Report - 54.191.211.96/

Report Overview

Submitted URL
54.191.211.96/
IP
54.191.211.96
ASN
#16509 AMAZON-02
Submitted
2024-04-25 21:24:35
Access
public
Website Title
54.191.211.96/app
Final URL
54.191.211.96/app
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
80

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
54.191.211.96	unknown	unknown	2016-10-08	2024-03-13	17 kB	4.7 MB	54.191.211.96

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed
2024-04-25	medium	54.191.211.96	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	54.191.211.96/app	0 B	2023-03-07	2024-05-05
Pretty URL 54.191.211.96/app IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 16:13:52 Times Seen37362667 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	54.191.211.96/scripts/ace/theme-xcode.js	1.9 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/ace/theme-xcode.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:42 Last Seen2024-04-25 23:24:44 Times Seen2 Hash d1d6f4a70d4aa65fb66dc386f3cecfbe 4a748327e752eb4487a430f119dccfbb6ac710aa 42fad8367aa0b54a5afbafe78b516a79d0cc00cbaa6f706302fb534002792c9a Loading...

	54.191.211.96/scripts/google-sparkline.js	690 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/google-sparkline.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:42 Last Seen2024-04-25 23:24:44 Times Seen2 Hash dc7cde52859bd41c8af482431dc38baa 792012d21c06893f78077280f4bf113e59f13753 c93a343cefafe4357cefb32da28117d1ecc42c735221ee837c97895943b95a30 Loading...

	54.191.211.96/scripts/dropzone.js	62 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/dropzone.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:42 Last Seen2024-04-25 23:24:42 Times Seen1 Hash c07914a1885a1c66a2f08fe636c64d3a 373470a9c1ab03a9f5cb3ec6c4faf4ce182b7896 7ae459dfb2993b043b9ade03f6f0267459f6a49e918b9cdcff885c65928eac79 Loading...

	54.191.211.96/scripts/wysihtml5x-toolbar.js	528 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/wysihtml5x-toolbar.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:42 Last Seen2024-04-25 23:24:44 Times Seen2 Hash 79321f6d123668d0740669debbac665f d9c8e19d2d37a762dde7e861682ac19a4106f9cf 7b1743c59ceb0c4a4a02d8f6aee9f840b3fbbbb19079585651745ce4cfe46830 Loading...

	54.191.211.96/scripts/highlight.pack.js	99 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/highlight.pack.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:43 Last Seen2024-04-25 23:24:43 Times Seen1 Hash 9b3344c8cca38b1c7bdb783055a99eec 19a2fbb0ca227cf81de4017b298fdec60e2d68e2 7839041a955059db8fc58ddb3ed0be9d348d04998b3acefd4cfe628bc7d53c9b Loading...

	54.191.211.96/scripts/quill/quill.js	437 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/quill/quill.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:43 Last Seen2024-04-25 23:24:43 Times Seen1 Hash 7f79c3541cd45f6538a56da4c544abe8 732fc1a2ef50a646c430aac1404d10433cc4f7ae e2c45b6dbc31956978e3faf48cf100e5f0ec182fe1de1ff20af497515ed87e9e Loading...

	54.191.211.96/scripts/out-release/prisma_app_release.js?v=8.0.1796&_=1711665296	1.0 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/out-release/prisma_app_release.js?v=8.0.1796&_=1711665296 IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:43 Last Seen2024-04-25 23:24:43 Times Seen1 Hash 44775caf26b685537c088535c5e9edd3 9005b223fcdcd43743492d480cc28af42b078ab1 770639c5c9a003a67b6ca7a66c3cef2cf305a247fe01f4e2ebdd92bf552bf1b1 Loading...

	54.191.211.96/scripts/ace/mode-javascript.js	18 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/ace/mode-javascript.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:43 Last Seen2024-04-25 23:24:44 Times Seen2 Hash 55d2107e6ba46404b8609c07649d2d1f 072c6451073a75298aba6dd9d5f89649cd798b33 2c7a4f389f924a7351e81c83c71cdc56719cfb2cc5053ccfab4a6574c6faae6d Loading...

	54.191.211.96/scripts/ace/mode-clojure.js	8.0 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/ace/mode-clojure.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:43 Last Seen2024-04-25 23:24:44 Times Seen2 Hash ba0f920042bb14b9235a3e1090b71dd5 adc116114a5eead60657218c372ccd41984e599b c5a2e1135b80d1346af7aaaf8a84424fa4e7249b9049f382747029c4fa1e8f8a Loading...

	54.191.211.96/scripts/ace/mode-html.js	58 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/ace/mode-html.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:43 Last Seen2024-04-25 23:24:44 Times Seen2 Hash fd17f5410ec10af0af020c1101a9b567 7a83de92975680fddd574245d75c5415e9262529 36a1adaa6004c304351e9b6590290be487240f118eece5daac610e2cecf1fdc4 Loading...

	54.191.211.96/scripts/advanced_and_extended.js	18 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/advanced_and_extended.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:43 Last Seen2024-04-25 23:24:44 Times Seen2 Hash 96113cb78ca4d231a4f9827a37bcb5b4 f555c3d627d7fe6aa6d1a697ffcf37db74c29856 70c5e586f72b8ee42476542cccbb12635c608a61f4dc3b67a7932bcc258fee3b Loading...

	54.191.211.96/scripts/ace/ace.js	354 kB	2023-03-14	2024-04-25
Pretty URL 54.191.211.96/scripts/ace/ace.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 09:11:42 Last Seen2024-04-25 23:24:44 Times Seen3 Hash 1c55dc4cb93b58bdad7977345404489c e8f612d5ca868125ea17856134f51c29838001cc c6baf81c7e5e498f9c173e121fb8dafcb6808bda9c11d8cca5e30fe3dfe238bb Loading...

	54.191.211.96/scripts/ace/theme-monokai.js	2.7 kB	2023-03-29	2024-04-25
Pretty URL 54.191.211.96/scripts/ace/theme-monokai.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 22:57:38 Last Seen2024-04-25 23:24:44 Times Seen4 Hash 4d8e43eb52771a43e5c105f8328dc783 8dd4794b5b2b142f34d5c7a73b0f0c40209254ad 15ce1e24e7bc2ad17c9032ea491f78bd4889d6886f283c739d233123745abcec Loading...

	54.191.211.96/scripts/ace/mode-clss.js	17 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/ace/mode-clss.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:43 Last Seen2024-04-25 23:24:44 Times Seen2 Hash b7f70ff05c5f38261d348979e7aa4ec2 6933956683ff43bb7189f50ef10b51f020352b5d dae03e759d189ff7cd86c642d112233bc5e1aaa3aacaef16a58a225cc82a32b4 Loading...

	54.191.211.96/scripts/pdf.min.js	321 kB	2024-04-25	2024-04-25
Pretty URL 54.191.211.96/scripts/pdf.min.js IP 54.191.211.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 23:24:43 Last Seen2024-04-25 23:24:43 Times Seen1 Hash 17485a41599f0fc8bf13234e5672d94e 03e33c919bed136020fbe92d0328102847e5f8e6 4e5c6ad28984ca2dbaffb036435f1499a191d0c1bc0e7b06bba9bfb8bf91e011 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 19720c164d56f7e7dfe6748e376f868e	19 B	2023-03-07	2024-05-04
Pretty Observations First Seen2023-03-07 01:18:54 Last Seen2024-05-04 09:37:33 Times Seen626 Hash 19720c164d56f7e7dfe6748e376f868e 0387db7b6a453b71114985d199838b7a3928c76b 56e50d855741d508ab6465d3860ef0ad117ab967993b9111caeaec90f64e912b Loading...

HTTP Transactions (40)

URL IP Response Size

54.191.211.96/

54.191.211.96

302 Found

0 B

URL User Request GET HTTP/1.1
54.191.211.96/
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:09 GMT
Content-Length: 0
Connection: keep-alive
Location: /app

54.191.211.96/app

54.191.211.96

401 Unauthorized

6.6 kB

URL User Request GET HTTP/1.1
54.191.211.96/app
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
HTML document, ASCII text, with very long lines (460)
Size
6.6 kB (6561 bytes)
Hash
c45e002c464c9532c5a2b5174128c9bc
045542a573e2d94410187fa8d778ec72979dd607
86da85d0e2109d0d972e1102c84423a61aa9677a7a060ca9fa5164e8f2275ab1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /app HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 401 Unauthorized
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:09 GMT
Content-Length: 6561
Connection: keep-alive

54.191.211.96/scripts/quill/quill.core.css

54.191.211.96

200 OK

1.6 kB

URL GET HTTP/1.1
54.191.211.96/scripts/quill/quill.core.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
1.6 kB (1566 bytes)
Hash
e90c0cf8248dbfeb25b032d865b7ef88
eaf922839c69afd6a27b0bb2780f6da3068f59d9
b6235e6b05b8c5d649479fe9f6113622410930ced252e5fceeea53caa3eab7d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/quill/quill.core.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/css/datepicker.css

54.191.211.96

200 OK

955 B

URL GET HTTP/1.1
54.191.211.96/css/datepicker.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
955 B (955 bytes)
Hash
ad4f2dc3aba47727b4a94354b5db7852
58949ebf77f5631d7e0bd7c5ec525d73f79e6929
a7ab491f74cadf3f2850126aada3b575ba10b69b1883ecaf8404c9b42288f2da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/datepicker.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/css/wysihtml5x.css

54.191.211.96

200 OK

8.2 kB

URL GET HTTP/1.1
54.191.211.96/css/wysihtml5x.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
Unicode text, UTF-8 text
Size
8.2 kB (8186 bytes)
Hash
bba10e67334710b0d14e7d0fb23f7d5a
741cbe3d5c67e01062c57bd166828bc77d4b1234
f3c1c6079ed04fa9e4ed02e10993a85b51f1479cc35479bd9e5d8e8b3f09a10a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/wysihtml5x.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/css/github.css

54.191.211.96

200 OK

599 B

URL GET HTTP/1.1
54.191.211.96/css/github.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
599 B (599 bytes)
Hash
ca6ea80f87a205fdf919439bad4c27db
0869898dc6bb5631c5e211ce7ca7abed623547ac
e5248f252e3d75ea7f801728413fc8f01bb8830226b8f912cf89cb5df6423fc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/github.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/scripts/quill/quill.snow.css

54.191.211.96

200 OK

3.7 kB

URL GET HTTP/1.1
54.191.211.96/scripts/quill/quill.snow.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
3.7 kB (3734 bytes)
Hash
adf75e7504e6f1ecbd4f13708b83d7c0
6529d62d7546131744b9a08cd9db287b3c89a6a0
28719fe50c9176b70e2de78a4ff7c092029610104fe6a007d3dea4ece834dd71

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/quill/quill.snow.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/css/om-widgets-base.css

54.191.211.96

200 OK

2.7 kB

URL GET HTTP/1.1
54.191.211.96/css/om-widgets-base.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text, with very long lines (321)
Size
2.7 kB (2690 bytes)
Hash
fe590df4c791740d8c5135f30fed728c
0c0a8afa44b3a834af8493947c5995aae5810e57
2ab67107caf184d54bd5bc10059306a7512a9c274000568b92d2df97622a22d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/om-widgets-base.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/css/app.css

54.191.211.96

200 OK

759 B

URL GET HTTP/1.1
54.191.211.96/css/app.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
759 B (759 bytes)
Hash
1fdfe1c48c1983bcf9c5e44b9467270c
19df08d1bc0299c855d044eb4840c6ae9f837d03
8a3570edde5f57b8b03c53874fd80faceb4f2efae139f884dce86c859fc84834

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/css/dropzone.css

54.191.211.96

200 OK

1.7 kB

URL GET HTTP/1.1
54.191.211.96/css/dropzone.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
1.7 kB (1724 bytes)
Hash
eed7e32c30f8c99c993456600e2133f8
da8e8f1586db010b69530f1d91b52ae3b1950e08
86e232704508688e5d70d7d66c07b3422add9197ea2ebff9ee7dd1bab07abb95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/dropzone.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/prisma_fonts.css

54.191.211.96

200 OK

2.1 kB

URL GET HTTP/1.1
54.191.211.96/prisma_fonts.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
2.1 kB (2128 bytes)
Hash
66224231b522f878406cfe7c3292f2ca
0a4dbb22166c9857118472a75ea2663abc9bdf08
64beb2872d100c7a850cbe48ca7878fbe058abd842b571165256a9c69a1994ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /prisma_fonts.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

54.191.211.96/scripts/advanced_and_extended.js

54.191.211.96

200 OK

3.4 kB

URL GET HTTP/1.1
54.191.211.96/scripts/advanced_and_extended.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
3.4 kB (3445 bytes)
Hash
96113cb78ca4d231a4f9827a37bcb5b4
f555c3d627d7fe6aa6d1a697ffcf37db74c29856
70c5e586f72b8ee42476542cccbb12635c608a61f4dc3b67a7932bcc258fee3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/advanced_and_extended.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/scripts/ace/theme-xcode.js

54.191.211.96

200 OK

746 B

URL GET HTTP/1.1
54.191.211.96/scripts/ace/theme-xcode.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text, with very long lines (1914), with no line terminators
Size
746 B (746 bytes)
Hash
d1d6f4a70d4aa65fb66dc386f3cecfbe
4a748327e752eb4487a430f119dccfbb6ac710aa
42fad8367aa0b54a5afbafe78b516a79d0cc00cbaa6f706302fb534002792c9a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/ace/theme-xcode.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/scripts/ace/theme-monokai.js

54.191.211.96

200 OK

938 B

URL GET HTTP/1.1
54.191.211.96/scripts/ace/theme-monokai.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, ASCII text, with very long lines (2401)
Size
938 B (938 bytes)
Hash
4d8e43eb52771a43e5c105f8328dc783
8dd4794b5b2b142f34d5c7a73b0f0c40209254ad
15ce1e24e7bc2ad17c9032ea491f78bd4889d6886f283c739d233123745abcec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/ace/theme-monokai.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/scripts/highlight.pack.js

54.191.211.96

200 OK

35 kB

URL GET HTTP/1.1
54.191.211.96/scripts/highlight.pack.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63462), with no line terminators
Size
35 kB (35099 bytes)
Hash
4c78bb6a077cda7ff3b54323ea4bac1b
619f7caa1548892772cfd42386b8cd954d90115a
c0d4d1bcdd0a0bae3fe6afd2d1dc3205a7567f6810e38f572d405ef27e58d2cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/highlight.pack.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/css/styles.css?v=8.0.1796&_=1711665296

54.191.211.96

200 OK

91 kB

URL GET HTTP/1.1
54.191.211.96/css/styles.css?v=8.0.1796&_=1711665296
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65527), with no line terminators
Size
91 kB (90993 bytes)
Hash
acc701d65e3b07f45a7d34377aee7649
57c63172d693ac51e964e5f1336232658436335a
c3a9a266b20a6c89a6e38f958a03f253244bd16f2cfd9fa0af855a808dcdeab3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/styles.css?v=8.0.1796&_=1711665296 HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/scripts/ace/mode-javascript.js

54.191.211.96

200 OK

6.3 kB

URL GET HTTP/1.1
54.191.211.96/scripts/ace/mode-javascript.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, ASCII text, with very long lines (18040), with no line terminators
Size
6.3 kB (6272 bytes)
Hash
55d2107e6ba46404b8609c07649d2d1f
072c6451073a75298aba6dd9d5f89649cd798b33
2c7a4f389f924a7351e81c83c71cdc56719cfb2cc5053ccfab4a6574c6faae6d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/ace/mode-javascript.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/scripts/ace/mode-clojure.js

54.191.211.96

200 OK

3.3 kB

URL GET HTTP/1.1
54.191.211.96/scripts/ace/mode-clojure.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, ASCII text, with very long lines (8016), with no line terminators
Size
3.3 kB (3316 bytes)
Hash
ba0f920042bb14b9235a3e1090b71dd5
adc116114a5eead60657218c372ccd41984e599b
c5a2e1135b80d1346af7aaaf8a84424fa4e7249b9049f382747029c4fa1e8f8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/ace/mode-clojure.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/scripts/ace/mode-html.js

54.191.211.96

200 OK

17 kB

URL GET HTTP/1.1
54.191.211.96/scripts/ace/mode-html.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, ASCII text, with very long lines (57822), with no line terminators
Size
17 kB (17082 bytes)
Hash
fd17f5410ec10af0af020c1101a9b567
7a83de92975680fddd574245d75c5415e9262529
36a1adaa6004c304351e9b6590290be487240f118eece5daac610e2cecf1fdc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/ace/mode-html.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/scripts/ace/mode-clss.js

54.191.211.96

200 OK

5.2 kB

URL GET HTTP/1.1
54.191.211.96/scripts/ace/mode-clss.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, ASCII text, with very long lines (1907)
Size
5.2 kB (5219 bytes)
Hash
b7f70ff05c5f38261d348979e7aa4ec2
6933956683ff43bb7189f50ef10b51f020352b5d
dae03e759d189ff7cd86c642d112233bc5e1aaa3aacaef16a58a225cc82a32b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/ace/mode-clss.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/scripts/wysihtml5x-toolbar.js

54.191.211.96

200 OK

115 kB

URL GET HTTP/1.1
54.191.211.96/scripts/wysihtml5x-toolbar.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, ASCII text, with CRLF, LF line terminators
Size
115 kB (114979 bytes)
Hash
79321f6d123668d0740669debbac665f
d9c8e19d2d37a762dde7e861682ac19a4106f9cf
7b1743c59ceb0c4a4a02d8f6aee9f840b3fbbbb19079585651745ce4cfe46830

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/wysihtml5x-toolbar.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/scripts/ace/ace.js

54.191.211.96

200 OK

99 kB

URL GET HTTP/1.1
54.191.211.96/scripts/ace/ace.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
data
Size
99 kB (98553 bytes)
Hash
1c55dc4cb93b58bdad7977345404489c
e8f612d5ca868125ea17856134f51c29838001cc
c6baf81c7e5e498f9c173e121fb8dafcb6808bda9c11d8cca5e30fe3dfe238bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/ace/ace.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/scripts/dropzone.js

54.191.211.96

200 OK

14 kB

URL GET HTTP/1.1
54.191.211.96/scripts/dropzone.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (536)
Size
14 kB (13655 bytes)
Hash
85b8f43ab242e0eee28cce7c0252d0cc
8b280f5c3b3052d3921a6ff6871fca244fc73ad5
3814a4bc770b05064b560109200f3619f06fdfd08ece86fd44c09763da321548

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/dropzone.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/scripts/quill/quill.core.css

54.191.211.96

200 OK

1.6 kB

URL GET HTTP/1.1
54.191.211.96/scripts/quill/quill.core.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
1.6 kB (1566 bytes)
Hash
e90c0cf8248dbfeb25b032d865b7ef88
eaf922839c69afd6a27b0bb2780f6da3068f59d9
b6235e6b05b8c5d649479fe9f6113622410930ced252e5fceeea53caa3eab7d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/quill/quill.core.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/scripts/quill/quill.snow.css

54.191.211.96

200 OK

3.7 kB

URL GET HTTP/1.1
54.191.211.96/scripts/quill/quill.snow.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
3.7 kB (3734 bytes)
Hash
adf75e7504e6f1ecbd4f13708b83d7c0
6529d62d7546131744b9a08cd9db287b3c89a6a0
28719fe50c9176b70e2de78a4ff7c092029610104fe6a007d3dea4ece834dd71

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/quill/quill.snow.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/scripts/quill/quill.js

54.191.211.96

200 OK

79 kB

URL GET HTTP/1.1
54.191.211.96/scripts/quill/quill.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, ASCII text, with very long lines (664)
Size
79 kB (79224 bytes)
Hash
6cb4a5d85142d86a7b91a43b6d246f93
c73feaa676b1024a2dd61ddc26e3f0228e278b64
f65df491a5b3551f8c5bd235ae21690e53751174b6d481ab01085b92d7e2f90d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/quill/quill.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/css/om-widgets-base.css

54.191.211.96

200 OK

2.7 kB

URL GET HTTP/1.1
54.191.211.96/css/om-widgets-base.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text, with very long lines (321)
Size
2.7 kB (2690 bytes)
Hash
fe590df4c791740d8c5135f30fed728c
0c0a8afa44b3a834af8493947c5995aae5810e57
2ab67107caf184d54bd5bc10059306a7512a9c274000568b92d2df97622a22d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/om-widgets-base.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/scripts/pdf.min.js

54.191.211.96

200 OK

85 kB

URL GET HTTP/1.1
54.191.211.96/scripts/pdf.min.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
85 kB (85387 bytes)
Hash
a22c081f5a2f77c67b12fe0bc781ea39
fad6e673a85c34ff2dc50a5f24d4bcc5a2a8456a
29a67b22d02dd32109b8c6225023acf2f4010cf8eb66ef751087e004c4c4cca0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/pdf.min.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/css/app.css

54.191.211.96

200 OK

759 B

URL GET HTTP/1.1
54.191.211.96/css/app.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
759 B (759 bytes)
Hash
1fdfe1c48c1983bcf9c5e44b9467270c
19df08d1bc0299c855d044eb4840c6ae9f837d03
8a3570edde5f57b8b03c53874fd80faceb4f2efae139f884dce86c859fc84834

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/css/dropzone.css

54.191.211.96

200 OK

1.7 kB

URL GET HTTP/1.1
54.191.211.96/css/dropzone.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
1.7 kB (1724 bytes)
Hash
eed7e32c30f8c99c993456600e2133f8
da8e8f1586db010b69530f1d91b52ae3b1950e08
86e232704508688e5d70d7d66c07b3422add9197ea2ebff9ee7dd1bab07abb95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/dropzone.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/css/datepicker.css

54.191.211.96

200 OK

955 B

URL GET HTTP/1.1
54.191.211.96/css/datepicker.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
955 B (955 bytes)
Hash
ad4f2dc3aba47727b4a94354b5db7852
58949ebf77f5631d7e0bd7c5ec525d73f79e6929
a7ab491f74cadf3f2850126aada3b575ba10b69b1883ecaf8404c9b42288f2da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/datepicker.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/css/wysihtml5x.css

54.191.211.96

200 OK

8.2 kB

URL GET HTTP/1.1
54.191.211.96/css/wysihtml5x.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
Unicode text, UTF-8 text
Size
8.2 kB (8186 bytes)
Hash
bba10e67334710b0d14e7d0fb23f7d5a
741cbe3d5c67e01062c57bd166828bc77d4b1234
f3c1c6079ed04fa9e4ed02e10993a85b51f1479cc35479bd9e5d8e8b3f09a10a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/wysihtml5x.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/scripts/google-sparkline.js

54.191.211.96

200 OK

260 kB

URL GET HTTP/1.1
54.191.211.96/scripts/google-sparkline.js
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, ASCII text, with very long lines (1362)
Size
260 kB (259496 bytes)
Hash
dc7cde52859bd41c8af482431dc38baa
792012d21c06893f78077280f4bf113e59f13753
c93a343cefafe4357cefb32da28117d1ecc42c735221ee837c97895943b95a30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/google-sparkline.js HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/css/github.css

54.191.211.96

200 OK

599 B

URL GET HTTP/1.1
54.191.211.96/css/github.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
599 B (599 bytes)
Hash
ca6ea80f87a205fdf919439bad4c27db
0869898dc6bb5631c5e211ce7ca7abed623547ac
e5248f252e3d75ea7f801728413fc8f01bb8830226b8f912cf89cb5df6423fc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/github.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/prisma_fonts.css

54.191.211.96

200 OK

2.1 kB

URL GET HTTP/1.1
54.191.211.96/prisma_fonts.css
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
ASCII text
Size
2.1 kB (2128 bytes)
Hash
66224231b522f878406cfe7c3292f2ca
0a4dbb22166c9857118472a75ea2663abc9bdf08
64beb2872d100c7a850cbe48ca7878fbe058abd842b571165256a9c69a1994ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /prisma_fonts.css HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:12 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

54.191.211.96/css/styles.css?v=8.0.1796&_=1711665296

54.191.211.96

200 OK

91 kB

URL GET HTTP/1.1
54.191.211.96/css/styles.css?v=8.0.1796&_=1711665296
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65527), with no line terminators
Size
91 kB (90993 bytes)
Hash
acc701d65e3b07f45a7d34377aee7649
57c63172d693ac51e964e5f1336232658436335a
c3a9a266b20a6c89a6e38f958a03f253244bd16f2cfd9fa0af855a808dcdeab3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/styles.css?v=8.0.1796&_=1711665296 HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/scripts/out-release/prisma_app_release.js?v=8.0.1796&_=1711665296

54.191.211.96

200 OK

3.7 MB

URL GET HTTP/1.1
54.191.211.96/scripts/out-release/prisma_app_release.js?v=8.0.1796&_=1711665296
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
JavaScript source, ASCII text, with very long lines (845)
Size
3.7 MB (3693761 bytes)
Hash
52eb1cc14fb590d089548ea3da0dc2d0
7019b542eba3096193eec5a2bab65813af9cf32d
2ca088c004cc311ca09c4f22d7e783598f1668a75a34040fe2cc564114d9ae59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/out-release/prisma_app_release.js?v=8.0.1796&_=1711665296 HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:11 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/favicon-16x16.png

54.191.211.96

200 OK

642 B

URL GET HTTP/1.1
54.191.211.96/favicon-16x16.png
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
642 B (642 bytes)
Hash
0e9b238f5ecc781cba2b709f03a17299
09e2fc320918ccff117e9d1ae81e1b7fced78e1e
f77b4a0668089fff9a064bd96f741269802e65dd1fcbe0586b637c4da1f37abd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:51:39 GMT
Content-Encoding: gzip

54.191.211.96/android-icon-192x192.png

54.191.211.96

200 OK

14 kB

URL GET HTTP/1.1
54.191.211.96/android-icon-192x192.png
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
14 kB (14098 bytes)
Hash
e3ca5fcd2836bbd442f27e4faf584652
d4861b4d34fc858d9c364f22bb539b3588b70ce8
0f0975ff8f42c3a817bc8acf355db1000b3e15a56ffc59820678c67f270341b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /android-icon-192x192.png HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/app
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

54.191.211.96/images/logotype-white-vertical.png?v=642

54.191.211.96

200 OK

5.7 kB

URL GET HTTP/1.1
54.191.211.96/images/logotype-white-vertical.png?v=642
IP
54.191.211.96:443
ASN
#16509 AMAZON-02

Requested by
https://54.191.211.96/app
Certificate
IssuerGoDaddy.com, Inc.
Subject*.prismacampaigns.com
FingerprintA2:86:2B:F6:2D:3A:3B:1B:38:7B:D8:E8:9E:D0:33:D0:6C:86:7E:0B
ValidityFri, 22 Dec 2023 16:23:46 GMT - Wed, 22 Jan 2025 16:23:46 GMT

File type
PNG image data, 80 x 94, 8-bit/color RGBA, non-interlaced
Size
5.7 kB (5726 bytes)
Hash
98a55c09f1d998c1bc6b4b84eae00810
36e6863ee8dca497b8afa286da2dfb20b7aac8a5
ed52efb399fe33332441db3732094637410c41fe8b84882237d2101b571e80f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/logotype-white-vertical.png?v=642 HTTP/1.1
Host: 54.191.211.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://54.191.211.96/css/styles.css?v=8.0.1796&_=1711665296
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 25 Apr 2024 21:24:21 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Mar 2024 22:48:31 GMT
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML