urlscan.io logo urlscan.io
SecurityTrails logo

qantas-group.com Open in urlscan Pro
103.4.213.81  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://marigoldbank-payments.com/44bf77a240?l=7
Effective URL: http://qantas-group.com/QA/qg.html
Submission: On June 30 via manual from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 5 countries across 11 domains to perform 62 HTTP transactions. The main IP is 103.4.213.81, located in Australia and belongs to OVERTHEWIRE-AS-AP Over The Wire Pty Ltd, AU. The main domain is qantas-group.com.
This is the only time qantas-group.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 52.62.125.11 16509 (AMAZON-02)
8 52.216.10.83 16509 (AMAZON-02)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 52.222.149.14 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
5 13.238.250.42 16509 (AMAZON-02)
5 103.4.213.81 9268 (OVERTHEWI...)
1 2a00:1450:400... 15169 (GOOGLE)
2 104.109.64.186 20940 (AKAMAI-ASN1)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
62 12
4    52.62.125.11 (Sydney, Australia)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-62-125-11.ap-southeast-2.compute.amazonaws.com
marigoldbank-payments.com
8    52.216.10.83 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com
tslp.s3.amazonaws.com
1    2a02:26f0:6c00:18d::196 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
java.com
1    52.222.149.14 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-149-14.fra53.r.cloudfront.net
d2wy8f7a9ursnm.cloudfront.net
1    2a00:1450:4001:81a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
5    2a00:1450:4001:818::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
5    13.238.250.42 (Sydney, Australia)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-238-250-42.ap-southeast-2.compute.amazonaws.com
dataentry.ap.threatsim.com
5    103.4.213.81 (Australia)

ASN9268 (OVERTHEWIRE-AS-AP Over The Wire Pty Ltd, AU)
PTR: spring.studiocoast.com.au
qantas-group.com
1    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
2    104.109.64.186 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-64-186.deploy.static.akamaitechnologies.com
use.edgefonts.net
1    2a02:26f0:6c00:19f::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
p.typekit.net
Domain Requested by
8 tslp.s3.amazonaws.com marigoldbank-payments.com
5 qantas-group.com marigoldbank-payments.com
qantas-group.com
5 dataentry.ap.threatsim.com ajax.googleapis.com
marigoldbank-payments.com
5 www.google-analytics.com marigoldbank-payments.com
www.googletagmanager.com
qantas-group.com
4 marigoldbank-payments.com marigoldbank-payments.com
2 use.edgefonts.net qantas-group.com
use.edgefonts.net
1 p.typekit.net qantas-group.com
1 www.googletagmanager.com qantas-group.com
1 ajax.googleapis.com marigoldbank-payments.com
1 d2wy8f7a9ursnm.cloudfront.net marigoldbank-payments.com
1 java.com marigoldbank-payments.com
62 11

This site contains no links.

Subject Issuer Validity Valid

1970-01-01 -
1970-01-01		 a few seconds crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2018-11-07 -
2020-02-07		 a year crt.sh
www.java.com
DigiCert ECC Extended Validation Server CA		 2018-02-21 -
2020-02-21		 2 years crt.sh
*.google-analytics.com
Google Internet Authority G3		 2019-06-11 -
2019-09-03		 3 months crt.sh
*.ap.threatsim.com
COMODO RSA Domain Validation Secure Server CA		 2018-05-11 -
2020-05-10		 2 years crt.sh
*.typekit.net
DigiCert SHA2 Secure Server CA		 2018-07-20 -
2020-01-03		 a year crt.sh

This page contains 1 frames:

Primary Page: http://qantas-group.com/QA/qg.html
Frame ID: DBBB5EB16A2A47AF722AFF51C4E4C8C0
Requests: 63 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://marigoldbank-payments.com/44bf77a240?l=7 Page URL
  2. http://qantas-group.com/QA/qg.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /ATS\/?([\d.]+)?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

62
Requests

35 %
HTTPS

45 %
IPv6

11
Domains

11
Subdomains

12
IPs

5
Countries

400 kB
Transfer

597 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://marigoldbank-payments.com/44bf77a240?l=7 Page URL
  2. http://qantas-group.com/QA/qg.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js
Request Chain 48
  • http://www.google-analytics.com/r/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=1&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1885493336&gjid=1515223245&cid=52658471.1561890833&tid=UA-83403-17&_gid=294025129.1561890833&_r=1&z=1396947918 HTTP 307
  • https://www.google-analytics.com/r/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=1&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1885493336&gjid=1515223245&cid=52658471.1561890833&tid=UA-83403-17&_gid=294025129.1561890833&_r=1&z=1396947918
Request Chain 49
  • http://www.google-analytics.com/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=2&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=52658471.1561890833&uid=44bf77a240&tid=UA-83403-17&_gid=294025129.1561890833&z=515900941 HTTP 307
  • https://www.google-analytics.com/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=2&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=52658471.1561890833&uid=44bf77a240&tid=UA-83403-17&_gid=294025129.1561890833&z=515900941

62 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set 44bf77a240
marigoldbank-payments.com/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Server
52.62.125.11 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-62-125-11.ap-southeast-2.compute.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
b4b4fdd1ffcaf47fbde1f6ba43fc04f853c98c17f5fbcfdce9c9238828b3f0c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
marigoldbank-payments.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=0, private, must-revalidate
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Sun, 30 Jun 2019 10:33:51 GMT
ETag
W/"b16331ff6b4230150b7e6b23ec8ddd7b"
Server
ThreatSim-Web-Server
Set-Cookie
EXFILGUID=44bf77a240; path=/ link_clicked_44bf77a240=1; path=/
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Host-Info
lw-prd-ap-i-010c3da8a52df8c82 ; dffc383c1c13270b269aced2e033d64e2b1c81a4
X-Request-Id
ecc13b04-b111-4512-802c-a02c5f4c0ea8
X-Runtime
0.122984
X-XSS-Protection
1; mode=block
Content-Length
949
Connection
keep-alive
alt_pixel_click_44bf77a240.gif
marigoldbank-payments.com/ 		0
652 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://marigoldbank-payments.com:49152/alt_pixel_click_44bf77a240.gif?correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
, ,
Server
52.62.125.11 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-62-125-11.ap-southeast-2.compute.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Runtime
0.199016
Date
Sun, 30 Jun 2019 10:33:52 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-ap-i-03b6b3597f71481c0, ; dffc383c1c13270b269aced2e033d64e2b1c81a4
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
ba6bc3a3-a3b7-4a3e-b388-4c1eb5c8e7b5
plugin_detect.js
tslp.s3.amazonaws.com/detect/ 		49 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=44bf77a240&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.10.83 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:52 GMT
Last-Modified
Wed, 15 Feb 2017 17:56:07 GMT
Server
AmazonS3
x-amz-request-id
1540D497D7BE4E6D
ETag
"00a513f07603df01e3b99be00f370754"
Content-Type
text/javascript
Content-Length
50085
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
qvVWutCHWpz6BD6g6IDtnAuh99IytUCenKSounftBSeeEm5TOSk/TL4BWNueG0NBARYnX3rIj2c=
java.js
tslp.s3.amazonaws.com/detect/ 		50 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tslp.s3.amazonaws.com/detect/java.js?guid=44bf77a240&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.10.83 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4805fc6abdad8075af2165e241b781c3073d4769ae725e4004bf79064acb5f24

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:52 GMT
Last-Modified
Wed, 15 Feb 2017 14:38:28 GMT
Server
AmazonS3
x-amz-request-id
9562A21D4D61DD67
ETag
"2bec0061039dc3fb25fc20aaf611d5b9"
Content-Type
text/javascript
Content-Length
50717
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
S5uFhc7GgBngiMTbnBelABf0j5Bhzoojz2l7+qGtFhxhFWDeU0ZtXHC19JL+5Z3zEbtsawbdMz0=
deployJava.js
java.com/js/ 		18 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://java.com/js/deployJava.js
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00:18d::196 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Oracle-HTTP-Server /
Resource Hash
358bb442f5d81ddc8e393d922458a9d84010efee2c346763ae87a45be92224d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 30 Jun 2019 10:33:52 GMT
x-content-type-options
nosniff
status
200
content-disposition
inline;filename=deployJava.js;filename*=UTF-8''deployJava.js
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
18444
x-xss-protection
1
mdt-type
abinary;charset=UTF-8
last-modified
Fri, 07 Jul 2017 23:29:07 GMT
server
Oracle-HTTP-Server
x-frame-options
SAMEORIGIN
x-oracle-dms-ecid
005Kza_yrKd9Tcw70Fm3UF0003QU009rYR
content-type
application/javascript
expires
Mon, 01 Jul 2019 10:33:52 GMT
cache-control
max-age=86400
x-oracle-dms-rid
0:1
flash.js
tslp.s3.amazonaws.com/detect/ 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tslp.s3.amazonaws.com/detect/flash.js?guid=44bf77a240&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.10.83 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
a26d01d5912459798481786640dc44fd7605d09f2f9e6dd24720205efcab6861

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:53 GMT
Last-Modified
Wed, 15 Feb 2017 03:54:01 GMT
Server
AmazonS3
x-amz-request-id
88FD620853ABB945
ETag
"f9ad9a096894ba248e4a1f73e7eba1be"
Content-Type
text/javascript
Content-Length
6680
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
8hsl+iwG4y4A8yE9j80VxbzDcNxusvGOFp+nB3I5ylS3hN74/qLihVXRRRG1F3BwLDFZBPxeA70=
pdf.js
tslp.s3.amazonaws.com/detect/ 		22 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tslp.s3.amazonaws.com/detect/pdf.js?guid=44bf77a240&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.10.83 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d9b7c6163477008469af64b211e2dbd4f4171b85b51e3714f11c99f9ba2c32f9

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:53 GMT
Last-Modified
Wed, 15 Feb 2017 14:39:34 GMT
Server
AmazonS3
x-amz-request-id
C2BB7B9C18BF1BCB
ETag
"0d5882d41c8b6e40059c8d9acbcf1518"
Content-Type
text/javascript
Content-Length
22855
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
WA7eBWakJ1Q7cuY/SXkGB6IfI2DEFJ30t2eH9h2I+M3SNqeLYomp0f6WyWp9uyomTEB0FxSORqc=
quicktime.js
tslp.s3.amazonaws.com/detect/ 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tslp.s3.amazonaws.com/detect/quicktime.js?guid=44bf77a240&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.10.83 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
6ae53963f41133561c78b4332b564c01f551c471cd91d980436a9f5dacdd8f19

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:53 GMT
Last-Modified
Wed, 15 Feb 2017 14:41:05 GMT
Server
AmazonS3
x-amz-request-id
A2B7877BD6CFF0B7
ETag
"ee73f2f47d51116dc40b85a6b57eaf20"
Content-Type
text/javascript
Content-Length
6999
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
vMGWqJtXv9fXTFGYhU/5ROrzad46xzlL0192m0N1IPQ3NT56ILa5FE63qweLdwGUqQUIc92qYNc=
realplayer.js
tslp.s3.amazonaws.com/detect/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tslp.s3.amazonaws.com/detect/realplayer.js?guid=44bf77a240&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.10.83 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
88be902cc76b5ec1ec932b6ae93457b6b0ca69d7a36bfadefc2f24db225dc238

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:53 GMT
Last-Modified
Wed, 15 Feb 2017 14:45:02 GMT
Server
AmazonS3
x-amz-request-id
67E8CB9CE3A6124D
ETag
"3d7be656672c16a34806c13388410325"
Content-Type
text/javascript
Content-Length
9775
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
cqOLbrwcjKhKodAUBCYO9ZXE8TjZjp8dPrmxEN8/6kn2UMC5rPII8eVXrLnBDawqgFo40A+Tkpk=
silverlight.js
tslp.s3.amazonaws.com/detect/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tslp.s3.amazonaws.com/detect/silverlight.js?guid=44bf77a240&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.10.83 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
0730a7e6770925fa4232096e4d9874514985ec791a63fe873f0e4e3cd7722381

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:53 GMT
Last-Modified
Wed, 15 Feb 2017 18:00:03 GMT
Server
AmazonS3
x-amz-request-id
2BEA2005393EFBCB
ETag
"e6dd596d2bc204ea573b868b92028c26"
Content-Type
text/javascript
Content-Length
4234
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
qQgkzdn78s2L/RLCdIIjgdQo9BtDzOeeNRvYjzQstzZm9ocOtw5sfvntEI08FSXyeazTFclWBKk=
wmp.js
tslp.s3.amazonaws.com/detect/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tslp.s3.amazonaws.com/detect/wmp.js?guid=44bf77a240&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.10.83 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
cdb16ca3ddd3cead71121799751fa80d3033375abcdbc5fc84d35fb82c7fc9de

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:53 GMT
Last-Modified
Wed, 15 Feb 2017 15:07:14 GMT
Server
AmazonS3
x-amz-request-id
716121FC672C87F5
ETag
"ffd2cc77bb64d40beeb5d561fffe1f79"
Content-Type
text/javascript
Content-Length
5941
Accept-Ranges
bytes
x-amz-version-id
null
x-amz-id-2
XdHTlM7DiFq0gsZLveG7k2jO8GMzF183INjvH1ire4uRKsmAwEc6OohSbugnlZaQ8a1xH5qdzVI=
bugsnag-2.min.js
d2wy8f7a9ursnm.cloudfront.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
, ,
Server
52.222.149.14 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-149-14.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 00:52:10 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Aug 2016 00:30:49 GMT
Server
AmazonS3
Age
34905
ETag
"6103bb5e4ec6141e19e1100caafc780c"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 36c13eeffcddf77ad33d7874b28e6168.cloudfront.net (CloudFront)
Cache-Control
public, max-age=604800
X-Amz-Cf-Pop
FRA53
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2962
X-Amz-Cf-Id
33f3-uv88mkMtW67dTmM7HjhPFrOXpTrD9KvD-9bdXVNINqL38Xvjw==
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ 		90 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
, ,
Server
2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 19 Jun 2019 18:27:49 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
921962
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
33018
X-XSS-Protection
0
Expires
Thu, 18 Jun 2020 18:27:49 GMT
google-tracking.js
marigoldbank-payments.com/assets/ 		455 B
707 B 		Script
General
Check archive.org
Download Go to
Full URL
http://marigoldbank-payments.com/assets/google-tracking.js?g=44bf77a240
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
, ,
Server
52.62.125.11 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-62-125-11.ap-southeast-2.compute.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
fce517e48a56b76d45fd456264b90c82aa6e9ddb578f9f36d844ace5816d9841

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:51 GMT
Content-Encoding
gzip
Last-Modified
Thu, 20 Jun 2019 20:27:12 GMT
Server
ThreatSim-Web-Server
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
keep-alive
Content-Length
316
Expires
Thu, 31 Dec 2037 23:55:55 GMT
all.js
marigoldbank-payments.com/assets/ 		28 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://marigoldbank-payments.com/assets/all.js?g=44bf77a240
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
, ,
Server
52.62.125.11 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-62-125-11.ap-southeast-2.compute.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
ef774b5afad3123585320f1a3a50431495853e3fc1aab3a2f707a7856ea59f4d

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:51 GMT
Content-Encoding
gzip
Last-Modified
Mon, 24 Jun 2019 18:26:01 GMT
Server
ThreatSim-Web-Server
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
keep-alive
Content-Length
7339
Expires
Thu, 31 Dec 2037 23:55:55 GMT
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 20 Jun 2019 21:35:04 GMT
server
Golfe2
age
6405
date
Sun, 30 Jun 2019 08:47:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
17707
expires
Sun, 30 Jun 2019 10:47:07 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
browser_post
dataentry.ap.threatsim.com/secure/ 		0
563 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dataentry.ap.threatsim.com/secure/browser_post
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.250.42 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-238-250-42.ap-southeast-2.compute.amazonaws.com
Software
ThreatSim-Web-Server /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
http://marigoldbank-payments.com/44bf77a240?l=7
Origin
http://marigoldbank-payments.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

X-Runtime
0.010974
Date
Sun, 30 Jun 2019 10:33:54 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
ThreatSim-Web-Server
X-Host-Info
lw-prd-ap-i-010c3da8a52df8c82, ; dffc383c1c13270b269aced2e033d64e2b1c81a4
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
X-XSS-Protection
1; mode=block
X-Request-Id
e7b51493-d253-4106-9987-1c08adbbd11a
trace
dataentry.ap.threatsim.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20localStorage%20%3D%20false&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.250.42 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-238-250-42.ap-southeast-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
trace
dataentry.ap.threatsim.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.250.42 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-238-250-42.ap-southeast-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
trace
dataentry.ap.threatsim.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.250.42 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-238-250-42.ap-southeast-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
trace
dataentry.ap.threatsim.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20browser%20%3D%20Chrome&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.238.250.42 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-13-238-250-42.ap-southeast-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
trace
dataentry.ap.threatsim.com/ 		0
0
collect
www.google-analytics.com/r/
Redirect Chain
  • http://www.google-analytics.com/r/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=1&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x120...
  • https://www.google-analytics.com/r/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=1&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x12...
35 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=1&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1885493336&gjid=1515223245&cid=52658471.1561890833&tid=UA-83403-17&_gid=294025129.1561890833&_r=1&z=1396947918
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Jun 2019 10:33:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/r/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=1&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1885493336&gjid=1515223245&cid=52658471.1561890833&tid=UA-83403-17&_gid=294025129.1561890833&_r=1&z=1396947918
Non-Authoritative-Reason
HSTS
collect
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=2&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&...
  • https://www.google-analytics.com/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=2&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200...
35 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=2&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=52658471.1561890833&uid=44bf77a240&tid=UA-83403-17&_gid=294025129.1561890833&z=515900941
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/44bf77a240?l=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://marigoldbank-payments.com/44bf77a240?l=7
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Jun 2019 09:30:10 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2509422
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/collect?v=1&_v=j77&a=1295290303&t=pageview&_s=2&dl=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=&gjid=&cid=52658471.1561890833&uid=44bf77a240&tid=UA-83403-17&_gid=294025129.1561890833&z=515900941
Non-Authoritative-Reason
HSTS
Primary Request qg.html
qantas-group.com/QA/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://qantas-group.com/QA/qg.html
Requested by
Host: marigoldbank-payments.com
URL: http://marigoldbank-payments.com/assets/all.js?g=44bf77a240
Protocol
HTTP/1.1
Server
103.4.213.81 , Australia, ASN9268 (OVERTHEWIRE-AS-AP Over The Wire Pty Ltd, AU),
Reverse DNS
spring.studiocoast.com.au
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
4e386753882defb126d743b59c9ae075daaf9ebed5212ed5edb7fc0fdfbe1999

Request headers

Host
qantas-group.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://marigoldbank-payments.com/44bf77a240?l=7
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://marigoldbank-payments.com/44bf77a240?l=7

Response headers

Content-Type
text/html
Content-Encoding
gzip
Last-Modified
Mon, 24 Jun 2019 01:48:08 GMT
Accept-Ranges
bytes
ETag
"0fc44df2e2ad51:0"
Vary
Accept-Encoding
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
Date
Sun, 30 Jun 2019 10:34:00 GMT
Content-Length
2238
trace
dataentry.ap.threatsim.com/ 		0
0
js
www.googletagmanager.com/gtag/ 		65 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-130663057-1
Requested by
Host: qantas-group.com
URL: http://qantas-group.com/QA/qg.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2fe48d09a000d755ce8069bffcbc5a2a2f76eb904acb6e150adeeaf2b54051a6
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 30 Jun 2019 10:33:56 GMT
content-encoding
br
last-modified
Sun, 30 Jun 2019 09:00:00 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
25542
x-xss-protection
0
expires
Sun, 30 Jun 2019 10:33:56 GMT
singlePageTemplate.css
qantas-group.com/css/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://qantas-group.com/css/singlePageTemplate.css
Requested by
Host: qantas-group.com
URL: http://qantas-group.com/QA/qg.html
Protocol
HTTP/1.1
Security
, ,
Server
103.4.213.81 , Australia, ASN9268 (OVERTHEWIRE-AS-AP Over The Wire Pty Ltd, AU),
Reverse DNS
spring.studiocoast.com.au
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
67e221b74a8f07033d5ff8a65657ff2e5d945ac6c7c855963772d12765656b23

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:34:00 GMT
Content-Encoding
gzip
ETag
"0a9b4f32228d51:0"
Last-Modified
Fri, 21 Jun 2019 11:17:46 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
1758
source-sans-pro:n2:default.js
use.edgefonts.net/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://use.edgefonts.net/source-sans-pro:n2:default.js
Requested by
Host: qantas-group.com
URL: http://qantas-group.com/QA/qg.html
Protocol
HTTP/1.1
Security
, ,
Server
104.109.64.186 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-64-186.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
08881e7d09f75f6a0a5d1218c8f4353e5a2e3ba7edcfe90fb34a84a3efad5f33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains;
Content-Encoding
gzip
Server
nginx
Date
Sun, 30 Jun 2019 10:33:55 GMT
Vary
Accept-Encoding
Content-Type
text/javascript;charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=86400
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
9206
Top_Banner_QA.png
qantas-group.com/QA/Images/ 		34 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://qantas-group.com/QA/Images/Top_Banner_QA.png
Requested by
Host: qantas-group.com
URL: http://qantas-group.com/QA/qg.html
Protocol
HTTP/1.1
Security
, ,
Server
103.4.213.81 , Australia, ASN9268 (OVERTHEWIRE-AS-AP Over The Wire Pty Ltd, AU),
Reverse DNS
spring.studiocoast.com.au
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
52e59b60b84228c2fa9798b1974e22bcfefcf358d7df7e07af482bfcc4e75f1f

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:34:00 GMT
ETag
"d98b8705727d51:0"
Last-Modified
Thu, 20 Jun 2019 11:00:58 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
35169
QA_Email.png
qantas-group.com/QA/Images/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://qantas-group.com/QA/Images/QA_Email.png
Requested by
Host: qantas-group.com
URL: http://qantas-group.com/QA/qg.html
Protocol
HTTP/1.1
Security
, ,
Server
103.4.213.81 , Australia, ASN9268 (OVERTHEWIRE-AS-AP Over The Wire Pty Ltd, AU),
Reverse DNS
spring.studiocoast.com.au
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
adeef9271d8fd75409515d2249268680feeb1a203d9c3df502b46428cd5c19ef

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:34:00 GMT
ETag
"1ee99d705727d51:0"
Last-Modified
Thu, 20 Jun 2019 11:00:58 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
39855
QLogo.png
qantas-group.com/QA/Images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://qantas-group.com/QA/Images/QLogo.png
Requested by
Host: qantas-group.com
URL: http://qantas-group.com/QA/qg.html
Protocol
HTTP/1.1
Security
, ,
Server
103.4.213.81 , Australia, ASN9268 (OVERTHEWIRE-AS-AP Over The Wire Pty Ltd, AU),
Reverse DNS
spring.studiocoast.com.au
Software
Microsoft-IIS/8.0 / ASP.NET
Resource Hash
851bd703cd7017e79c4951c1b377e5a381f82627b1c7623fa7b45729d812babf

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:34:01 GMT
ETag
"f671a7705727d51:0"
Last-Modified
Thu, 20 Jun 2019 11:00:58 GMT
Server
Microsoft-IIS/8.0
X-Powered-By
ASP.NET
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
2533
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-130663057-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 20 Jun 2019 21:35:04 GMT
server
Golfe2
age
6409
date
Sun, 30 Jun 2019 08:47:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
17707
expires
Sun, 30 Jun 2019 10:47:07 GMT
l
use.edgefonts.net/c/51073e/1w;source-sans-pro,2,2cm8F1:W:n2/ 		18 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.edgefonts.net/c/51073e/1w;source-sans-pro,2,2cm8F1:W:n2/l
Requested by
Host: use.edgefonts.net
URL: http://use.edgefonts.net/source-sans-pro:n2:default.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.64.186 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-64-186.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
5fbf7f548b55ef1b582faf68646cb41a359d1c374b0f6dc735c9bc67ca3f9fc7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains;
Content-Encoding
gzip
Server
nginx
Date
Sun, 30 Jun 2019 10:33:56 GMT
Vary
Accept-Encoding
Content-Type
text/css;charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=604800
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14014
collect
www.google-analytics.com/r/ 		35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j77&a=110896456&t=pageview&_s=1&dl=http%3A%2F%2Fqantas-group.com%2FQA%2Fqg.html&dr=http%3A%2F%2Fmarigoldbank-payments.com%2F44bf77a240%3Fl%3D7&ul=en-us&de=UTF-8&dt=Phishing%20Simulation&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1248043335&gjid=907535093&cid=1250196532.1561890836&tid=UA-130663057-1&_gid=1875061344.1561890836&_r=1&gtm=2ou6k2&z=901040338
Requested by
Host: qantas-group.com
URL: http://qantas-group.com/QA/qg.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Jun 2019 10:33:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2b2ba91ab637cc3bc130e0a5a8b594c66cb96b99190112749f27bf9683570850

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
http://qantas-group.com

Response headers

Content-Type
font/opentype
p.gif
p.typekit.net/ 		35 B
367 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.typekit.net/p.gif?s=4&k=&app=dreamweaver&ht=tk&h=qantas-group.com&f=17275&a=&sl=351&fl=3&dc=true&js=1.14.9&_=1561890836708
Requested by
Host: qantas-group.com
URL: http://qantas-group.com/QA/qg.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:19f::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer
http://qantas-group.com/QA/qg.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 30 Jun 2019 10:33:56 GMT
Last-Modified
Thu, 12 Jul 2018 18:17:46 GMT
Server
nginx
ETag
"5b479b4a-23"
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
35
Expires
Wed, 05 Dec 2018 15:10:09 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20browser_version%20%3D%2074&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20os%20%3D%20Linux&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20os_version%20%3D%2010.14.5&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20width%20%3D%201600&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=BrowserDetect%20-%20height%20%3D%201200&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Chrome%20browser%2C%20using%20more%20detailed%20version&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Loading%20Java%20version%20from%20pinlady&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=java_version_pl%20%3D%20unknown&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Loading%20Java%20version%20from%20deployJava&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=java_version_jres%20%3D%20unknown&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=java_version%20%3D%20undefined&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Loading%20flash%20version&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=flash%20%3D%20unknown&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Loading%20pdf%20version&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Could%20not%20find%20AdobeReader%20version&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=pdf%20%3D%20unknown&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Loading%20quicktime%20version&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=quicktime%20%3D%20unknown&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Loading%20RealPlayer%20version&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=realplayer%20%3D%20unknown&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Loading%20Silverlight%20version&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=silverlight%20%3D%20unknown&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=Loading%20WindowsMediaPlayer%20version&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=wmp%20%3D%20unknown&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=redirecting%20to%20http%3A%2F%2Fqantas-group.com%2FQA%2Fqg.html&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1
Domain
dataentry.ap.threatsim.com
URL
https://dataentry.ap.threatsim.com/trace?id=44bf77a240&msg=browser_post_successful&correlation_id=ccd26aea-76eb-4128-81a7-1397393632b1

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga string| __adobewebfontsappname__ object| Typekit object| google_tag_data object| gaplugins object| gaGlobal object| gaData

3 Cookies

Domain/Path Name / Value
.qantas-group.com/ Name: _gat_gtag_UA_130663057_1
Value: 1
.qantas-group.com/ Name: _gid
Value: GA1.2.1875061344.1561890836
.qantas-group.com/ Name: _ga
Value: GA1.2.1250196532.1561890836

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
d2wy8f7a9ursnm.cloudfront.net
dataentry.ap.threatsim.com
java.com
marigoldbank-payments.com
p.typekit.net
qantas-group.com
tslp.s3.amazonaws.com
use.edgefonts.net
www.google-analytics.com
www.googletagmanager.com
dataentry.ap.threatsim.com
103.4.213.81
104.109.64.186
13.238.250.42
2a00:1450:4001:818::200e
2a00:1450:4001:81a::200a
2a00:1450:4001:81d::2008
2a02:26f0:6c00:18d::196
2a02:26f0:6c00:19f::19fd
52.216.10.83
52.222.149.14
52.62.125.11
0730a7e6770925fa4232096e4d9874514985ec791a63fe873f0e4e3cd7722381
08881e7d09f75f6a0a5d1218c8f4353e5a2e3ba7edcfe90fb34a84a3efad5f33
2b2ba91ab637cc3bc130e0a5a8b594c66cb96b99190112749f27bf9683570850
2fe48d09a000d755ce8069bffcbc5a2a2f76eb904acb6e150adeeaf2b54051a6
358bb442f5d81ddc8e393d922458a9d84010efee2c346763ae87a45be92224d1
4805fc6abdad8075af2165e241b781c3073d4769ae725e4004bf79064acb5f24
4bab432979d731f8264bcd9d40422ca7dfcfcb0e0e703288db78bbfa555f853a
4e386753882defb126d743b59c9ae075daaf9ebed5212ed5edb7fc0fdfbe1999
52e59b60b84228c2fa9798b1974e22bcfefcf358d7df7e07af482bfcc4e75f1f
5fbf7f548b55ef1b582faf68646cb41a359d1c374b0f6dc735c9bc67ca3f9fc7
67e221b74a8f07033d5ff8a65657ff2e5d945ac6c7c855963772d12765656b23
6ae53963f41133561c78b4332b564c01f551c471cd91d980436a9f5dacdd8f19
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
851bd703cd7017e79c4951c1b377e5a381f82627b1c7623fa7b45729d812babf
88be902cc76b5ec1ec932b6ae93457b6b0ca69d7a36bfadefc2f24db225dc238
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9ff538f72465724fc393ea1f3c03a17233c9b7e1d440d6f8a6d0b3a836c2a9cc
a26d01d5912459798481786640dc44fd7605d09f2f9e6dd24720205efcab6861
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
adeef9271d8fd75409515d2249268680feeb1a203d9c3df502b46428cd5c19ef
b4b4fdd1ffcaf47fbde1f6ba43fc04f853c98c17f5fbcfdce9c9238828b3f0c2
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
cdb16ca3ddd3cead71121799751fa80d3033375abcdbc5fc84d35fb82c7fc9de
d9b7c6163477008469af64b211e2dbd4f4171b85b51e3714f11c99f9ba2c32f9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef774b5afad3123585320f1a3a50431495853e3fc1aab3a2f707a7856ea59f4d
fce517e48a56b76d45fd456264b90c82aa6e9ddb578f9f36d844ace5816d9841