Overview

URL corp-internal.com
IP54.209.148.90
ASNAS14618 Amazon.com, Inc.
Location United States
Report completed2018-07-11 19:05:32 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 54.209.148.90

Date UQ / IDS / BL URL IP
2018-07-11 18:56:44 +0200
0 - 0 - 0 account-maintenance.com 54.209.148.90
2018-07-11 08:52:59 +0200
0 - 0 - 0 updates.voicemailaccess.net/60a6c04aee?l=14 54.209.148.90
2018-07-10 10:44:42 +0200
0 - 0 - 0 https://crane-systems.updamicrosoft.com/criti (...) 54.209.148.90
2018-07-09 18:50:16 +0200
0 - 0 - 0 www.payablaccounts.com/cb0fbce4a4?l=8 54.209.148.90
2018-07-03 17:49:32 +0200
0 - 0 - 0 invoices.payablaccounts.com/4ac86f1027?l=9 54.209.148.90
2018-07-02 20:56:33 +0200
0 - 0 - 0 mail2.corpoutlook.com/08667b035f?l=17 54.209.148.90

Last 10 reports on ASN: AS14618 Amazon.com, Inc.

Date UQ / IDS / BL URL IP
2018-11-20 19:27:56 +0100
0 - 1 - 0 abelinc.me/singlesutah/?ax2X1Y 50.16.178.150
2018-11-20 19:08:56 +0100
0 - 0 - 1 naturezaelimpeza.com.br/ccs/eapwoeo/kqwpdofo/ (...) 54.86.147.182
2018-11-20 18:33:30 +0100
0 - 0 - 2 https://www.tattoofailure.com/posts/109862-tattoo 52.20.145.121
2018-11-20 18:16:56 +0100
0 - 0 - 0 imp.htrackmyflight.co/impression.do 52.1.124.112
2018-11-20 18:08:53 +0100
0 - 0 - 0 Etisalat.lk 54.88.220.166
2018-11-20 18:06:30 +0100
0 - 0 - 0 dzr-mcs-amzn-us-east-1-h0m3.upe.p.hmr.sophos.com 54.152.201.249
2018-11-20 17:58:14 +0100
0 - 1 - 0 cardpayments.microransom.us/XcmVTjaXBpZWR50X2 (...) 52.7.149.57
2018-11-20 17:46:27 +0100
0 - 1 - 0 bit.do/eBgPp 54.83.52.76
2018-11-20 17:21:49 +0100
0 - 0 - 0 dprint.acemlnb.com/proc.php?nl=3&c=155&m=223& (...) 54.83.34.173
2018-11-20 17:20:38 +0100
0 - 0 - 0 orders.discontcomputers.com/2W8LXWO52O9Y/gp/r (...) 54.83.101.48

Last 9 reports on domain: corp-internal.com

Date UQ / IDS / BL URL IP
2018-03-30 20:45:13 +0200
0 - 0 - 0 www.corp-internal.com/bitgfycoindfgd.zip/ae0a (...) 34.239.193.133
2018-03-30 20:40:00 +0200
0 - 0 - 0 www.corp-internal.com/bitgfycoindfgd.zip/ae0a (...) 54.209.94.20
2018-02-28 14:51:38 +0100
0 - 0 - 0 comcast.corp-internal.com/06069bd517?l=18 52.6.165.47
2018-02-28 14:25:02 +0100
0 - 0 - 0 comcast.corp-internal.com/f340f9517a?l=18 52.6.165.47
2018-01-22 19:45:01 +0100
0 - 0 - 0 updates.corp-internal.com/c8f5df92b1?l=7 34.206.124.153
2017-12-05 13:25:24 +0100
0 - 0 - 0 www.corp-internal.com/88adb8e388?l=14 52.22.172.19
2017-11-28 05:54:51 +0100
0 - 0 - 0 vpn.corp-internal.com/4492beba85?l=8 52.203.237.26
2017-11-07 15:44:21 +0100
0 - 0 - 0 www.corp-internal.com/296f85b972?l=51 34.230.155.77
2017-11-03 02:34:49 +0100
0 - 0 - 0 donations.corp-internal.com/1b60dfd42e?l=69 34.230.155.77


JavaScript

Executed Scripts (5)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (44)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:12 GMT
Etag: W/"60a11b8c24f94969b84b2ba2900bc3a9"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03eff4b159b1363d6, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 4f603c25-8401-4366-a01a-056869109a1d
X-Runtime: 0.002863
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 1037
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1037
Md5:    555df1197695fc0b508298ea35aed359
Sha1:   9ed36e4ed233343ce542d5a6fb41ddd9c6f81c1b
Sha256: fcd2358846e1a97ca1c8500973c0c56b9294f6396622bf03f7a53a87602ead1d
                                        
                                            GET /assets/logo.png HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:12 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Wed, 13 Jun 2018 20:49:34 GMT
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
Content-Length: 5649
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   5649
Md5:    53b4d9803a1436092e1baa98d5e78ce3
Sha1:   8bc9256e96bcb141e2db115523e4013066468b03
Sha256: e0f8e88c3f1388949b2503d69507c36a687c495b34e2ad659a4fb680e5564d19
                                        
                                            GET /assets/all.js?g=infopage HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:12 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Wed, 13 Jun 2018 20:49:34 GMT
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
Content-Length: 7149
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix, last modified: Fri Mar 03 22:28:11 2017, max compression
Size:   7149
Md5:    7ef5804bf7d4879e5ccdfbd01de4ed2b
Sha1:   81960b78265b10afc3ae75b9434d1377cfa7a17f
Sha256: 8e4b430299b5c01368fb14b0ed378091efe77c9c7e3279092ce29c7a434e0bd2
                                        
                                            GET /assets/google-tracking.js?g=infopage HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:12 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Wed, 13 Jun 2018 20:49:34 GMT
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
Content-Length: 316
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix, last modified: Sat Jun 11 03:35:22 2016, max compression
Size:   316
Md5:    719dec8ba10f30b81501c6789fdc0b38
Sha1:   a5981aa8101108d7d3d92c8272c5a8f39ff84619
Sha256: 39b4a814e874e6f5cf6f1f40c45c9932cc676a16786b35ccca4b3f2b0507f12a
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 11 Jul 2018 17:04:12 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    00600966b7aac791cd04aef3099aa108
Sha1:   627316410ae0da2333ae651ab46530963deccedd
Sha256: 15b98eaf294b652fbf5ac81730f5c7b3cc55f5e267a0394674a2425cfb685efa
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 11 Jul 2018 17:04:12 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    d9d754520ae3340aa37cca6115eee05b
Sha1:   a0320372760d99c762cb2eb4b37f776625ef1b33
Sha256: 7dc8284c51c9a38dc1bf03bd28857ea5336e8f5c564eddbb1c9082ee43c93738
                                        
                                            GET /ajax/libs/jquery/1.11.0/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         172.217.22.170
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 33576
Date: Mon, 02 Jul 2018 15:06:49 GMT
Expires: Tue, 02 Jul 2019 15:06:49 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 784643
Alt-Svc: quic=":443"; ma=2592000; v="43,42,41,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   33576
Md5:    55b8e6059da09b4e50cbe105e4a090a3
Sha1:   455328e76daf9a5a8fe0c94bc20c308801fb4883
Sha256: 9ba41d51fbabdb9fcaa7e9e34581d153d8f901a2ce9e364f60162ca278743813
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/
If-Modified-Since: Fri, 03 Oct 2014 00:48:42 GMT

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Wed, 11 Jul 2018 15:30:54 GMT
Expires: Wed, 11 Jul 2018 17:30:54 GMT
Last-Modified: Fri, 18 May 2018 01:10:24 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 14386
Cache-Control: public, max-age=7200
Age: 5599


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   14386
Md5:    b3de885583a477d4e31568948d6bebd7
Sha1:   2ce8d853244dde551c41d5207d6f71c567bde8c6
Sha256: e1bb5aa555a0d875e2a67884ceaa0629e08994a8aabadc2fac5b6915793dbf75
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20sessionStorage%20%3D%20true&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03e77dc46649e883d, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 61f3ffd8-68e5-48dc-9faf-182deb93c0a0
X-Runtime: 0.002512
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20localStorage%20%3D%20true&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-00f9376f34813b057, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 1b5ca63c-94a6-4c73-9de5-af003f6a808f
X-Runtime: 0.002519
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20hasCookies%20%3D%20true&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03eff4b159b1363d6, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 5adbfadf-5b53-453c-8fc9-d5be7e257157
X-Runtime: 0.002317
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20browser_version%20%3D%203.6&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03eff4b159b1363d6, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 49474ddc-e16a-44c7-a177-979fb9754585
X-Runtime: 0.002321
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20os_version%20%3D%206.1&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03e77dc46649e883d, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 7557b4ee-d0c0-496d-ba3b-f76fbbc68f80
X-Runtime: 0.001993
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20language%20%3D%20en-US&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-00f9376f34813b057, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 911ecc84-c27e-44f4-8885-f3e472b82da2
X-Runtime: 0.002286
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20colorDepth%20%3D%2024&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03eff4b159b1363d6, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: cb0b6a90-7faa-4ef3-9490-d14a977bcd4f
X-Runtime: 0.001937
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20browser%20%3D%20Firefox&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03e77dc46649e883d, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 01634ac5-c17d-43a4-8bc7-b7b2ab1d2dfa
X-Runtime: 0.001955
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20os%20%3D%20Windows&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-00f9376f34813b057, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: decb5a9c-5e55-4b6e-a026-7258391e0e98
X-Runtime: 0.002277
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20width%20%3D%201176&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03e77dc46649e883d, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 82496c19-2c31-46bd-af62-f06665ad9f5f
X-Runtime: 0.002071
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20height%20%3D%20885&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-00f9376f34813b057, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: fae3d14b-0965-4463-8596-3e342993078a
X-Runtime: 0.002262
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20plugin%20Windows%20Presentation%20Foundation&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03eff4b159b1363d6, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: fbec1d29-4fc1-4ba6-9617-393a8fad4f2c
X-Runtime: 0.001855
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /r/collect?v=1&_v=j68&a=1949700104&t=pageview&_s=1&dl=http%3A%2F%2Fcorp-internal.com%2F&ul=en-us&de=UTF-8&dt=Wombat%20Security%20Technologies&sd=24-bit&sr=1176x885&vp=1159x754&je=1&fl=10.0%20r45&_u=IEBAAEQ~&jid=102745397&gjid=1708191076&cid=1089270640.1531328654&tid=UA-83403-17&_gid=887192466.1531328654&_r=1&z=1945769059 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         216.58.211.14
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-83403-17&cid=1089270640.1531328654&jid=102745397&_gid=887192466.1531328654&gjid=1708191076&_v=j68&z=1945769059
Access-Control-Allow-Origin: *
Date: Wed, 11 Jul 2018 17:04:13 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Length: 416


--- Additional Info ---
Magic:  HTML document text
Size:   416
Md5:    f3e6b0f42c6d82f2df85d07e2590abec
Sha1:   f886154a935be1a4c2715e326109ffdec5aefbb1
Sha256: bf95e70393d0086e5fa5fdae6a6468e426dade9c21f7a453934adb0b21468816
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20plugin%20Shockwave%20Flash&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-0e2e6978e3ed7c5b1, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: f70c400c-e678-4797-b348-59d8021b7f06
X-Runtime: 0.002378
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20plugin%20Mozilla%20Default%20Plug-in&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03e77dc46649e883d, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 93d60790-1b5f-4c32-8abb-dbe928c5ee68
X-Runtime: 0.002104
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20plugin%20Java%20Deployment%20Toolkit%207.0.50.5&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-00f9376f34813b057, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 8328a28e-4f4c-4465-9e48-2a582277c8e9
X-Runtime: 0.002133
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20plugin%20Java(TM)%20Platform%20SE%207%20U5&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03eff4b159b1363d6, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 34bc9b1f-5cb9-47ad-b463-5d47b1d87363
X-Runtime: 0.002062
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /collect?v=1&_v=j68&a=1949700104&t=pageview&_s=2&dl=http%3A%2F%2Fcorp-internal.com%2F&ul=en-us&de=UTF-8&dt=Wombat%20Security%20Technologies&sd=24-bit&sr=1176x885&vp=1159x754&je=1&fl=10.0%20r45&_u=YEBAAEQ~&jid=&gjid=&cid=1089270640.1531328654&uid=infopage&tid=UA-83403-17&_gid=887192466.1531328654&z=1636686312 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Mon, 02 Jul 2018 12:39:28 GMT
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35
Cache-Control: no-cache, no-store, must-revalidate
Age: 793485


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20plugin%20Adobe%20Acrobat&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-0e2e6978e3ed7c5b1, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 81e2ecf0-b08c-45a3-92c8-8f7f6d3d014e
X-Runtime: 0.008015
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 11 Jul 2018 17:04:13 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    d9384b4a5c1554498d6c38e12a1b2331
Sha1:   a4fda3988b72ed56b0081c00af259ea73c0b06ea
Sha256: 9f5f85b881262a3077b592482b94ac091ee0d019eb32b13443fd4b6777ee4bbf
                                        
                                            POST /secure/browser_post HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://corp-internal.com/
Content-Length: 2287
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: image/gif; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03e77dc46649e883d, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 06822d48-6cde-4de1-80b0-6e5270f14816
X-Runtime: 0.005073
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20plugin%20Microsoft%C2%AE%20DRM&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-00f9376f34813b057, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 377595c0-e185-4d87-b0b7-2cd63d84b6c7
X-Runtime: 0.002537
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=BrowserDetect%20-%20plugin%20Windows%20Media%20Player%20Plug-in%20Dynamic%20Link%20Library&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03eff4b159b1363d6, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 57e5b82b-d10f-4fff-8046-9002483e388d
X-Runtime: 0.001973
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /log?id=infopage&sev=1&msg=PluginDetect%20is%20not%20defined&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: image/gif; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-0e2e6978e3ed7c5b1, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: c1990887-6862-4963-9203-1bce1824197d
X-Runtime: 0.002462
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=Loading%20flash%20version&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-00f9376f34813b057, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: fac560c9-8002-4f23-a42e-2a187f59ae60
X-Runtime: 0.004477
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=Skipping%20java%20detection&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03e77dc46649e883d, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: fadf45da-3db2-4be5-9688-fa8f03244485
X-Runtime: 0.001667
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-83403-17&cid=1089270640.1531328654&jid=102745397&_gid=887192466.1531328654&gjid=1708191076&_v=j68&z=1945769059 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         74.125.131.155
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Wed, 11 Jul 2018 17:04:13 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35
Alt-Svc: quic=":443"; ma=2592000; v="43,42,41,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /log?id=infopage&sev=1&msg=window.plugin_detector%20is%20undefined&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: image/gif; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-0e2e6978e3ed7c5b1, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 48563b27-d9f2-490f-b939-f5dbc9256135
X-Runtime: 0.002271
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=Loading%20pdf%20version&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03e77dc46649e883d, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 7da8013c-d1fc-4fc8-838e-105f17fb8268
X-Runtime: 0.002459
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=Loading%20quicktime%20version&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-00f9376f34813b057, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 699efc2c-ffe7-4f47-8485-eeb51cc991ed
X-Runtime: 0.002207
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=Loading%20Silverlight%20version&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03e77dc46649e883d, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: da7b8c2a-7b9f-4eee-9c01-15455bbb8aa0
X-Runtime: 0.001670
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=Loading%20RealPlayer%20version&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03eff4b159b1363d6, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: a5cf5cf9-1e5a-431c-b85c-de6fd83323c2
X-Runtime: 0.002017
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=Loading%20WindowsMediaPlayer%20version&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-00f9376f34813b057, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: e87bf93b-f603-4e06-a835-0ca000e14ad4
X-Runtime: 0.002262
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=redirect_url%20is%20undefined&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:13 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-03eff4b159b1363d6, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 2760d150-8819-4486-99bb-9c63c79083dc
X-Runtime: 0.002106
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /trace?id=infopage&msg=browser_post_successful&correlation_id=undefined HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://corp-internal.com/
Cookie: _ga=GA1.2.1089270640.1531328654; _gid=GA1.2.887192466.1531328654; _gat=1

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Date: Wed, 11 Jul 2018 17:04:14 GMT
Etag: W/"7215ee9c7d9dc229d2921a40e899ec5f"
Server: ThreatSim-Web-Server
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Host-Info: lw-prd-us-i-0e2e6978e3ed7c5b1, ; e0e6f2a14812c69f7d3556268d9f360280c46306
X-Request-Id: 5577043d-af6c-4f73-9e78-0413ee56614f
X-Runtime: 0.002617
X-UA-Compatible: chrome=1
X-XSS-Protection: 1; mode=block
Content-Length: 21
Connection: keep-alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21
Md5:    d09653f3cd2c8475255535aee1fa6f6a
Sha1:   d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
Sha256: 560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: corp-internal.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ga=GA1.2.1089270640.1531328654; _gid=GA1.2.887192466.1531328654; _gat=1

                                         
                                         54.209.148.90
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Date: Wed, 11 Jul 2018 17:04:14 GMT
Etag: "5b21835e-0"
Last-Modified: Wed, 13 Jun 2018 20:49:34 GMT
Server: ThreatSim-Web-Server
Content-Length: 0
Connection: keep-alive


--- Additional Info ---