login.usc.edu Open in urlscan Pro
52.25.34.61 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
Effective URL:
https://login.usc.edu/sso/SSORedirect/metaAlias/USCRealm/idp?SAMLRequest=hZLNbsIwEIRfJfIdHBzSNhaJlMKhSLQgQnvopXLMQiw5d...
Submission: On September 13 via manual (September 13th 2022, 6:53:32 pm UTC) from US — Scanned from DE

Summary HTTP 44 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 8 domains to perform 44 HTTP transactions. The main IP is 52.25.34.61, located in and belongs to . The main domain is login.usc.edu.
TLS certificate: Issued by InCommon RSA Server CA on March 9th 2022. Valid for: a year.

This is the only time login.usc.edu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	54.197.166.17 54.197.166.17	14618 (AMAZON-AES) (AMAZON-AES)
10	2600:9000:20e... 2600:9000:20eb:4a00:1:abce:c680:21	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
2	2600:9000:223... 2600:9000:223f:fc00:1f:aa31:7740:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
2	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
4	34.107.204.85 34.107.204.85	15169 (GOOGLE) (GOOGLE)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
4 8	68.181.8.108 68.181.8.108	47 (USC-AS) (USC-AS)
1	52.25.34.61 52.25.34.61	() ()
44	11

8 54.197.166.17 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-166-17.compute-1.amazonaws.com

trojan.policystat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:20eb:4a00:1:abce:c680:21 (United States)

ASN16509 (AMAZON-02, US)

d2zk9fgwitlpui.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:fc00:1f:aa31:7740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.107.204.85 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 85.204.107.34.bc.googleusercontent.com

data.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 68.181.8.108 (Altadena, United States) 4 redirects

ASN47 (USC-AS, US)
PTR: cal-shibboleth.usc.edu

shibboleth.usc.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.25.34.61 (None, )

ASN- ()

login.usc.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	cloudfront.net d2zk9fgwitlpui.cloudfront.net	2 MB
9	usc.edu 4 redirects shibboleth.usc.edu — Cisco Umbrella Rank: 426279 login.usc.edu	52 KB
8	policystat.com trojan.policystat.com	50 KB
6	pendo.io cdn.pendo.io — Cisco Umbrella Rank: 2707 data.pendo.io — Cisco Umbrella Rank: 2331	285 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	40 KB
2	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 768	29 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 141	106 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 423 Failed	616 B
44	8

	Domain	Requested by
10	d2zk9fgwitlpui.cloudfront.net	trojan.policystat.com
8	shibboleth.usc.edu	4 redirects shibboleth.usc.edu
8	trojan.policystat.com	trojan.policystat.com d2zk9fgwitlpui.cloudfront.net
4	data.pendo.io	cdn.pendo.io
4	www.google-analytics.com	www.googletagmanager.com trojan.policystat.com
2	js-agent.newrelic.com	trojan.policystat.com
2	cdn.pendo.io	d2zk9fgwitlpui.cloudfront.net
2	www.googletagmanager.com	trojan.policystat.com
1	login.usc.edu	login.usc.edu
1	bam.nr-data.net	js-agent.newrelic.com
44	10

This site contains no links.

Subject Issuer	Validity	Valid
*.policystat.com Amazon	`2022-01-15` - `2023-02-13`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
cdn.pendo.io Amazon	`2022-07-30` - `2023-08-28`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
pendo.io GTS CA 1D4	`2022-08-31` - `2022-11-29`	3 months	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh
shibboleth.usc.edu InCommon RSA Server CA	`2021-12-09` - `2022-12-09`	a year	crt.sh
login.usc.edu InCommon RSA Server CA	`2022-03-09` - `2023-04-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.usc.edu/sso/SSORedirect/metaAlias/USCRealm/idp?SAMLRequest=hZLNbsIwEIRfJfIdHBzSNhaJlMKhSLQgQnvopXLMQiw5dup1%2BvP2DaEt9ELPO%2FvNzmgnKGrd8Lz1lVnDawvog49aG%2BT9ICWtM9wKVMiNqAG5l7zI7xecDUPeOOuttJoEOSI4r6yZWoNtDa4A96YkPK4XKam8b5BTipUqS6vBV8MW5RC2LVXbhmJDi9ME0dKDAaOrZbEhway7SBlxYJ9I2u6V%2BYX0K8VyDVvlQHpagxe5VgLpYzFdg9D1wYcE81lKXqL4Or6STMbjaMx2YleySCaiDHdxkiQQsk6G2MLcoBfGp4SFjA3CZDCKNqMbHkc8ip9JsPpOfqvMVpn95ZrKowj53WazGhxjPYHDPlInINnkUDbvjd1Z%2FZex4qdzkv3b8ISeORztGv7QIeezldVKfga51vZ96kB4SMmI0Oy48vc1si8%3D&RelayState=cookie%3A1663095215_6591&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DjFuBkrfXSiSLdvpZNwMwwi0HJYvx6eaPTX%2BIfnIvbGHvfYpuZpCfqK5EiqA%2B%2BqsGPT1rxI%2Fh7EOctX6jKRs5hz44gO7QgvJHOQTyQVOdsu2DvT6wDEtKHGf8zaGVMh%2BPnsBNps4NcER0AXfE2MFjreHPrUbSXTAyvXCi%2FuwPV6YeEr8HeVPz%2FF6bbi5J%2Fri4ATxwcWLjNvTl8ItCCIi%2BpxTBFhSJ%2FT8YUVnRKwBuD387tmIMCCI55xMwlMxYUYTk3ZYkITUx%2BGT2PXtEw3Fp6D%2FA9jFlMa1lSGj7twk5YD%2FdEri10PBWxWD0p9pBnppoxOzDtJgHvwL7ti1knNAaFF3z6WzA8u57%2Fsr4fcDjdiScZHgSGOT0z359A%2Btj8v7CtKPBvDJ76aCGyxxO5CEaNu6e8Vw5R%2BTdBY17%2BhsOYrVa%2FJaAHiV80A70UX85aeeUHWt%2BSqagaEofNyMRiX5IqLHtoQANvHN6Xi%2BpCI4V5ZZ%2F8JVvBCp2S093KNTYeII
Frame ID: B05F44623F7C945CFA2BC6930E157166
Requests: 44 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1 Page URL
https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1 Page URL
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO HTTP 302
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO;jsessionid=node01otg85wxcq3v81u3gsgc5xrsgq1121987... Page URL
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 HTTP 302
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO?execution=e1s2 HTTP 302
https://shibboleth.usc.edu/idp/sp/login?conversation=e1s2 HTTP 302
https://login.usc.edu/sso/SSORedirect/metaAlias/USCRealm/idp?SAMLRequest=hZLNbsIwEIRfJfIdHBzSNhaJl... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

44
Requests

86 %
HTTPS

40 %
IPv6

8
Domains

10
Subdomains

11
IPs

2
Countries

2325 kB
Transfer

8166 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1 Page URL
https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1 Page URL
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO HTTP 302
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO;jsessionid=node01otg85wxcq3v81u3gsgc5xrsgq1121987.node0?execution=e1s1 Page URL
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 HTTP 302
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO?execution=e1s2 HTTP 302
https://shibboleth.usc.edu/idp/sp/login?conversation=e1s2 HTTP 302
https://login.usc.edu/sso/SSORedirect/metaAlias/USCRealm/idp?SAMLRequest=hZLNbsIwEIRfJfIdHBzSNhaJlMKhSLQgQnvopXLMQiw5dup1%2BvP2DaEt9ELPO%2FvNzmgnKGrd8Lz1lVnDawvog49aG%2BT9ICWtM9wKVMiNqAG5l7zI7xecDUPeOOuttJoEOSI4r6yZWoNtDa4A96YkPK4XKam8b5BTipUqS6vBV8MW5RC2LVXbhmJDi9ME0dKDAaOrZbEhway7SBlxYJ9I2u6V%2BYX0K8VyDVvlQHpagxe5VgLpYzFdg9D1wYcE81lKXqL4Or6STMbjaMx2YleySCaiDHdxkiQQsk6G2MLcoBfGp4SFjA3CZDCKNqMbHkc8ip9JsPpOfqvMVpn95ZrKowj53WazGhxjPYHDPlInINnkUDbvjd1Z%2FZex4qdzkv3b8ISeORztGv7QIeezldVKfga51vZ96kB4SMmI0Oy48vc1si8%3D&RelayState=cookie%3A1663095215_6591&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DjFuBkrfXSiSLdvpZNwMwwi0HJYvx6eaPTX%2BIfnIvbGHvfYpuZpCfqK5EiqA%2B%2BqsGPT1rxI%2Fh7EOctX6jKRs5hz44gO7QgvJHOQTyQVOdsu2DvT6wDEtKHGf8zaGVMh%2BPnsBNps4NcER0AXfE2MFjreHPrUbSXTAyvXCi%2FuwPV6YeEr8HeVPz%2FF6bbi5J%2Fri4ATxwcWLjNvTl8ItCCIi%2BpxTBFhSJ%2FT8YUVnRKwBuD387tmIMCCI55xMwlMxYUYTk3ZYkITUx%2BGT2PXtEw3Fp6D%2FA9jFlMa1lSGj7twk5YD%2FdEri10PBWxWD0p9pBnppoxOzDtJgHvwL7ti1knNAaFF3z6WzA8u57%2Fsr4fcDjdiScZHgSGOT0z359A%2Btj8v7CtKPBvDJ76aCGyxxO5CEaNu6e8Vw5R%2BTdBY17%2BhsOYrVa%2FJaAHiV80A70UX85aeeUHWt%2BSqagaEofNyMRiX5IqLHtoQANvHN6Xi%2BpCI4V5ZZ%2F8JVvBCp2S093KNTYeII Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO HTTP 302
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO;jsessionid=node01otg85wxcq3v81u3gsgc5xrsgq1121987.node0?execution=e1s1

44 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
trojan.policystat.com/policy/12083834/approve/ 29 KB
12 KB 776ms
173ms Document
text/html 54.197.166.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.166.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-166-17.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f15ad4c340d73a5c74a09cf4fb4f4980e996400b6d2730a8bafccb0fc2a88900

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, private, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 12078
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Sep 2022 18:53:27 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding Cookie
X-Content-Type-Options: nosniff

GET
H2 200 1.c130d76d.chunk.css
d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/css/ 22 KB
3 KB 85ms
26ms Stylesheet
text/css 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/css/1.c130d76d.chunk.css
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 60b5ba0d1eca51221a5881c4d2acd7e4c1c6fa142ba3f5fdd001781a3457e49e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:28 GMT
content-encoding: gzip
last-modified: Mon, 12 Sep 2022 17:59:02 GMT
server: AmazonS3
age: 2310
etag: W/"1b0bb7473bb8db1004bc788a55257e41"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: WrG1Cd9MU7VDTEpGNoSQsME86lS8G2vvd1w2gPAEAc4kbHbTfcbDGw==

GET
H2 200 runtime~main.bf583cf0.js Show response
d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/ 1 KB
1 KB 78ms
19ms Script
application/javascript 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/runtime~main.bf583cf0.js
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d82d7867bbb3c958c4392e24ae331a2564631878d24baa77411862e06999605f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 04:44:54 GMT
content-encoding: gzip
last-modified: Mon, 12 Sep 2022 17:59:03 GMT
server: AmazonS3
age: 50915
etag: W/"ba2736f4fee0acdc1673a66863e14dda"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 5Rj6Oc701eMcKYkFklbgbFT4_-o3urAnrwTvQqm_1e4VjflSM9dv6w==

GET
H2 200 main.076ae74d.chunk.js Show response
d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/ 1 MB
233 KB 90ms
31ms Script
application/javascript 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/main.076ae74d.chunk.js
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ec90dd9b415d0c608ff74371ab609b12d14304b02f954545e98837572e4af27f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:28 GMT
content-encoding: gzip
last-modified: Mon, 12 Sep 2022 17:59:03 GMT
server: AmazonS3
age: 2854
etag: W/"85ede3abf8f7969c294e93417e1aacca"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: dyyEgYHjcktdOGA1r0M-pKpsNwsVWDuN07Reb4vYBsnru0knZeD21g==

GET
H2 200 1.172befc1.chunk.js Show response
d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/ 2 MB
618 KB 138ms
79ms Script
application/javascript 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/1.172befc1.chunk.js
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a76a0a18f515ee12ecaf26a81b9409408875d259c4928a51edf6a4f6c150af8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:28 GMT
content-encoding: gzip
last-modified: Mon, 12 Sep 2022 17:59:03 GMT
server: AmazonS3
age: 2310
etag: W/"140cc3da2d0bff58bca81dd8612ea23d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: qB8I8DkTCnnd6ozbJA-9hr0Wlu1bp3V-RWZjykHTgWjLcWqLxRORNw==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 159 KB
53 KB 346ms
40ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTDBV74&l=googleTagData

Requested by

Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c770decdcd48d0569e690f432b8cc45d719bc8f1d9443f569b3a863573899600

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54081
x-xss-protection: 0
last-modified: Tue, 13 Sep 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 13 Sep 2022 18:53:28 GMT

GET
H/1.1 200
OK pendo.js Show response
cdn.pendo.io/agent/static/d7e12a12-ea2f-4f72-687c-067f6a24a079/ 457 KB
142 KB 232ms
154ms Script
application/javascript 2600:9000:223f:fc00:1f:aa31:7740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pendo.io/agent/static/d7e12a12-ea2f-4f72-687c-067f6a24a079/pendo.js
Requested by: Host: d2zk9fgwitlpui.cloudfront.net
URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/main.076ae74d.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:fc00:1f:aa31:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 0a4fec6f7f38409dceb500f4a8122366944707e8df5cfa7c90811acb5418ae4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 18:53:28 GMT
Content-Encoding: gzip
X-Amz-Cf-Pop: FRA56-P5
X-GUploader-UploadID: ADPycdsQ0pxNOKNgvt-JF2_FCQuw4tF7BvMJ4smk9oH8yEWyBbRygei-6VCU2Ms7A23UJqfXAagGecUa24-GiWXrBj6VJg
X-Cache: RefreshHit from cloudfront
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
Connection: keep-alive
Content-Length: 144453
Access-Control-Allow-Origin: *
Last-Modified: Thu, 08 Sep 2022 20:07:06 GMT
Server: UploadServer
ETag: "c5d6e425d71dd1b301f5f2ad5f6124af"
Vary: Accept-Encoding
x-goog-hash: crc32c=8UT2wg==, md5=xdbkJdcd0bMB9fKtX2Ekrw==
x-goog-generation: 1662667626593237
Via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
Access-Control-Expose-Headers: *
Cache-Control: max-age=450
x-goog-stored-content-length: 144453
Accept-Ranges: bytes
Content-Type: application/javascript
X-Amz-Cf-Id: rlzMkyjMo4r5TTeTejZUB47-uT6p3zYkN8fXZAhmvemnSrIK7QF3kA==
Expires: Tue, 13 Sep 2022 19:00:58 GMT

POST
H/1.1 200
OK / Show response
trojan.policystat.com/graphql/ 4 KB
5 KB 520ms
520ms Fetch
application/json 54.197.166.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trojan.policystat.com/graphql/

Requested by

Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.166.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-166-17.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b2e42bf696bbb7a36cd816627063354e467e7733575345c5b1691f9c1e58e3dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type: application/json

Response headers

Date: Tue, 13 Sep 2022 18:53:29 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private, must-revalidate
X-Latest-Client-Version: 076ae74d
Connection: keep-alive
Vary: Cookie, Origin
Content-Length: 4130
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 61ms
15ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTDBV74&l=googleTagData

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6688
date: Tue, 13 Sep 2022 17:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 13 Sep 2022 19:02:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
210 B 24ms
23ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2084525532&t=pageview&_s=1&dl=https%3A%2F%2Ftrojan.policystat.com%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1&dp=%2Fpolicy%2F12083834%2Fapprove%2F&ul=en-us&de=UTF-8&dt=PolicyStat%20%3A%3A%20PolicyStat&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1191645550&gjid=873915166&cid=280225441.1663095205&tid=UA-85615737-1&_gid=48693447.1663095205&_r=1&gtm=2wg9c0MTDBV74&cd1=2137&cd2=751&z=1522958109

Requested by

Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://trojan.policystat.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 18:53:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://trojan.policystat.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-1216.min.js Show response
js-agent.newrelic.com/ 38 KB
14 KB 245ms
59ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1216.min.js
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding: gzip
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-request-id: QS55VTZ5KYBT01RF
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 14391
x-amz-id-2: LqMYMQa4YU1cIYkATbA3xCSvsTD2lndpXc+K9jTcrBu4zKcsnQNt7LnOCIo6x7yoHpJFT7uuVmQ=
x-served-by: cache-hhn4077-HHN
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1663095209.314395,VS0,VE0
date: Tue, 13 Sep 2022 18:53:29 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 4629

GET
H2 200 d7e12a12-ea2f-4f72-687c-067f6a24a079
data.pendo.io/data/ptm.gif/ 42 B
116 B 299ms
229ms Image
image/gif 34.107.204.85
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://data.pendo.io/data/ptm.gif/d7e12a12-ea2f-4f72-687c-067f6a24a079?v=2.151.2_prod&ct=1663095205311&jzb=eJzVUctu2zAQ_BeeFfElObKBogicB9QUdoNY6KEoCEqiFQYUKVCUE9Xwv2dVI-qhQG49lCfu7uxwhvPjiMLYKbRCrQoSRaj07qVXXgTdQpcuFpwsU0ZSTkiEDrrXwXmha1gQ324211uxE_e8SeptncnXEghkVbnBhjPmar3eFpvdRbHJH4qbi_waAIM3MHkKoetXGAfvnqWNO2d0NfZBhrhyLT6XmDKS8YwnWHaddweFP--dr5QwrtFW7L1rRTOoPnyiwAuIrker47vK6fqRUCNtM8hm8q6sKB7RaRY_r_6tH0Cd9MqGqxkKrVqGiYdyTJaYEcaA_6B8r52FNotpSmMmQGH9h2AnyxzesIMxEQrnAt0ty1GPd8Pz4bZ4MYwDz97LVv0e5l-_3z_crh-345f619NrOsU1BgWmk2RxiuYojZP1h1Hy_yXKycm7_ozTOF3CIVmSXLIFOP4HP8np5ennGxkS_Lo

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.204.85 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

85.204.107.34.bc.googleusercontent.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:29 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Origin,Accept,Content-Type,Authorization
access-control-max-age: 600
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: false
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 d7e12a12-ea2f-4f72-687c-067f6a24a079 Show response
data.pendo.io/data/guide.js/ 430 B
582 B 236ms
171ms Script
application/javascript 34.107.204.85
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://data.pendo.io/data/guide.js/d7e12a12-ea2f-4f72-687c-067f6a24a079?jzb=eJx9j1FrgzAUhf9LnlejsQMnjFHaPshAN1afw11MbYbmSrzKxvC_93YDXwZ7S875cnLOt5jd6AhD0Yhc6Jdjeaj0ST-n7bapmgw-38WdAGNw8vSD7Pb7qi5Pm7osXuvjpjiwP4WOnQvRMOZSUsAP8NGAnTNfIwFFBnv5e5WJirM0S7cShiHgbOXTGYOxusPWeX0O2Ot2siM9JpzbW4IGCES-1rwd3T9VO_DtBK1lwnpdv4llrb8-_TuBoQGC9bRbUZb461tOksr4QapYKc6fbRgdepZVlNwnkdI8oxHLcgWpmWnW&v=2.151.2_prod&ct=1663095205316

Requested by

Host: cdn.pendo.io
URL: https://cdn.pendo.io/agent/static/d7e12a12-ea2f-4f72-687c-067f6a24a079/pendo.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.204.85 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

85.204.107.34.bc.googleusercontent.com

Software

Resource Hash

93279460e17d72bce67857f5717b58d0476b80a5f751147765bba221a83651e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/javascript
via: 1.1 google
access-control-max-age: 600
access-control-allow-credentials: false
access-control-allow-headers: Origin,Accept,Content-Type,Authorization
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H/1.1 200
OK /
trojan.policystat.com/graphql/ 6 KB
7 KB 321ms
321ms Fetch
application/json 54.197.166.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trojan.policystat.com/graphql/

Requested by

Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.166.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-166-17.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type: application/json

Response headers

Date: Tue, 13 Sep 2022 18:53:29 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private, must-revalidate
X-Latest-Client-Version: 076ae74d
Connection: keep-alive
Vary: Cookie, Origin
Content-Length: 6561
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 400
Bad Request /
trojan.policystat.com/graphql/ 48 B
629 B 368ms
148ms Fetch
application/json 54.197.166.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trojan.policystat.com/graphql/
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.166.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-166-17.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type: application/json

Response headers

Date: Tue, 13 Sep 2022 18:53:29 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Vary: Cookie, Origin
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private, must-revalidate
X-Latest-Client-Version: 076ae74d
Connection: keep-alive
Content-Length: 48
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET 5822847fd5
bam.nr-data.net/1/ 0
0

GET
H/1.1 200
OK / Show response
trojan.policystat.com/ 29 KB
12 KB 182ms
182ms Document
text/html 54.197.166.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1

Requested by

Host: d2zk9fgwitlpui.cloudfront.net
URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/main.076ae74d.chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.166.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-166-17.compute-1.amazonaws.com

Software

nginx /

Resource Hash

716991b9f9f265bc8d0bee7f022d2dd88519d6222cc75640a63d5b8c34a1bd64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://trojan.policystat.com/policy/12083834/approve/?force_login_from_guest=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, private, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 12078
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Sep 2022 18:53:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding Cookie
X-Content-Type-Options: nosniff

POST 5822847fd5
bam.nr-data.net/events/1/ 0
0

POST 5822847fd5
bam.nr-data.net/jserrors/1/ 0
0

GET
H2 200 1.c130d76d.chunk.css
d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/css/ 22 KB
3 KB 39ms
38ms Stylesheet
text/css 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/css/1.c130d76d.chunk.css
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 60b5ba0d1eca51221a5881c4d2acd7e4c1c6fa142ba3f5fdd001781a3457e49e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:28 GMT
content-encoding: gzip
last-modified: Mon, 12 Sep 2022 17:59:02 GMT
server: AmazonS3
age: 2311
etag: W/"1b0bb7473bb8db1004bc788a55257e41"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: YeQ8Yi94XVkeOLOJonGAUbAdpPFLQgjuqfKAkEvHM2OsgmN9z98_wA==

GET
H2 200 runtime~main.bf583cf0.js Show response
d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/ 1 KB
1 KB 50ms
49ms Script
application/javascript 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/runtime~main.bf583cf0.js
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d82d7867bbb3c958c4392e24ae331a2564631878d24baa77411862e06999605f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 04:44:54 GMT
content-encoding: gzip
last-modified: Mon, 12 Sep 2022 17:59:03 GMT
server: AmazonS3
age: 50916
etag: W/"ba2736f4fee0acdc1673a66863e14dda"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: ayh6xclf0uf0B9Syni70WMtMMeaLsayKKy-jgv4oS2Ejb4TzT54jlw==

GET
H2 200 main.076ae74d.chunk.js Show response
d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/ 1 MB
233 KB 51ms
50ms Script
application/javascript 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/main.076ae74d.chunk.js
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ec90dd9b415d0c608ff74371ab609b12d14304b02f954545e98837572e4af27f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:28 GMT
content-encoding: gzip
last-modified: Mon, 12 Sep 2022 17:59:03 GMT
server: AmazonS3
age: 2855
etag: W/"85ede3abf8f7969c294e93417e1aacca"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: c-PawD3WxZQotI6uIEIbbu3-YLqRZipyTZ3NHS4vxU-_FOkzOVx7dw==

GET
H2 200 1.172befc1.chunk.js Show response
d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/ 2 MB
618 KB 50ms
49ms Script
application/javascript 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/1.172befc1.chunk.js
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a76a0a18f515ee12ecaf26a81b9409408875d259c4928a51edf6a4f6c150af8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:28 GMT
content-encoding: gzip
last-modified: Mon, 12 Sep 2022 17:59:03 GMT
server: AmazonS3
age: 2311
etag: W/"140cc3da2d0bff58bca81dd8612ea23d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: uKTyNvsQUjrUcFWxfpGNzPc6XmsFfyo6Y65MQal7PY3fBrntp-xTwQ==

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 159 KB
53 KB 75ms
27ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTDBV74&l=googleTagData

Requested by

Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c770decdcd48d0569e690f432b8cc45d719bc8f1d9443f569b3a863573899600

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:30 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54081
x-xss-protection: 0
last-modified: Tue, 13 Sep 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 13 Sep 2022 18:53:30 GMT

GET
H/1.1 200
OK pendo.js Show response
cdn.pendo.io/agent/static/d7e12a12-ea2f-4f72-687c-067f6a24a079/ 457 KB
142 KB 28ms
28ms Script
application/javascript 2600:9000:223f:fc00:1f:aa31:7740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pendo.io/agent/static/d7e12a12-ea2f-4f72-687c-067f6a24a079/pendo.js
Requested by: Host: d2zk9fgwitlpui.cloudfront.net
URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/static/js/main.076ae74d.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:fc00:1f:aa31:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 0a4fec6f7f38409dceb500f4a8122366944707e8df5cfa7c90811acb5418ae4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 18:53:28 GMT
Content-Encoding: gzip
Age: 2
X-GUploader-UploadID: ADPycdsQ0pxNOKNgvt-JF2_FCQuw4tF7BvMJ4smk9oH8yEWyBbRygei-6VCU2Ms7A23UJqfXAagGecUa24-GiWXrBj6VJg
X-Cache: Hit from cloudfront
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
Connection: keep-alive
Content-Length: 144453
Access-Control-Allow-Origin: *
Last-Modified: Thu, 08 Sep 2022 20:07:06 GMT
Server: UploadServer
ETag: "c5d6e425d71dd1b301f5f2ad5f6124af"
Vary: Accept-Encoding
x-goog-hash: crc32c=8UT2wg==, md5=xdbkJdcd0bMB9fKtX2Ekrw==
x-goog-generation: 1662667626593237
Via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
Access-Control-Expose-Headers: *
Cache-Control: max-age=450
x-goog-stored-content-length: 144453
X-Amz-Cf-Pop: FRA56-P5
Accept-Ranges: bytes
Content-Type: application/javascript
X-Amz-Cf-Id: 3W9WXWoBLzSJVtawh42htRAQQ1KI62pvmEqPfpzPcfofRf7IJxHHjw==
Expires: Tue, 13 Sep 2022 19:00:58 GMT

POST
H/1.1 200
OK / Show response
trojan.policystat.com/graphql/ 4 KB
5 KB 264ms
262ms Fetch
application/json 54.197.166.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trojan.policystat.com/graphql/

Requested by

Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.166.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-166-17.compute-1.amazonaws.com

Software

nginx /

Resource Hash

844b6e50aba78aaf30f0078b9f1cce5d5f444dd0b4cc36e2442b504ca6e02bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type: application/json

Response headers

Date: Tue, 13 Sep 2022 18:53:30 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private, must-revalidate
X-Latest-Client-Version: 076ae74d
Connection: keep-alive
Vary: Cookie, Origin
Content-Length: 4130
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTDBV74&l=googleTagData

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6690
date: Tue, 13 Sep 2022 17:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 13 Sep 2022 19:02:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 16ms
15ms Image
image/gif 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1283430905&t=pageview&_s=1&dl=https%3A%2F%2Ftrojan.policystat.com%2F%3Fnext%3D%252Fpolicy%252F12083834%252Fapprove%252F%253Fforce_login_from_guest%253D1&dp=%2F&ul=en-us&de=UTF-8&dt=PolicyStat%20%3A%3A%20PolicyStat&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEAB~&jid=&gjid=&cid=280225441.1663095205&tid=UA-85615737-1&_gid=48693447.1663095205&gtm=2wg9c0MTDBV74&cd1=2137&cd2=751&z=867871184

Requested by

Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 12:10:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 24153
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-1216.min.js Show response
js-agent.newrelic.com/ 38 KB
14 KB 45ms
44ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1216.min.js
Requested by: Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding: gzip
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-request-id: QS55VTZ5KYBT01RF
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 14391
x-amz-id-2: LqMYMQa4YU1cIYkATbA3xCSvsTD2lndpXc+K9jTcrBu4zKcsnQNt7LnOCIo6x7yoHpJFT7uuVmQ=
x-served-by: cache-hhn4077-HHN
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1663095210.483373,VS0,VE0
date: Tue, 13 Sep 2022 18:53:30 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 4631

GET
H3 200 d7e12a12-ea2f-4f72-687c-067f6a24a079 Show response
data.pendo.io/data/guide.js/ 450 B
316 B 216ms
171ms Script
application/javascript 34.107.204.85
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://data.pendo.io/data/guide.js/d7e12a12-ea2f-4f72-687c-067f6a24a079?jzb=eJx9j0Frg0AQhf_LgrdG3d0UrFBKiAlIQVsaz8tUN3aL7so6Skrxv2fSgpdCbx9v3ryZ981mMxp0Pm9YytTLochKdVLPst02ZZPA5Z3dMahrN1n8sez2-7IqTpuqyF-rwybPaD75jiYfiMOYRhF69wk2HFxn6q8RAcPa9dGT1Rd8DMTxVyfgIk5kIreEMAzezZookMez87VWnWuNVWfvetVOesRAZpxO9RqhAQSWrp_f0PzzfQe2naDV5NBWVW9sWRutq39bkWkAry3uVitJdPqWw2UUP0QiFoLyZ-1H4yzJIuT3PBSKyjRsWa7Tum62&v=2.151.2_prod&ct=1663095206662

Requested by

Host: cdn.pendo.io
URL: https://cdn.pendo.io/agent/static/d7e12a12-ea2f-4f72-687c-067f6a24a079/pendo.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.204.85 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

85.204.107.34.bc.googleusercontent.com

Software

Resource Hash

97720db4758c8770ac2e2ab653f59894de67c9255c7cb5cd51b24672d1a72899

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/javascript
via: 1.1 google
access-control-max-age: 600
access-control-allow-credentials: false
access-control-allow-headers: Origin,Accept,Content-Type,Authorization
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 d7e12a12-ea2f-4f72-687c-067f6a24a079
data.pendo.io/data/ptm.gif/ 42 B
60 B 269ms
237ms Image
image/gif 34.107.204.85
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://data.pendo.io/data/ptm.gif/d7e12a12-ea2f-4f72-687c-067f6a24a079?v=2.151.2_prod&ct=1663095206665&jzb=eJwtkG9r8jAUxb9LoO_8U5NaW-FhDLUiA7sHLGOMEdI27SJpUtJbtYjf3TtdXp177i_35uTrSmBoJVkSbUVJRiR39txJx0E16M7CkPnxnPphOI9H5KQ6BdZxVeIF_r7Zr1N-4G-sDsq0jMQlxwGiKGxv4Mm8rlZptj-Ms_3uf7YZ79YI9E5j5weg7ZbTKTh7FGbSWq2KoQMBk8I20xcjL_DPo8nTRzGjfsQiFqAUbevsSaLyWFJZV0iuba0Mr5xteN3LDjy2nuEq5NqOLK-PcH-RFgGd-DEePwqCBQ3DG3LCSQMHke_w0abXekTgWZBtnA9q2PbHU5KdNWU4tXKikY9m86lNLvoqqdN0u_hIf_9vAIkrGZvfvu8hb29c

Protocol

Security

QUIC, , AES_128_GCM

Server

34.107.204.85 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

85.204.107.34.bc.googleusercontent.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:30 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Origin,Accept,Content-Type,Authorization
access-control-max-age: 600
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: false
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H/1.1 200
OK 5822847fd5 Show response
bam.nr-data.net/1/ 49 B
616 B 290ms
289ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/5822847fd5?a=402046&v=1216.487a282&to=Zl1SZEFUD0YDVExYXl8XdkVdVhVcDVkXQUJFWUQeUlsYQgpSSlQfR1FVR0APMWYjflZVVEluWVVEGwZQFg%3D%3D&rst=807&ck=1&ref=https://trojan.policystat.com/&ap=67&be=223&fe=751&dc=626&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1663095205904,%22n%22:0,%22u%22:197,%22ue%22:198,%22f%22:8,%22dn%22:8,%22dne%22:8,%22c%22:8,%22ce%22:8,%22rq%22:11,%22rp%22:193,%22rpe%22:194,%22dl%22:199,%22di%22:626,%22ds%22:626,%22de%22:626,%22dc%22:750,%22l%22:750,%22le%22:751%7D,%22navigation%22:%7B%7D%7D&fp=577&fcp=577&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 18:53:30 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 74a31609bd7ecd77-CDG

POST
H/1.1 200
OK / Show response
trojan.policystat.com/graphql/ 6 KB
7 KB 278ms
277ms Fetch
application/json 54.197.166.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trojan.policystat.com/graphql/

Requested by

Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.166.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-166-17.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f36a071d5abb2e502d329a34d484dd11b7cc80bf84caa41d450c0d305d3e4655

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type: application/json

Response headers

Date: Tue, 13 Sep 2022 18:53:30 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private, must-revalidate
X-Latest-Client-Version: 076ae74d
Connection: keep-alive
Vary: Cookie, Origin
Content-Length: 6561
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK / Show response
trojan.policystat.com/graphql/ 212 B
882 B 229ms
229ms Fetch
application/json 54.197.166.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trojan.policystat.com/graphql/

Requested by

Host: trojan.policystat.com
URL: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.166.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-166-17.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a49a4b050e0e1900720d869b066d1e6341f538c702958276305d879158315ec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://trojan.policystat.com/?next=%2Fpolicy%2F12083834%2Fapprove%2F%3Fforce_login_from_guest%3D1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type: application/json

Response headers

Date: Tue, 13 Sep 2022 18:53:30 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private, must-revalidate
X-Latest-Client-Version: 076ae74d
Connection: keep-alive
Vary: Cookie, Origin
Content-Length: 212
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 PrimShield-Word_RegShieldRGB_CardOnWhite-for_policy_site.jpg
d2zk9fgwitlpui.cloudfront.net/document_settings/usc/header/1548798497/ 41 KB
41 KB 450ms
449ms Image
image/jpeg 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2zk9fgwitlpui.cloudfront.net/document_settings/usc/header/1548798497/PrimShield-Word_RegShieldRGB_CardOnWhite-for_policy_site.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7e4a8ad70ea163807973b9f2a2c2b23f73ca3c2623fbc25997aa0b332caceac4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 18:53:32 GMT
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
last-modified: Tue, 29 Jan 2019 21:48:18 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "e30046d390caefbbfd92a968d6219d8b"
x-cache: Miss from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 41642
x-amz-cf-id: xflrthnl9YjgtcmyoYSd-M5z8DQjxh7yaTumiS_uGFsqIo5F0JShFg==
expires: Fri, 26 Jan 2029 20:00:00 GMT

GET
H2 200 rldatix-policystat_logo.png
d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/img/ 12 KB
13 KB 24ms
23ms Image
image/png 2600:9000:20eb:4a00:1:abce:c680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2zk9fgwitlpui.cloudfront.net/site_media/anywhere/img/rldatix-policystat_logo.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:4a00:1:abce:c680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: acfa4d20a8cbc8df055d2b905266e418f0f73b322d92888299039001f8904f40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://trojan.policystat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 06:03:29 GMT
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
last-modified: Mon, 12 Sep 2022 17:59:09 GMT
server: AmazonS3
age: 46202
etag: "5635028d51d88c815a919383793b562e"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-length: 12732
x-amz-cf-id: aupmJV_uIBJA481pJ5uYIDqbjo4J6qCY7f9CON7-RVL7bYsb4Caagg==

GET
H/1.1

200
OK

SSO;jsessionid=node01otg85wxcq3v81u3gsgc5xrsgq1121987.node0 Show response
shibboleth.usc.edu/idp/profile/SAML2/POST/
Redirect Chain

https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO;jsessionid=node01otg85wxcq3v81u3gsgc5xrsgq1121987.node0?execution=e1s1

5 KB
5 KB

163ms
162ms

Document
text/html

68.181.8.108
USC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO;jsessionid=node01otg85wxcq3v81u3gsgc5xrsgq1121987.node0?execution=e1s1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 68.181.8.108 Altadena, United States, ASN47 (USC-AS, US),
Reverse DNS: cal-shibboleth.usc.edu
Software: Jetty(9.4.36.v20210114) /
Resource Hash: 3ef6977cb78fd1f1eee263f0ca2b5ae9b7f79a6eeec79fb954eaf6ef1b08d66b

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://trojan.policystat.com
Referer: https://trojan.policystat.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store
Connection: keep-alive
Content-Length: 4710
Content-Type: text/html;charset=utf-8
Date: Tue, 13 Sep 2022 18:53:34 GMT
P3P: CP="This is not a privacy policy. Privacy policy is under review. Shibboleth only works with data we already have through official channels."
Server: Jetty(9.4.36.v20210114)

Redirect headers

Cache-Control: no-store
Connection: keep-alive
Content-Length: 0
Date: Tue, 13 Sep 2022 18:53:34 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO;jsessionid=node01otg85wxcq3v81u3gsgc5xrsgq1121987.node0?execution=e1s1
P3P: CP="This is not a privacy policy. Privacy policy is under review. Shibboleth only works with data we already have through official channels."
Server: Jetty(9.4.36.v20210114)

POST 5822847fd5
bam.nr-data.net/events/1/ 0
0

POST 5822847fd5
bam.nr-data.net/jserrors/1/ 0
0

GET
H/1.1 200
OK login.css
shibboleth.usc.edu/idp/style/ 15 KB
16 KB 160ms
159ms Stylesheet
text/css 68.181.8.108
USC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shibboleth.usc.edu/idp/style/login.css
Requested by: Host: shibboleth.usc.edu
URL: https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO;jsessionid=node01otg85wxcq3v81u3gsgc5xrsgq1121987.node0?execution=e1s1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 68.181.8.108 Altadena, United States, ASN47 (USC-AS, US),
Reverse DNS: cal-shibboleth.usc.edu
Software: Jetty(9.4.36.v20210114) /
Resource Hash: 5694543d3112d3ad1e61e2965adf138bac638226da03bb2638f186cb0c45e5c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO;jsessionid=node01otg85wxcq3v81u3gsgc5xrsgq1121987.node0?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 18:53:34 GMT
Last-Modified: Sat, 12 Aug 2017 03:58:00 GMT
Server: Jetty(9.4.36.v20210114)
P3P: CP="This is not a privacy policy. Privacy policy is under review. Shibboleth only works with data we already have through official channels."
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/css;charset=utf-8
Content-Length: 15586

GET
H/1.1 200
OK proximanova-bold-webfont.woff
shibboleth.usc.edu/idp/style/fonts-subset/ 15 KB
15 KB 160ms
160ms Font
application/font-woff 68.181.8.108
USC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shibboleth.usc.edu/idp/style/fonts-subset/proximanova-bold-webfont.woff
Requested by: Host: shibboleth.usc.edu
URL: https://shibboleth.usc.edu/idp/style/login.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 68.181.8.108 Altadena, United States, ASN47 (USC-AS, US),
Reverse DNS: cal-shibboleth.usc.edu
Software: Jetty(9.4.36.v20210114) /
Resource Hash

Request headers

Referer: https://shibboleth.usc.edu/idp/style/login.css
Origin: https://shibboleth.usc.edu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 18:53:34 GMT
Last-Modified: Thu, 04 Jun 2015 18:00:00 GMT
Server: Jetty(9.4.36.v20210114)
P3P: CP="This is not a privacy policy. Privacy policy is under review. Shibboleth only works with data we already have through official channels."
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/font-woff;charset=utf-8
Content-Length: 15368

GET
H/1.1 200
OK proximanova-reg-webfont.woff
shibboleth.usc.edu/idp/style/fonts-subset/ 12 KB
13 KB 168ms
168ms Font
application/font-woff 68.181.8.108
USC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shibboleth.usc.edu/idp/style/fonts-subset/proximanova-reg-webfont.woff
Requested by: Host: shibboleth.usc.edu
URL: https://shibboleth.usc.edu/idp/style/login.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 68.181.8.108 Altadena, United States, ASN47 (USC-AS, US),
Reverse DNS: cal-shibboleth.usc.edu
Software: Jetty(9.4.36.v20210114) /
Resource Hash

Request headers

Referer: https://shibboleth.usc.edu/idp/style/login.css
Origin: https://shibboleth.usc.edu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 18:53:34 GMT
Last-Modified: Thu, 04 Jun 2015 18:00:02 GMT
Server: Jetty(9.4.36.v20210114)
P3P: CP="This is not a privacy policy. Privacy policy is under review. Shibboleth only works with data we already have through official channels."
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/font-woff;charset=utf-8
Content-Length: 12728

GET
H2

200

Primary Request idp
login.usc.edu/sso/SSORedirect/metaAlias/USCRealm/
Redirect Chain

https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
https://shibboleth.usc.edu/idp/profile/SAML2/POST/SSO?execution=e1s2
https://shibboleth.usc.edu/idp/sp/login?conversation=e1s2
https://login.usc.edu/sso/SSORedirect/metaAlias/USCRealm/idp?SAMLRequest=hZLNbsIwEIRfJfIdHBzSNhaJlMKhSLQgQnvopXLMQiw5dup1%2BvP2DaEt9ELPO%2FvNzmgnKGrd8Lz1lVnDawvog49aG%2BT9ICWtM9wKVMiNqAG5l7zI7xecDU...

2 KB
0

720ms
176ms

Document
text/html

52.25.34.61

General

Check archive.org

Show headers Download Go to

Full URL

https://login.usc.edu/sso/SSORedirect/metaAlias/USCRealm/idp?SAMLRequest=hZLNbsIwEIRfJfIdHBzSNhaJlMKhSLQgQnvopXLMQiw5dup1%2BvP2DaEt9ELPO%2FvNzmgnKGrd8Lz1lVnDawvog49aG%2BT9ICWtM9wKVMiNqAG5l7zI7xecDUPeOOuttJoEOSI4r6yZWoNtDa4A96YkPK4XKam8b5BTipUqS6vBV8MW5RC2LVXbhmJDi9ME0dKDAaOrZbEhway7SBlxYJ9I2u6V%2BYX0K8VyDVvlQHpagxe5VgLpYzFdg9D1wYcE81lKXqL4Or6STMbjaMx2YleySCaiDHdxkiQQsk6G2MLcoBfGp4SFjA3CZDCKNqMbHkc8ip9JsPpOfqvMVpn95ZrKowj53WazGhxjPYHDPlInINnkUDbvjd1Z%2FZex4qdzkv3b8ISeORztGv7QIeezldVKfga51vZ96kB4SMmI0Oy48vc1si8%3D&RelayState=cookie%3A1663095215_6591&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DjFuBkrfXSiSLdvpZNwMwwi0HJYvx6eaPTX%2BIfnIvbGHvfYpuZpCfqK5EiqA%2B%2BqsGPT1rxI%2Fh7EOctX6jKRs5hz44gO7QgvJHOQTyQVOdsu2DvT6wDEtKHGf8zaGVMh%2BPnsBNps4NcER0AXfE2MFjreHPrUbSXTAyvXCi%2FuwPV6YeEr8HeVPz%2FF6bbi5J%2Fri4ATxwcWLjNvTl8ItCCIi%2BpxTBFhSJ%2FT8YUVnRKwBuD387tmIMCCI55xMwlMxYUYTk3ZYkITUx%2BGT2PXtEw3Fp6D%2FA9jFlMa1lSGj7twk5YD%2FdEri10PBWxWD0p9pBnppoxOzDtJgHvwL7ti1knNAaFF3z6WzA8u57%2Fsr4fcDjdiScZHgSGOT0z359A%2Btj8v7CtKPBvDJ76aCGyxxO5CEaNu6e8Vw5R%2BTdBY17%2BhsOYrVa%2FJaAHiV80A70UX85aeeUHWt%2BSqagaEofNyMRiX5IqLHtoQANvHN6Xi%2BpCI4V5ZZ%2F8JVvBCp2S093KNTYeII

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.25.34.61 -, , ASN (),

Reverse DNS

Software

I am a teapot /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://shibboleth.usc.edu
Referer: https://shibboleth.usc.edu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 2231
content-type: text/html;charset=UTF-8
date: Tue, 13 Sep 2022 18:53:35 GMT
server: I am a teapot
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

Cache-Control: private,no-store,no-cache,max-age=0
Connection: keep-alive
Content-Length: 1385
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 13 Sep 2022 18:53:35 GMT
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Location: https://login.usc.edu/sso/SSORedirect/metaAlias/USCRealm/idp?SAMLRequest=hZLNbsIwEIRfJfIdHBzSNhaJlMKhSLQgQnvopXLMQiw5dup1%2BvP2DaEt9ELPO%2FvNzmgnKGrd8Lz1lVnDawvog49aG%2BT9ICWtM9wKVMiNqAG5l7zI7xecDUPeOOuttJoEOSI4r6yZWoNtDa4A96YkPK4XKam8b5BTipUqS6vBV8MW5RC2LVXbhmJDi9ME0dKDAaOrZbEhway7SBlxYJ9I2u6V%2BYX0K8VyDVvlQHpagxe5VgLpYzFdg9D1wYcE81lKXqL4Or6STMbjaMx2YleySCaiDHdxkiQQsk6G2MLcoBfGp4SFjA3CZDCKNqMbHkc8ip9JsPpOfqvMVpn95ZrKowj53WazGhxjPYHDPlInINnkUDbvjd1Z%2FZex4qdzkv3b8ISeORztGv7QIeezldVKfga51vZ96kB4SMmI0Oy48vc1si8%3D&RelayState=cookie%3A1663095215_6591&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DjFuBkrfXSiSLdvpZNwMwwi0HJYvx6eaPTX%2BIfnIvbGHvfYpuZpCfqK5EiqA%2B%2BqsGPT1rxI%2Fh7EOctX6jKRs5hz44gO7QgvJHOQTyQVOdsu2DvT6wDEtKHGf8zaGVMh%2BPnsBNps4NcER0AXfE2MFjreHPrUbSXTAyvXCi%2FuwPV6YeEr8HeVPz%2FF6bbi5J%2Fri4ATxwcWLjNvTl8ItCCIi%2BpxTBFhSJ%2FT8YUVnRKwBuD387tmIMCCI55xMwlMxYUYTk3ZYkITUx%2BGT2PXtEw3Fp6D%2FA9jFlMa1lSGj7twk5YD%2FdEri10PBWxWD0p9pBnppoxOzDtJgHvwL7ti1knNAaFF3z6WzA8u57%2Fsr4fcDjdiScZHgSGOT0z359A%2Btj8v7CtKPBvDJ76aCGyxxO5CEaNu6e8Vw5R%2BTdBY17%2BhsOYrVa%2FJaAHiV80A70UX85aeeUHWt%2BSqagaEofNyMRiX5IqLHtoQANvHN6Xi%2BpCI4V5ZZ%2F8JVvBCp2S093KNTYeII
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips

GET saml2-write.js
login.usc.edu/sso/js/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/1/5822847fd5?a=402046&v=1216.487a282&to=Zl1SZEFUD0YDVExYXl8XdkVdVhVcDVkXQUJFWUQeUlsYQgpSSlQfR1FVR0APMWYjflZVVEluWVVEGwZQFg%3D%3D&rst=2102&ck=1&ref=https://trojan.policystat.com/policy/12083834/approve/&ap=62&be=816&fe=1832&dc=1571&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1663095203460,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:275,%22c%22:275,%22s%22:382,%22ce%22:604,%22rq%22:604,%22rp%22:776,%22rpe%22:777,%22dl%22:780,%22di%22:1571,%22ds%22:1571,%22de%22:1571,%22dc%22:1831,%22l%22:1831,%22le%22:1833%7D,%22navigation%22:%7B%7D%7D&fp=1551&fcp=1551&jsonp=NREUM.setToken

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/events/1/5822847fd5?a=402046&v=1216.487a282&to=Zl1SZEFUD0YDVExYXl8XdkVdVhVcDVkXQUJFWUQeUlsYQgpSSlQfR1FVR0APMWYjflZVVEluWVVEGwZQFg%3D%3D&rst=2641&ck=1&ref=https://trojan.policystat.com/policy/12083834/approve/

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/jserrors/1/5822847fd5?a=402046&v=1216.487a282&to=Zl1SZEFUD0YDVExYXl8XdkVdVhVcDVkXQUJFWUQeUlsYQgpSSlQfR1FVR0APMWYjflZVVEluWVVEGwZQFg%3D%3D&rst=2641&ck=1&ref=https://trojan.policystat.com/policy/12083834/approve/

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/events/1/5822847fd5?a=402046&v=1216.487a282&to=Zl1SZEFUD0YDVExYXl8XdkVdVhVcDVkXQUJFWUQeUlsYQgpSSlQfR1FVR0APMWYjflZVVEluWVVEGwZQFg%3D%3D&rst=4669&ck=1&ref=https://trojan.policystat.com/

Domain: bam.nr-data.net
URL: https://bam.nr-data.net/jserrors/1/5822847fd5?a=402046&v=1216.487a282&to=Zl1SZEFUD0YDVExYXl8XdkVdVhVcDVkXQUJFWUQeUlsYQgpSSlQfR1FVR0APMWYjflZVVEluWVVEGwZQFg%3D%3D&rst=4669&ck=1&ref=https://trojan.policystat.com/

Domain: login.usc.edu
URL: https://login.usc.edu/sso/js/saml2-write.js

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
shibboleth.usc.edu/idp	1969-12-31 23:59:59	Name: JSESSIONID Value: node01otg85wxcq3v81u3gsgc5xrsgq1121987.node0
.policystat.com/	1969-12-31 23:59:59	Name: sessionid Value: zuz0cqn9dl59jhai0u6ukoh7b67cnupc
.policystat.com/	1970-01-20 15:34:15	Name: _ga Value: GA1.2.280225441.1663095205
.policystat.com/	1970-01-20 05:59:41	Name: _gid Value: GA1.2.48693447.1663095205
.policystat.com/	1970-01-20 05:58:15	Name: _gat_UA-85615737-1 Value: 1
.policystat.com/	1970-01-20 14:42:24	Name: csrftoken Value: Ek9x01OhZPpyDFouacTJsEmkWbtElpjf3S6EzlHGPkX2XgbKwWHXvhCgtcHheZF0
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 72dedefa6f9e0d1e
shibboleth.usc.edu/	1969-12-31 23:59:59	Name: CAL-AVI Value: 02d4168471-539b-47s8qhUAGmmNtUGH1Y5D9d3-V_Stjngs2lvYzao5XIz2v6PQZMkhZGorGb2Syu8WL4g8g

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://trojan.policystat.com/graphql/ Message: Failed to load resource: the server responded with a status of 400 (Bad Request)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
cdn.pendo.io
d2zk9fgwitlpui.cloudfront.net
data.pendo.io
js-agent.newrelic.com
login.usc.edu
shibboleth.usc.edu
trojan.policystat.com
www.google-analytics.com
www.googletagmanager.com
bam.nr-data.net
login.usc.edu
151.101.194.137
162.247.241.14
2600:9000:20eb:4a00:1:abce:c680:21
2600:9000:223f:fc00:1f:aa31:7740:93a1
2a00:1450:4001:806::2008
2a00:1450:4001:811::200e
34.107.204.85
52.25.34.61
54.197.166.17
68.181.8.108
0a4fec6f7f38409dceb500f4a8122366944707e8df5cfa7c90811acb5418ae4f
3ef6977cb78fd1f1eee263f0ca2b5ae9b7f79a6eeec79fb954eaf6ef1b08d66b
5694543d3112d3ad1e61e2965adf138bac638226da03bb2638f186cb0c45e5c4
60b5ba0d1eca51221a5881c4d2acd7e4c1c6fa142ba3f5fdd001781a3457e49e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
716991b9f9f265bc8d0bee7f022d2dd88519d6222cc75640a63d5b8c34a1bd64
7e4a8ad70ea163807973b9f2a2c2b23f73ca3c2623fbc25997aa0b332caceac4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844b6e50aba78aaf30f0078b9f1cce5d5f444dd0b4cc36e2442b504ca6e02bda
93279460e17d72bce67857f5717b58d0476b80a5f751147765bba221a83651e4
97720db4758c8770ac2e2ab653f59894de67c9255c7cb5cd51b24672d1a72899
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a49a4b050e0e1900720d869b066d1e6341f538c702958276305d879158315ec0
a76a0a18f515ee12ecaf26a81b9409408875d259c4928a51edf6a4f6c150af8b
acfa4d20a8cbc8df055d2b905266e418f0f73b322d92888299039001f8904f40
b2e42bf696bbb7a36cd816627063354e467e7733575345c5b1691f9c1e58e3dd
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
c770decdcd48d0569e690f432b8cc45d719bc8f1d9443f569b3a863573899600
d82d7867bbb3c958c4392e24ae331a2564631878d24baa77411862e06999605f
ec90dd9b415d0c608ff74371ab609b12d14304b02f954545e98837572e4af27f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f15ad4c340d73a5c74a09cf4fb4f4980e996400b6d2730a8bafccb0fc2a88900
f36a071d5abb2e502d329a34d484dd11b7cc80bf84caa41d450c0d305d3e4655

login.usc.edu Open in urlscan Pro 52.25.34.61 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

44 Requests

86 %HTTPS

40 %IPv6

8 Domains

10 Subdomains

11 IPs

2 Countries

2325 kBTransfer

8166 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

44 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

login.usc.edu Open in urlscan Pro
52.25.34.61 Public Scan

Screenshot
Live screenshot

Full Image

44
Requests

86 %
HTTPS

40 %
IPv6

8
Domains

10
Subdomains

11
IPs

2
Countries

2325 kB
Transfer

8166 kB
Size

8
Cookies

44 HTTP transactions
0 data transactions