04:46:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75328dda78defabc-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=4c183cc2bbde2b6e; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   73
Md5:    814f8120cdf5a972bdb0fd5521a92a5d
Sha1:   47f7b3cd340d1fe91766ff27602e319a79bcd14c
Sha256: 5f520e553ae6a634e84b7c8c8d36908d2efa441d716834fd98c012c402b1c3c8
                                        
                                            POST /events/1/4b7a74eb40?a=1307609552&v=1216.487a282&to=dVtXQkUKCFpTQxtNFlddV19ZAktFXl5D&rst=1776&ck=1&ref=http://login.micrasoft-office365.com/load_training HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
content-type: text/plain
Content-Length: 286
Origin: http://login.micrasoft-office365.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sat, 01 Oct 2022 04:46:22 GMT
Content-Length: 24
Connection: keep-alive
CF-Ray: 75328ddb8c881c12-OSL
Access-Control-Allow-Origin: http://login.micrasoft-office365.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   24
Md5:    bc32ed98d624acb4008f986349a20d26
Sha1:   2d3df8c11d2168ce2c27e0937421d11d85016361
Sha256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
                                        
                                            POST /resources/1/4b7a74eb40?a=1307609552&v=1216.487a282&to=dVtXQkUKCFpTQxtNFlddV19ZAktFXl5D&rst=1764&ck=1&ref=http://login.micrasoft-office365.com/load_training&st=1664599576804 HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
content-type: text/plain
Content-Length: 1061
Origin: http://login.micrasoft-office365.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Sat, 01 Oct 2022 04:46:22 GMT
Content-Length: 36
Connection: keep-alive
CF-Ray: 75328ddb6930fabc-OSL
Access-Control-Allow-Origin: http://login.micrasoft-office365.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   36
Md5:    e0d6e776ffd630639490058eb6b07069
Sha1:   4d6f84ae872bb81a65172dfd534263a07de90d15
Sha256: d7bda5b797d8f369ba574f08cde90e5283b66e3ae42636205a092fdeaf493b03
                                        
                                            GET /css?family=Open+Sans:400,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://login.micrasoft-office365.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 01 Oct 2022 04:46:20 GMT
date: Sat, 01 Oct 2022 04:46:20 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---