| | 52.200.137.52 | 200 OK | 162 B |
URL User Request GET HTTP/2IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Wed, 24 Apr 2024 08:21:32 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Server: nginx
Location: https://52.200.137.52/
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
|
|
| 52.200.137.52/js/ie10-4d8fefae653b9ade02759391caba3c56.js | 52.200.137.52 | 200 OK | 112 B |
URL GET HTTP/252.200.137.52/js/ie10-4d8fefae653b9ade02759391caba3c56.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
Hash6df5dde38ec3c12329a97c5cdef18d26 589b055af4ffe981f073c7e3ec8c5e62b725b3af d0239b745f9020d3f03785b130e6370202fd27597effb433aded633a7e5aa311
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/ie10-4d8fefae653b9ade02759391caba3c56.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 112
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: "6df5dde38ec3c12329a97c5cdef18d26"
x-cache: Hit from cloudfront
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: NYYTM5Azm-mGBGaIs2Xy8nNBHlFYKa2m5cHx3JioUTvcWRKlQVW9Aw==
age: 63644
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/chunk.143.b8dd2be3a6ac593b28b1.js | 52.200.137.52 | 200 OK | 18 kB |
URL GET HTTP/252.200.137.52/platform-ember/chunk.143.b8dd2be3a6ac593b28b1.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeASCII text, with very long lines (5646) Hash9f8b27a49a89ccc7d0f43ce6a601b3c2 371a1db1903685d2178af33f41f56694c4133f7f b06dfd4fa9096416da3ed3fefb23737fd46043bbfc3449be7a4e67a5d2d6b6e8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/chunk.143.b8dd2be3a6ac593b28b1.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 18240
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: "9f8b27a49a89ccc7d0f43ce6a601b3c2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: GzbwHyAPieY1lMjiPD92FA8qmf4qHzq8IszL89dSOXriPomUmmHmnA==
age: 63644
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| | 52.200.137.52 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash458805e93d363888dfb55e3782e4dedb eda08b2075727ae0b2aa52f05118cdc8b583c0db c1bb38fde926893b9dfd0e32549409c56ce4ad18ba5ae62b0badcebaecdf48e4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:34 GMT
content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: W/"89b2a9594ad72c7e4144c5d717797f06"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: saUd-cfc33LZuereoZ8s5OhPwESTcTsnL_xtptrVDHpI7cfAaFqJ3Q==
age: 63647
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/wombat-style-guide/fonts/roboto-latin-400italic.woff2 | 52.200.137.52 | 200 OK | 17 kB |
URL GET HTTP/252.200.137.52/wombat-style-guide/fonts/roboto-latin-400italic.woff2 IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16944, version 1.0 Hashd8bcbe724fd6f4ba44d0ee6a2675890f d276fd769bcb675f8efe42ebe3003c1d3255f985 aa4650a411dfe1c9beb794ffaf08c7909cdfbb05672d79b3a9976672cbba75ec
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wombat-style-guide/fonts/roboto-latin-400italic.woff2 HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/platform-ember/platform-ember-c03d94c1dac100a7075e12bd26e8d5a3.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:35 GMT
content-type: binary/octet-stream
content-length: 16944
server: nginx
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 17 Apr 2024 13:51:24 GMT
etag: "d8bcbe724fd6f4ba44d0ee6a2675890f"
x-cache: Hit from cloudfront
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: 7uaVJODsg2-3UvEN7yYxq_UPvL3b45rterHpFzlMprxthNY9TnIbxA==
age: 63644
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/chunk.397.3e238dc526a27118748c.js | 52.200.137.52 | 200 OK | 2.4 MB |
URL GET HTTP/252.200.137.52/platform-ember/chunk.397.3e238dc526a27118748c.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2409) Size2.4 MB (2434135 bytes) Hashc133211f25c22ff443150d094bc0299e 127c99b4a462a0c576671fec3b1b4cae43aad1f9 d101ebc10f5e004076e66dacdf70df3b5ec4b841f2e70cae7a111d14a6c3193a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/chunk.397.3e238dc526a27118748c.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434135
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: "c133211f25c22ff443150d094bc0299e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: 7pzULl9TzMHojTDG5fkLKEbXwwQu-jNvsOJHdXy-2BFZguOzIJLjIQ==
age: 63643
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/vendor-a309eb6908ef2932d56bb3ef16252eb1.js | 52.200.137.52 | 200 OK | 2.9 MB |
URL GET HTTP/252.200.137.52/platform-ember/vendor-a309eb6908ef2932d56bb3ef16252eb1.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1592) Size2.9 MB (2871835 bytes) Hashef21a29761270ad8bf5077f8c831d251 c99a3d05c59c5c4065f65dea9d6fccfa58576a9a ce87bd812c69fd3a34beb710323884bfb75e53b4f33b81ef3a8a135e3083e0e0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/vendor-a309eb6908ef2932d56bb3ef16252eb1.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 2871835
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: "ef21a29761270ad8bf5077f8c831d251"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: Lfz4FSZ25oOXbwT_SIaacfovPfjog52a8qB5si0jI2O1eBKv8zJwGQ==
age: 63643
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/platform-ember-d7a7c3d0c2f2e82c833583d2d17a70fe.js | 52.200.137.52 | 200 OK | 3.1 MB |
URL GET HTTP/252.200.137.52/platform-ember/platform-ember-d7a7c3d0c2f2e82c833583d2d17a70fe.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (3295) Size3.1 MB (3108410 bytes) Hashfd662177401a4cdd5988726b33c1a693 fd758b994c8b61226788adde9d281564a8490e11 6cdb7d2aed712a213e63f7272c9385a142752bda7baf0ae519a931bd7dc91070
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/platform-ember-d7a7c3d0c2f2e82c833583d2d17a70fe.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 3108410
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: "fd662177401a4cdd5988726b33c1a693"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: Wgc_FkHlysUXy1EgsHBNJZ5bXL2buqGMXWY4CTih5YVTVMpxmxfcIA==
age: 63644
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/favicon-16x16.png | 52.200.137.52 | 200 OK | 9.8 kB |
URL GET HTTP/252.200.137.52/favicon-16x16.png IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hasheecb093fcfbc82fe13c507e3b62da1c5 ec766576863e8e069d9a1706a7cd59912b736ec9 146fae58ed4e2e5c82fc38508b494fe40737a29b0a3be27eeb424e15cd4e00f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon-16x16.png HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Cookie: _splunk_rum_sid=%7B%22id%22%3A%2255a2b8bccf51ca39035c20367a532061%22%2C%22startTime%22%3A1713946896879%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: W/"89b2a9594ad72c7e4144c5d717797f06"
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: zrtAOyRTYgP-49s-oOIhC9qyYXRd7NwedBg0eHPrXXdDQvOGTcUcTw==
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/chunk.591.4e1d9d9547424af31f20.js | 52.200.137.52 | 200 OK | 6.6 kB |
URL GET HTTP/252.200.137.52/platform-ember/chunk.591.4e1d9d9547424af31f20.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1111) Hashb1ebebb6039eb3eeeac537d6275fdda6 096d440cda15ec460c4759150ab823fbc1603d42 4eaba51186e0794aa86f765949f93305daf4bbecbe9c135ee1bc245665c8d412
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/chunk.591.4e1d9d9547424af31f20.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/login
Cookie: _splunk_rum_sid=%7B%22id%22%3A%2255a2b8bccf51ca39035c20367a532061%22%2C%22startTime%22%3A1713946896879%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 6642
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: "b1ebebb6039eb3eeeac537d6275fdda6"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 d1cde188ada6755fe03b8541b71fce4a.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: 2-ZJR2S1p8jIW4MSeW58OLKUFMK0DwYgLuU2srNMwrTlpYQxtb-8Rw==
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/wombat-style-guide/fonts/roboto-latin-400.woff2 | 52.200.137.52 | 200 OK | 15 kB |
URL GET HTTP/252.200.137.52/wombat-style-guide/fonts/roboto-latin-400.woff2 IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15344, version 1.0 Hash5d4aeb4e5f5ef754e307d7ffaef688bd 06db651cdf354c64a7383ea9c77024ef4fb4cef8 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wombat-style-guide/fonts/roboto-latin-400.woff2 HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/platform-ember/platform-ember-c03d94c1dac100a7075e12bd26e8d5a3.css
Cookie: _splunk_rum_sid=%7B%22id%22%3A%2255a2b8bccf51ca39035c20367a532061%22%2C%22startTime%22%3A1713946896879%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: binary/octet-stream
content-length: 15344
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:24 GMT
etag: "5d4aeb4e5f5ef754e307d7ffaef688bd"
x-cache: Miss from cloudfront
via: 1.1 9b097dfab92228268a37145aac5629c0.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: rkbiZR89-zeKLx5hjOZb1NQnocktyA4_eJnUMhrNSbb2AC9WDi74WQ==
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/wombat-style-guide/fonts/roboto-latin-500.woff2 | 52.200.137.52 | 200 OK | 16 kB |
URL GET HTTP/252.200.137.52/wombat-style-guide/fonts/roboto-latin-500.woff2 IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15552, version 1.0 Hash285467176f7fe6bb6a9c6873b3dad2cc ea04e4ff5142ddd69307c183def721a160e0a64e 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wombat-style-guide/fonts/roboto-latin-500.woff2 HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/platform-ember/platform-ember-c03d94c1dac100a7075e12bd26e8d5a3.css
Cookie: _splunk_rum_sid=%7B%22id%22%3A%2255a2b8bccf51ca39035c20367a532061%22%2C%22startTime%22%3A1713946896879%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: binary/octet-stream
content-length: 15552
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:24 GMT
etag: "285467176f7fe6bb6a9c6873b3dad2cc"
x-cache: Miss from cloudfront
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: 9C4VlK5wvR12-u0PWkrf2TwevqTHrKV0RzKdjStsulTLHlOWosx_UA==
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| global.localizecdn.com/api/lib/xG6eDWKawYmvs/tl.gif?l=en&c=5272319 | 104.18.5.175 | 200 OK | 43 B |
URL GET HTTP/2global.localizecdn.com/api/lib/xG6eDWKawYmvs/tl.gif?l=en&c=5272319 IP104.18.5.175:443
CertificateIssuerLet's Encrypt Subjectglobal.localizecdn.com Fingerprint0E:E8:07:11:41:11:37:A7:94:9C:B4:AF:9A:F4:50:87:FA:14:B8:CA ValidityFri, 15 Mar 2024 17:06:03 GMT - Thu, 13 Jun 2024 17:06:02 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /api/lib/xG6eDWKawYmvs/tl.gif?l=en&c=5272319 HTTP/1.1
Host: global.localizecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-length: 43
access-control-allow-origin: *
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qw4pLksIKg4_xFFXICK_mT7dajXWwwGBSaNYU_HbdhaJIvKiLzRS9g==
cf-cache-status: MISS
last-modified: Wed, 24 Apr 2024 08:21:37 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8794ae4bb8385699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/chunk.27.f1cdc18f35a98ccae1da.js | 52.200.137.52 | 200 OK | 140 kB |
URL GET HTTP/252.200.137.52/platform-ember/chunk.27.f1cdc18f35a98ccae1da.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1812) Size140 kB (139544 bytes) Hash3e0bb078974ff2016d4e1e411eb1820f 1c11de15223e67e0b9e72dfc66d0011edf4f6d19 dce48e3457bd2927ce86d68fbcafe07140fafdf7439fa5eacd6126d922537578
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/chunk.27.f1cdc18f35a98ccae1da.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/login
Cookie: _splunk_rum_sid=%7B%22id%22%3A%2255a2b8bccf51ca39035c20367a532061%22%2C%22startTime%22%3A1713946896879%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 139544
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: "3e0bb078974ff2016d4e1e411eb1820f"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: rZ2uGZRx4_2dc-0ergpZzMSp1duIResyETJNi30usamdguYicHSeOw==
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/chunk.609.69b90be41ea90e817d11.js | 52.200.137.52 | 200 OK | 207 B |
URL GET HTTP/252.200.137.52/platform-ember/chunk.609.69b90be41ea90e817d11.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text Hash90c47c5f79661024767097573e711978 0556ea425382d2ce29f1589c25ebb548a478ab4e 419313fdacb766de3f3ba3e4b0a6dcb6f30a4c4a094596bd2f955713b248a691
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/chunk.609.69b90be41ea90e817d11.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/login
Cookie: _splunk_rum_sid=%7B%22id%22%3A%2255a2b8bccf51ca39035c20367a532061%22%2C%22startTime%22%3A1713946896879%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 207
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: "90c47c5f79661024767097573e711978"
x-cache: Miss from cloudfront
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: uLVeOlXZDmFoRkGrHBiibBkN9uT5gXEC58GuqigDorECFPU2nrfShg==
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/chunk.447.eeb126037827db7a3c24.js | 52.200.137.52 | 200 OK | 4.9 MB |
URL GET HTTP/252.200.137.52/platform-ember/chunk.447.eeb126037827db7a3c24.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1592) Size4.9 MB (4850097 bytes) Hash92c45c946b03ddab01542d6d64f3ef02 4df54a9cb8b35d51957226386c2718eb5e8dc137 9113f318dc90be84e19649f8095041134023c3509b91d58d9ba245a097a8757a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/chunk.447.eeb126037827db7a3c24.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/login
Cookie: _splunk_rum_sid=%7B%22id%22%3A%2255a2b8bccf51ca39035c20367a532061%22%2C%22startTime%22%3A1713946896879%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 4850097
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: "92c45c946b03ddab01542d6d64f3ef02"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: IdByPSUdzuZ3ngQ9Mj-x9cfKwOZaBIsM9dzZWpSaQP22yNDxt8z7GA==
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| rum-ingest.us2.signalfx.com/v1/rum?auth=WNIydzf5FMPgsMK0kZosBA | 35.199.162.154 | 200 OK | 4 B |
URL POST HTTP/2rum-ingest.us2.signalfx.com/v1/rum?auth=WNIydzf5FMPgsMK0kZosBA IP35.199.162.154:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
CertificateIssuerDigiCert Inc Subject*.us2.signalfx.com FingerprintBE:E4:CD:91:2A:7E:8C:24:38:E8:76:E6:81:05:68:3F:ED:E3:32:D2 ValidityThu, 02 Nov 2023 00:00:00 GMT - Fri, 01 Nov 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash5b3abf9c1aa7556c3a36fea4e695c5d2 3fd967d09a748e1f2b26d6fe562e7155aa87e9de 98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3
POST /v1/rum?auth=WNIydzf5FMPgsMK0kZosBA HTTP/1.1
Host: rum-ingest.us2.signalfx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 29711
Origin: https://52.200.137.52
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:41 GMT
content-type: application/json; charset=UTF-8
content-length: 4
access-control-allow-origin: https://52.200.137.52
x-debug-id: 380643788872578884
x-id: gdi-rum-66596cf5c8-fz28h
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
|
|
| global.localizecdn.com/api/lib/xG6eDWKawYmvs/tu?v=474 | 104.18.5.175 | 200 OK | 496 B |
URL GET HTTP/2global.localizecdn.com/api/lib/xG6eDWKawYmvs/tu?v=474 IP104.18.5.175:443
CertificateIssuerLet's Encrypt Subjectglobal.localizecdn.com Fingerprint0E:E8:07:11:41:11:37:A7:94:9C:B4:AF:9A:F4:50:87:FA:14:B8:CA ValidityFri, 15 Mar 2024 17:06:03 GMT - Thu, 13 Jun 2024 17:06:02 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (592), with no line terminators Hash23346f5bfcff4abf573f4c5012493c16 c13d6b0e7ab86b77cd9ed42601f7efe7bed00887 606f49ccfc18760bfe694f346341fa841729213eaf139ddcc2afbea07a286601
GET /api/lib/xG6eDWKawYmvs/tu?v=474 HTTP/1.1
Host: global.localizecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://52.200.137.52
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
etag: W/"1f0-/RBahlNerxOCIZGLi2j01Tu/HNU"
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jepv3xLlm63PhljwvP3cLbGizAwIdd6DQ6goydr35AlWIP0ns9Dugw==
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8794ae4d18f41c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/vendor-a951d76bce4e0eb0f86ae64748ba6fda.css | 52.200.137.52 | 200 OK | 13 kB |
URL GET HTTP/252.200.137.52/platform-ember/vendor-a951d76bce4e0eb0f86ae64748ba6fda.css IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeASCII text, with very long lines (12877), with no line terminators Hasha951d76bce4e0eb0f86ae64748ba6fda 57991cba11163c6fade50148feabea124e53c848 e49335fca147011a9057787f00204ca092faeda280b09452350bf225eecd82da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/vendor-a951d76bce4e0eb0f86ae64748ba6fda.css HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:34 GMT
content-type: text/css
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: W/"a951d76bce4e0eb0f86ae64748ba6fda"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: 1lYkJS6SKdZ2yMs46T8iN-x2wmigQye4UVhk1fa0VC6vlRup8iAQAg==
age: 63644
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/wombat-style-guide/images/logo.png | 52.200.137.52 | 200 OK | 5.9 kB |
URL GET HTTP/252.200.137.52/wombat-style-guide/images/logo.png IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typePNG image data, 200 x 71, 8-bit/color RGBA, non-interlaced Hashf667124959df088360a541a25ae7dda8 b2ded73659f4cd8989780e17cadcf3e32ccde048 b5368a5a9aac3f3e04c47d93805d6a3962f38108fa26a391c9bb2bcbbec531a0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wombat-style-guide/images/logo.png HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/login
Cookie: _splunk_rum_sid=%7B%22id%22%3A%2255a2b8bccf51ca39035c20367a532061%22%2C%22startTime%22%3A1713946896879%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: image/png
content-length: 5850
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:24 GMT
etag: "f667124959df088360a541a25ae7dda8"
x-cache: Miss from cloudfront
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: Zg_wbjbkOhlRfuTQf6c-tFwo2kJ0UJITPMfw90HTmRNJTLMJD0c1Zw==
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/wombat-style-guide/fonts/wombaticons.woff2?62df1eb65eecf59a7a7f2ffcf8da10d4 | 52.200.137.52 | 200 OK | 9.9 kB |
URL GET HTTP/252.200.137.52/wombat-style-guide/fonts/wombaticons.woff2?62df1eb65eecf59a7a7f2ffcf8da10d4 IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 9860, version 1.0 Hashd71e7463a92c083d5f9c30d7e0ff6a6a 0d001fc1abc961ce990a662b39663e6d3bdf3826 de292d7205493275f5898a9535cf3995b790f5f1e1b5082395918c4b5d305046
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wombat-style-guide/fonts/wombaticons.woff2?62df1eb65eecf59a7a7f2ffcf8da10d4 HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/platform-ember/platform-ember-c03d94c1dac100a7075e12bd26e8d5a3.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:35 GMT
content-type: binary/octet-stream
content-length: 9860
server: nginx
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 17 Apr 2024 13:51:24 GMT
etag: "d71e7463a92c083d5f9c30d7e0ff6a6a"
x-cache: Hit from cloudfront
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: dFhd6bLSXS654SXf76q0nDAnjKoH9E2Ap9jS-TzpJwPm2OZyPP_6qg==
age: 63644
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| global.localizecdn.com/api/lib/xG6eDWKawYmvs/g?v=0&l=en | 104.18.5.175 | 200 OK | 92 kB |
URL GET HTTP/2global.localizecdn.com/api/lib/xG6eDWKawYmvs/g?v=0&l=en IP104.18.5.175:443
CertificateIssuerLet's Encrypt Subjectglobal.localizecdn.com Fingerprint0E:E8:07:11:41:11:37:A7:94:9C:B4:AF:9A:F4:50:87:FA:14:B8:CA ValidityFri, 15 Mar 2024 17:06:03 GMT - Thu, 13 Jun 2024 17:06:02 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/lib/xG6eDWKawYmvs/g?v=0&l=en HTTP/1.1
Host: global.localizecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://52.200.137.52
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: text/plain
access-control-allow-origin: *
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=259200
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: atNzoY9M_PH-b-RfJy23t9TQsqmojP6-Em8kPb0jTH390B7TfruP3g==
cf-cache-status: MISS
last-modified: Wed, 24 Apr 2024 08:21:37 GMT
expires: Sat, 27 Apr 2024 08:21:37 GMT
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8794ae4d18f51c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/platform-ember/platform-ember-c03d94c1dac100a7075e12bd26e8d5a3.css | 52.200.137.52 | 200 OK | 351 kB |
URL GET HTTP/252.200.137.52/platform-ember/platform-ember-c03d94c1dac100a7075e12bd26e8d5a3.css IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
Size351 kB (351259 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /platform-ember/platform-ember-c03d94c1dac100a7075e12bd26e8d5a3.css HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:34 GMT
content-type: text/css
server: nginx
last-modified: Wed, 17 Apr 2024 13:51:23 GMT
etag: W/"c03d94c1dac100a7075e12bd26e8d5a3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: b3JMlvp9qWgaq0cAFjXyiXYzLP_6WvcOOIfKhPvsepTOLZbBPhBEJw==
age: 63639
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/api/companymanagement/api/companyLoginProfile/52 | 52.200.137.52 | 404 Not Found | 78 B |
URL GET HTTP/252.200.137.52/api/companymanagement/api/companyLoginProfile/52 IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash947bffd15ffeb606dd88daaecc61bc8d d4d286b616b2900e58d94b7a1f1b2bb191dbdc7b f29aa947e24b252e149902d7bb3b9c86289da85a422c5263cbc63b9cca8f219c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /api/companymanagement/api/companyLoginProfile/52 HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/vnd.api+json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
traceparent: 00-0bec1962d44b4623e3e3ee0920a676a7-9d77ebcfeb3b6798-01
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Cookie: _splunk_rum_sid=%7B%22id%22%3A%2255a2b8bccf51ca39035c20367a532061%22%2C%22startTime%22%3A1713946896879%7D; platform-auth-session=%7B%22authenticated%22%3A%7B%7D%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Wed, 24 Apr 2024 08:21:37 GMT
content-type: application/vnd.api+json;charset=UTF-8
server: nginx
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
X-Firefox-Spdy: h2
|
|
| 52.200.137.52/localizejs/localize.js | 52.200.137.52 | 200 OK | 62 kB |
URL GET HTTP/252.200.137.52/localizejs/localize.js IP52.200.137.52:443
CertificateIssuerAmazon Subject*.securityeducation.com Fingerprint4D:CD:BC:66:94:ED:C9:CB:88:86:64:D8:F4:DE:3A:E6:8D:8E:A9:27 ValidityMon, 23 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (61641) Hashb334e888ce2e9c455ec9b381fa5d067d fe630f8042a90397af33747fac3d541a8de17079 ab70314b3a292be07387e0548d0925724b3638994cfc3e65c097998ca833f913
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /localizejs/localize.js HTTP/1.1
Host: 52.200.137.52
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://52.200.137.52/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 08:21:34 GMT
content-type: text/javascript
server: nginx
last-modified: Wed, 14 Jun 2023 16:12:51 GMT
etag: W/"b334e888ce2e9c455ec9b381fa5d067d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C1
x-amz-cf-id: xTDwP5AdBEEysCoV3yw4gGu4E3cGUVQGwPLupxypaea6lMYggtH2Tg==
age: 30081
content-security-policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report;
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|