Report - app.new-navan.com

Report Overview

Visited public
2025-03-17 13:23:31
Tags
URL
app.new-navan.com
Finishing URL
app.new-navan.com/404
IP / ASN
194.26.192.35
#210558 1337 Services GmbH
Title
Navan

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
app.new-navan.com	unknown	2024-12-19	2025-03-17	2025-03-17	3.1 kB	720 kB	194.26.192.35
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-12	1.6 kB	121 kB	142.250.178.35
api.ipify.org	3267	2014-01-05	2014-10-06	2025-03-12	924 B	965 B	104.26.12.205
wss	unknown	unknown	2025-03-02	2025-03-16	1.1 kB	1.6 kB	172.67.166.192
ipapi.co	195030	2016-04-19	2017-01-31	2025-03-16	463 B	1.7 kB	172.67.69.226
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-03-12	450 B	4.1 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-17 13:23:10	low	Client IP	104.26.12.205	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
2025-03-17 13:23:10	low	Client IP	104.26.12.205	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-17	medium	wss	Sinkholed
2025-03-17	medium	wss	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	app.new-navan.com/	EventHandler	16 B	2023-04-10	2025-05-11
Pretty URL app.new-navan.com/ IP 194.26.192.35 ASN #210558 1337 Services GmbH Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57 Last Seen2025-05-11 02:05 Times Seen56687 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	app.new-navan.com/polyfills-FFHMD2TL.js	ScriptElement	34 kB	2024-10-04	2025-05-10
Pretty URL app.new-navan.com/polyfills-FFHMD2TL.js IP 194.26.192.35 ASN #210558 1337 Services GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-04 10:39 Last Seen2025-05-10 21:30 Times Seen99 Hash feb8fabaa54a01a42a5d3785369cea71 f49b49a155bc7d192db62a4c15d0a612b460a667 69dcea045643dd0de998a3cd0ccbbb46b46bff2651a87a56c73c28eb208e8f98 Loading...

	app.new-navan.com/main-RPULKKVB.js	ScriptElement	449 kB	2025-03-17	2025-03-17
Pretty URL app.new-navan.com/main-RPULKKVB.js IP 194.26.192.35 ASN #210558 1337 Services GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-17 13:23 Last Seen2025-03-17 13:23 Times Seen1 Hash 7ca03b81b7fd966911354c540729fd65 e8ebc8ea9b28add31547c0b0b06f0c4c00edc6fd b01fb950d8bad1f83c69daf474721834916800aac80bcd9ab94814e8c46e9787 Loading...

	app.new-navan.com/chunk-PO72ILZJ.js	ImportedModule	158 kB	2025-03-17	2025-03-17
Pretty URL app.new-navan.com/chunk-PO72ILZJ.js IP 194.26.192.35 ASN #210558 1337 Services GmbH Introduced by importedModule Embedded in HTML false Observations First Seen2025-03-17 13:23 Last Seen2025-03-17 13:23 Times Seen1 Hash ced4d8259193bcf7701596f87e13238b 22b880e9dab5ee32d53a1717ef4f3ffe3f358c31 49c396994cda17635aa19a83413c3cf691845548c0f0cf70cc26370db94f68fd Loading...

HTTP Transactions (16)

URL IP Response Size

app.new-navan.com/

194.26.192.35

200 OK

26 kB

URL User Request GET
app.new-navan.com/
IP
194.26.192.35:443
ASN
#210558 1337 Services GmbH

Certificate
IssuerLet's Encrypt
Subjectapp.new-navan.com
FingerprintFC:03:7D:42:35:0F:43:40:4A:E2:50:1D:09:4E:37:51:97:7C:A4:25
ValidityTue, 28 Jan 2025 15:42:19 GMT - Mon, 28 Apr 2025 15:42:18 GMT

File type
HTML document, ASCII text, with very long lines (15539), with CRLF, LF line terminators
Size
26 kB (26353 bytes)
Hash
665b1bc7fbd02ca1b09ef9657b8c4510
482e8e979e6d08f946782e01802b05db07e43257
077f27e3081ed4f02cc4129eeddf3d1eb28663229490949357f582e858ccc332

HTTP Headers

GET / HTTP/1.1
Host: app.new-navan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Mon, 24 Feb 2025 02:38:03 GMT
etag: "66f1-62eda3abde8d6-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4525
content-type: text/html
date: Mon, 17 Mar 2025 13:23:09 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.178.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.178.35:443
ASN
#15169 GOOGLE

Requested by
https://app.new-navan.com/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.new-navan.com
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 18:15:43 GMT
expires: Fri, 13 Mar 2026 18:15:43 GMT
cache-control: public, max-age=31536000
age: 328047
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

app.new-navan.com/styles-YQW72I5E.css

194.26.192.35

200 OK

27 kB

URL GET
app.new-navan.com/styles-YQW72I5E.css
IP
194.26.192.35:443
ASN
#210558 1337 Services GmbH

Requested by
https://app.new-navan.com/
Certificate
IssuerLet's Encrypt
Subjectapp.new-navan.com
FingerprintFC:03:7D:42:35:0F:43:40:4A:E2:50:1D:09:4E:37:51:97:7C:A4:25
ValidityTue, 28 Jan 2025 15:42:19 GMT - Mon, 28 Apr 2025 15:42:18 GMT

File type
ASCII text, with very long lines (27036)
Size
27 kB (27037 bytes)
Hash
c457cf6475a1b163d81bf05c5fdfcc08
b53906318b9f8eaef1346ecee3492031b3007e34
9b6d17011f5625b2116060b7f08ff69451e4f691c51e7f834f2c82c57f7c3738

HTTP Headers

GET /styles-YQW72I5E.css HTTP/1.1
Host: app.new-navan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Mon, 24 Feb 2025 02:38:03 GMT
etag: "699d-62eda3abde4ea-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6419
content-type: text/css
date: Mon, 17 Mar 2025 13:23:09 GMT
server: Apache
X-Firefox-Spdy: h2

app.new-navan.com/chunk-PO72ILZJ.js

194.26.192.35

200 OK

158 kB

URL GET
app.new-navan.com/chunk-PO72ILZJ.js
IP
194.26.192.35:443
ASN
#210558 1337 Services GmbH

Requested by
https://app.new-navan.com/
Certificate
IssuerLet's Encrypt
Subjectapp.new-navan.com
FingerprintFC:03:7D:42:35:0F:43:40:4A:E2:50:1D:09:4E:37:51:97:7C:A4:25
ValidityTue, 28 Jan 2025 15:42:19 GMT - Mon, 28 Apr 2025 15:42:18 GMT

File type
JavaScript source, ASCII text, with very long lines (31457)
Size
158 kB (158047 bytes)
Hash
ced4d8259193bcf7701596f87e13238b
22b880e9dab5ee32d53a1717ef4f3ffe3f358c31
49c396994cda17635aa19a83413c3cf691845548c0f0cf70cc26370db94f68fd

HTTP Headers

GET /chunk-PO72ILZJ.js HTTP/1.1
Host: app.new-navan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/main-RPULKKVB.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Mon, 24 Feb 2025 02:38:03 GMT
etag: "2695f-62eda3abde4ea-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 52386
content-type: text/javascript
date: Mon, 17 Mar 2025 13:23:10 GMT
server: Apache
X-Firefox-Spdy: h2

api.ipify.org/?format=json

104.26.12.205

200 OK

21 B

URL GET
api.ipify.org/?format=json
IP
104.26.12.205:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.new-navan.com/
Certificate
IssuerGoogle Trust Services
Subjectipify.org
FingerprintBD:FD:0E:47:C4:8E:87:56:19:5E:86:99:5B:45:32:C3:13:AA:AA:F3
ValidityTue, 11 Mar 2025 14:08:25 GMT - Mon, 09 Jun 2025 15:08:19 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
39cb62bb7010a4cdcb91d6b5f120f3c1
bee1118124f11f06f3c181611630697323ea23ff
05a7a2bbe813eab2a3d85823a552f1008dce66fe98abef73ddfd1d8056d298f4

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.new-navan.com
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 13:23:10 GMT
content-type: application/json
content-length: 21
access-control-allow-origin: *
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 921ccda60f8856b9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=703&min_rtt=475&rtt_var=466&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3265&recv_bytes=1322&delivery_rate=7029126&cwnd=254&unsent_bytes=0&cid=ecc48bd0c7a91f63&ts=149&x=0"
X-Firefox-Spdy: h2

wss://wspbot.su/logs

172.67.166.192

101 Switching Protocols

0 B

URL GET
wss://wspbot.su/logs
IP
172.67.166.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.new-navan.com/
Certificate
IssuerGoogle Trust Services
Subjectwspbot.su
Fingerprint02:6D:D2:CB:E9:6A:64:82:E7:A1:05:E6:37:84:F7:19:89:29:67:EF
ValidityWed, 26 Feb 2025 07:35:17 GMT - Tue, 27 May 2025 08:32:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logs HTTP/1.1
Host: wspbot.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://app.new-navan.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sdA/Jk2coMUSzHnQCDRC4w==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 17 Mar 2025 13:23:11 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +uAlcmZ7hbEtiR+TPCj/z/4JQGc=
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mlk%2Bu6Y6DA7CXRY6NKSvkn%2BjlfMQZfs4O3pjK435Xcvaf9xXZjhZcYXPCjt9YiFKEXFx5D%2FlHXY0dbumlAlAxMgZTu3Kh0uqE01%2BSu4n2hSs%2B%2FTsLnADFn%2BZPzU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 921ccdac1d0b415d-HAM
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15282&min_rtt=14747&rtt_var=3535&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3180&recv_bytes=1276&delivery_rate=290296&cwnd=251&unsent_bytes=0&cid=5125b90cd40b85ac&ts=509&x=0"

api.ipify.org/?format=json

104.26.12.205

200 OK

21 B

URL GET
api.ipify.org/?format=json
IP
104.26.12.205:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.new-navan.com/
Certificate
IssuerGoogle Trust Services
Subjectipify.org
FingerprintBD:FD:0E:47:C4:8E:87:56:19:5E:86:99:5B:45:32:C3:13:AA:AA:F3
ValidityTue, 11 Mar 2025 14:08:25 GMT - Mon, 09 Jun 2025 15:08:19 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
39cb62bb7010a4cdcb91d6b5f120f3c1
bee1118124f11f06f3c181611630697323ea23ff
05a7a2bbe813eab2a3d85823a552f1008dce66fe98abef73ddfd1d8056d298f4

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app.new-navan.com/
Origin: https://app.new-navan.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 13:23:10 GMT
content-type: application/json
content-length: 21
access-control-allow-origin: *
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 921ccda61f9c56b9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=703&min_rtt=475&rtt_var=466&sent=10&recv=11&lost=0&retrans=0&sent_bytes=3644&recv_bytes=1322&delivery_rate=7029126&cwnd=254&unsent_bytes=0&cid=ecc48bd0c7a91f63&ts=150&x=0"
X-Firefox-Spdy: h2

ipapi.co/json/

172.67.69.226

200 OK

744 B

URL GET
ipapi.co/json/
IP
172.67.69.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.new-navan.com/
Certificate
IssuerGoogle Trust Services
Subjectipapi.co
Fingerprint27:C1:2D:D2:FC:B8:A7:FB:9F:AC:C0:25:D9:81:BF:1B:2B:E3:53:3C
ValidityWed, 26 Feb 2025 23:45:35 GMT - Wed, 28 May 2025 00:45:14 GMT

File type
ASCII text, with very long lines (870), with no line terminators
Size
744 B (744 bytes)
Hash
7935e262d488752640d455c59cd2e2a3
9bbedcd990a017595091658d289bc268d459570a
e8d36ed20890024c87f225fdb62417a2920b7138b27450a2ddca916011dcf16e

HTTP Headers

GET /json/ HTTP/1.1
Host: ipapi.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json; charset=utf-8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.new-navan.com
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 17 Mar 2025 13:23:10 GMT
content-type: application/json
allow: OPTIONS, POST, OPTIONS, GET, HEAD
x-frame-options: DENY
vary: Host, origin
access-control-allow-origin: https://app.new-navan.com
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K4CrcDrBxYTaYOE%2BSSHGx%2BN3d2244xKzUHXYaVuioV2YDTw5l%2BxV94%2Bl1a3r6fVWZBpI8bfEZPKzEiG4wmnv%2BwgWWkv2Tdu847BqhfxfMg96ErOy7%2FZsJKVp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921ccda619f856bf-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=6972&min_rtt=511&rtt_var=12621&sent=9&recv=12&lost=0&retrans=1&sent_bytes=3277&recv_bytes=1273&delivery_rate=7337837&cwnd=248&unsent_bytes=0&cid=a62ed9446b186d02&ts=280&x=0"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Nunito:400,700

142.250.74.10

200 OK

3.4 kB

URL GET
fonts.googleapis.com/css?family=Nunito:400,700
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://app.new-navan.com/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintF1:11:17:AF:9C:89:34:EE:D5:CB:84:40:84:EA:01:19:A9:F6:ED:C2
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
ASCII text, with very long lines (3502), with no line terminators
Size
3.4 kB (3422 bytes)
Hash
094e19e468151515e5bc58d6aa045522
4ae5684f50a3a3c8d38758ba4fd0cde3bc6a5076
0a2314895b18967b448a8139ff46ec9aa74f57391d576f92198394191591ba94

HTTP Headers

GET /css?family=Nunito:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 17 Mar 2025 13:23:10 GMT
date: Mon, 17 Mar 2025 13:23:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.178.35

200 OK

39 kB

URL GET
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.178.35:443
ASN
#15169 GOOGLE

Requested by
https://app.new-navan.com/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.new-navan.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 18:17:23 GMT
expires: Fri, 13 Mar 2026 18:17:23 GMT
cache-control: public, max-age=31536000
age: 327947
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.178.35

200 OK

39 kB

URL GET
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.178.35:443
ASN
#15169 GOOGLE

Requested by
https://app.new-navan.com/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://app.new-navan.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 18:17:23 GMT
expires: Fri, 13 Mar 2026 18:17:23 GMT
cache-control: public, max-age=31536000
age: 327947
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wss://wspbot.su/socket.io/?EIO=4&transport=websocket

172.67.166.192

101 Switching Protocols

0 B

URL GET
wss://wspbot.su/socket.io/?EIO=4&transport=websocket
IP
172.67.166.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app.new-navan.com/
Certificate
IssuerGoogle Trust Services
Subjectwspbot.su
Fingerprint02:6D:D2:CB:E9:6A:64:82:E7:A1:05:E6:37:84:F7:19:89:29:67:EF
ValidityWed, 26 Feb 2025 07:35:17 GMT - Tue, 27 May 2025 08:32:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /socket.io/?EIO=4&transport=websocket HTTP/1.1
Host: wspbot.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://app.new-navan.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HonOY9G/WfkHk7XzMFU3KQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 17 Mar 2025 13:23:11 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: G0BEUqm1HB7Yl+bNELVpWvSI/Uk=
Access-Control-Allow-Origin: *
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EAis8hRrtZ8yEmKCs5zvGyuoAAHiotaABACp3LmBA4CUMN661D47GtXp0kuUthbQRfNOH%2FZTcNMu6cVvAD36plVYdD%2Bbw3yEocB4YQlTdxbbLlrvh8dKSygIA6k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 921ccda88e39ca70-HAM
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=14556&min_rtt=14532&rtt_var=3104&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3105&recv_bytes=1189&delivery_rate=296944&cwnd=252&unsent_bytes=0&cid=1261f7b73ec725c2&ts=508&x=0"

app.new-navan.com/polyfills-FFHMD2TL.js

194.26.192.35

200 OK

34 kB

URL GET
app.new-navan.com/polyfills-FFHMD2TL.js
IP
194.26.192.35:443
ASN
#210558 1337 Services GmbH

Requested by
https://app.new-navan.com/
Certificate
IssuerLet's Encrypt
Subjectapp.new-navan.com
FingerprintFC:03:7D:42:35:0F:43:40:4A:E2:50:1D:09:4E:37:51:97:7C:A4:25
ValidityTue, 28 Jan 2025 15:42:19 GMT - Mon, 28 Apr 2025 15:42:18 GMT

File type
JavaScript source, ASCII text, with very long lines (29272)
Size
34 kB (34519 bytes)
Hash
feb8fabaa54a01a42a5d3785369cea71
f49b49a155bc7d192db62a4c15d0a612b460a667
69dcea045643dd0de998a3cd0ccbbb46b46bff2651a87a56c73c28eb208e8f98

HTTP Headers

GET /polyfills-FFHMD2TL.js HTTP/1.1
Host: app.new-navan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Mon, 24 Feb 2025 02:38:03 GMT
etag: "86d7-62eda3abde4ea-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12409
content-type: text/javascript
date: Mon, 17 Mar 2025 13:23:09 GMT
server: Apache
X-Firefox-Spdy: h2

app.new-navan.com/main-RPULKKVB.js

194.26.192.35

200 OK

449 kB

URL GET
app.new-navan.com/main-RPULKKVB.js
IP
194.26.192.35:443
ASN
#210558 1337 Services GmbH

Requested by
https://app.new-navan.com/
Certificate
IssuerLet's Encrypt
Subjectapp.new-navan.com
FingerprintFC:03:7D:42:35:0F:43:40:4A:E2:50:1D:09:4E:37:51:97:7C:A4:25
ValidityTue, 28 Jan 2025 15:42:19 GMT - Mon, 28 Apr 2025 15:42:18 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
449 kB (449355 bytes)
Hash
7ca03b81b7fd966911354c540729fd65
e8ebc8ea9b28add31547c0b0b06f0c4c00edc6fd
b01fb950d8bad1f83c69daf474721834916800aac80bcd9ab94814e8c46e9787

HTTP Headers

GET /main-RPULKKVB.js HTTP/1.1
Host: app.new-navan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Mon, 24 Feb 2025 02:38:03 GMT
etag: "6db4b-62eda3abde4ea-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
date: Mon, 17 Mar 2025 13:23:09 GMT
server: Apache
X-Firefox-Spdy: h2

app.new-navan.com/emoji.png

194.26.192.35

200 OK

7.4 kB

URL GET
app.new-navan.com/emoji.png
IP
194.26.192.35:443
ASN
#210558 1337 Services GmbH

Requested by
https://app.new-navan.com/
Certificate
IssuerLet's Encrypt
Subjectapp.new-navan.com
FingerprintFC:03:7D:42:35:0F:43:40:4A:E2:50:1D:09:4E:37:51:97:7C:A4:25
ValidityTue, 28 Jan 2025 15:42:19 GMT - Mon, 28 Apr 2025 15:42:18 GMT

File type
PNG image data, 188 x 188, 8-bit/color RGBA, non-interlaced
Size
7.4 kB (7358 bytes)
Hash
e7af79dc6a3d598d18355e2838ea17f0
4014df24c2df01538525d2140fdd427442b4d57a
c09769f1dacb11178ba48bb8ae44beb601566821e6a31f3ba4f00a6e83927b88

HTTP Headers

GET /emoji.png HTTP/1.1
Host: app.new-navan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/404
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 13 Jun 2018 18:48:20 GMT
etag: "1cbe-56e8a6d30a500"
accept-ranges: bytes
content-length: 7358
content-type: image/png
date: Mon, 17 Mar 2025 13:23:10 GMT
server: Apache
X-Firefox-Spdy: h2

app.new-navan.com/favicon.ico

194.26.192.35

200 OK

15 kB

URL GET
app.new-navan.com/favicon.ico
IP
194.26.192.35:443
ASN
#210558 1337 Services GmbH

Requested by
https://app.new-navan.com/
Certificate
IssuerLet's Encrypt
Subjectapp.new-navan.com
FingerprintFC:03:7D:42:35:0F:43:40:4A:E2:50:1D:09:4E:37:51:97:7C:A4:25
ValidityTue, 28 Jan 2025 15:42:19 GMT - Mon, 28 Apr 2025 15:42:18 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
e8f4006dda04aa2a98a7721f70c1d64c
a84fff7d3dd7766d0a22d13fad5e9f91ccd35ae9
e8c70ecb985d2810afa5d89a608ce29430ea3f36c6753f76df34eb8a6fa31aa1

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: app.new-navan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app.new-navan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Mon, 10 Feb 2025 05:35:23 GMT
etag: "3c2e-62dc3132959b4-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8244
content-type: image/x-icon
date: Mon, 17 Mar 2025 13:23:10 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by