monitoring.staging.investigator.corelight.io Open in urlscan Pro
35.84.107.199 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://monitoring.staging.investigator.corelight.io/
Submission Tags: phishingrod
Submission: On July 15 via api (July 15th 2023, 12:46:28 am UTC) from DE — Scanned from DE

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 35.84.107.199, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is monitoring.staging.investigator.corelight.io.
TLS certificate: Issued by Amazon RSA 2048 M02 on July 14th 2023. Valid for: a year.

This is the only time monitoring.staging.investigator.corelight.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
10	35.84.107.199 35.84.107.199		16509 (AMAZON-02) (AMAZON-02)
10	1

10 35.84.107.199 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-84-107-199.us-west-2.compute.amazonaws.com

monitoring.staging.investigator.corelight.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	corelight.io monitoring.staging.investigator.corelight.io	1 MB
10	1

	Domain	Requested by
10	monitoring.staging.investigator.corelight.io	monitoring.staging.investigator.corelight.io
10	1

This site contains links to these domains. Also see Links.

Domain
corelight.com

Subject Issuer	Validity	Valid
monitoring.staging.investigator.corelight.io Amazon RSA 2048 M02	`2023-07-14` - `2024-08-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://monitoring.staging.investigator.corelight.io/
Frame ID: 71BD9EABB32B82DB24115500CA3184B2
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Monitoring

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1442 kB
Transfer

7249 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://corelight.com/support
Title: Contact Support

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response monitoring.staging.investigator.corelight.io/	661 B 601 B	658ms 244ms	Document text/html	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `087430a1194c2ef7562d01c7fc9f5d582f0774d72823782dac5c0903c9057871` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-disposition inline content-encoding gzip content-length 364 content-type text/html date Sat, 15 Jul 2023 00:46:21 GMT x-amz-apigw-id IFHelEH0vHcFeLg= x-amzn-requestid 93594ae8-a628-45ed-93e0-e4fa9b0f0356 x-amzn-trace-id Root=1-64b1ec5d-00dda4d86ed373c27dddaa90;Sampled=0;lineage=e0ed9978:0
GET H2	200	env.js Show response monitoring.staging.investigator.corelight.io/	208 B 352 B	193ms 191ms	Script application/javascript	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/env.js Requested by Host: monitoring.staging.investigator.corelight.io URL: https://monitoring.staging.investigator.corelight.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `9ef057e9afc1c7b113ce8719edd6d44670a2392d761c8f40b38a9fd941fe20d0` Request headers accept-language de-DE,de;q=0.9 Referer https://monitoring.staging.investigator.corelight.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 15 Jul 2023 00:46:21 GMT x-amzn-requestid 6a24f99c-1592-4700-a6ee-6981472b62b1 content-length 208 x-amz-apigw-id IFHenGGwvHcFjPQ= content-type application/javascript
GET H2	200	version.js Show response monitoring.staging.investigator.corelight.io/	38 B 301 B	243ms 242ms	Script application/javascript	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/version.js Requested by Host: monitoring.staging.investigator.corelight.io URL: https://monitoring.staging.investigator.corelight.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `bfec52b73525f09ee42f2a896fe46197080fe63acf4124927fc3bf4432ae6296` Request headers accept-language de-DE,de;q=0.9 Referer https://monitoring.staging.investigator.corelight.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 15 Jul 2023 00:46:21 GMT content-encoding gzip x-amzn-trace-id Root=1-64b1ec5d-3b8c0704208cc7c72dbfcaa2;Sampled=0;lineage=e0ed9978:0 x-amzn-requestid 9d7ced30-3be5-4e69-8006-fd971a2c5d83 content-type application/javascript content-disposition inline x-amz-apigw-id IFHenGvKPHcFw2A= content-length 58
GET H2	200	styles.ef46db3751d8e999.css monitoring.staging.investigator.corelight.io/	0 254 B	1787ms 1786ms	Stylesheet text/css	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/styles.ef46db3751d8e999.css Requested by Host: monitoring.staging.investigator.corelight.io URL: https://monitoring.staging.investigator.corelight.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://monitoring.staging.investigator.corelight.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 15 Jul 2023 00:46:22 GMT content-encoding gzip x-amzn-trace-id Root=1-64b1ec5d-41ee6d15181e13307f56fe3c;Sampled=0;lineage=e0ed9978:0 x-amzn-requestid 7322af72-1a4d-4340-a360-a94ac69b3b7e content-type text/css content-disposition inline x-amz-apigw-id IFHenFPLPHcFqGg= content-length 20
GET H2	200	runtime.76d71460fdf646cc.esm.js Show response monitoring.staging.investigator.corelight.io/	2 KB 1 KB	1788ms 1787ms	Script application/javascript	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/runtime.76d71460fdf646cc.esm.js Requested by Host: monitoring.staging.investigator.corelight.io URL: https://monitoring.staging.investigator.corelight.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `c4339491f8a89021f18019b5cd06c4f42af078265a4df1b6b23443c794fe6348` Request headers Referer https://monitoring.staging.investigator.corelight.io/ Origin https://monitoring.staging.investigator.corelight.io accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 15 Jul 2023 00:46:22 GMT content-encoding gzip x-amzn-trace-id Root=1-64b1ec5d-31075ae42812db8071f52f36;Sampled=0;lineage=e0ed9978:0 x-amzn-requestid ca17adf0-0ecf-4b9e-8391-3cb02110a529 content-type application/javascript content-disposition inline x-amz-apigw-id IFHenFZ0PHcFv9A= content-length 1104
GET H2	200	polyfills.18580bcda707375e.esm.js Show response monitoring.staging.investigator.corelight.io/	94 KB 34 KB	251ms 250ms	Script application/javascript	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/polyfills.18580bcda707375e.esm.js Requested by Host: monitoring.staging.investigator.corelight.io URL: https://monitoring.staging.investigator.corelight.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `48ee56e2327b12516d4d19722340b6c107d3f627b348ef3645dcf28d2615f88d` Request headers Referer https://monitoring.staging.investigator.corelight.io/ Origin https://monitoring.staging.investigator.corelight.io accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 15 Jul 2023 00:46:21 GMT content-encoding gzip x-amzn-trace-id Root=1-64b1ec5d-79d035b852902e7b47ee8700;Sampled=0;lineage=e0ed9978:0 x-amzn-requestid 46a56e3b-8eeb-45a7-9843-801f51ec8c3c content-type application/javascript content-disposition inline x-amz-apigw-id IFHenGZOvHcFYZg= content-length 34515
GET H2	200	main.b0286899a2b08f11.esm.js Show response monitoring.staging.investigator.corelight.io/	7 MB 1 MB	911ms 910ms	Script application/javascript	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/main.b0286899a2b08f11.esm.js Requested by Host: monitoring.staging.investigator.corelight.io URL: https://monitoring.staging.investigator.corelight.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `54999e535d6d45ef1976bd20aa038d5e6ff1e6bb86fca0a6057d8a5084a36dee` Request headers Referer https://monitoring.staging.investigator.corelight.io/ Origin https://monitoring.staging.investigator.corelight.io accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 15 Jul 2023 00:46:22 GMT content-encoding gzip x-amzn-trace-id Root=1-64b1ec5d-39ec0e42223f1e126ce92e08;Sampled=0;lineage=e0ed9978:0 x-amzn-requestid 850f59dd-58ab-4d0c-85c9-485b173ac70a content-type application/javascript content-disposition inline x-amz-apigw-id IFHenG7UvHcFSZQ= content-length 1181056
GET H2	200	IBMPlexSans-Regular.woff monitoring.staging.investigator.corelight.io/assets/fonts/IBMPlexSans/	82 KB 82 KB	299ms 298ms	Font application/octet-stream	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/assets/fonts/IBMPlexSans/IBMPlexSans-Regular.woff Requested by Host: monitoring.staging.investigator.corelight.io URL: https://monitoring.staging.investigator.corelight.io/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `82ab74c45e91d46af3b46aeae7cb49628ef8bfa42614118b1a3d873070b99667` Request headers Referer https://monitoring.staging.investigator.corelight.io/login Origin https://monitoring.staging.investigator.corelight.io accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 15 Jul 2023 00:46:23 GMT content-encoding gzip content-disposition inline x-amzn-trace-id Root=1-64b1ec5f-79e940353e70cb7b27ebb826;Sampled=0;lineage=e0ed9978:0 x-amzn-requestid bb00c531-2600-41e6-b040-53aedc67a591 content-length 83824 x-amz-apigw-id IFHfAHCqPHcFvmQ=
GET H2	200	IBMPlexSans-Bold.woff monitoring.staging.investigator.corelight.io/assets/fonts/IBMPlexSans/	82 KB 82 KB	289ms 288ms	Font application/octet-stream	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/assets/fonts/IBMPlexSans/IBMPlexSans-Bold.woff Requested by Host: monitoring.staging.investigator.corelight.io URL: https://monitoring.staging.investigator.corelight.io/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `2a9e733aeb0d9d557b528618282ecc4a9b89c38082393b5e7f9bfa41e5c8de57` Request headers Referer https://monitoring.staging.investigator.corelight.io/login Origin https://monitoring.staging.investigator.corelight.io accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 15 Jul 2023 00:46:23 GMT content-encoding gzip content-disposition inline x-amzn-trace-id Root=1-64b1ec5f-03f1a39a7147df2d42b85365;Sampled=0;lineage=e0ed9978:0 x-amzn-requestid 5c1c0b4d-17eb-44ab-833e-256ca05f4501 content-length 83400 x-amz-apigw-id IFHfAGIaPHcF73g=
GET H2	200	IBMPlexSans-Medium.woff monitoring.staging.investigator.corelight.io/assets/fonts/IBMPlexSans/	86 KB 87 KB	267ms 266ms	Font application/octet-stream	35.84.107.199 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://monitoring.staging.investigator.corelight.io/assets/fonts/IBMPlexSans/IBMPlexSans-Medium.woff Requested by Host: monitoring.staging.investigator.corelight.io URL: https://monitoring.staging.investigator.corelight.io/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.84.107.199 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-84-107-199.us-west-2.compute.amazonaws.com Software / Resource Hash `5a3110d9028cb60f8b0df0bb80cb3039690a31399760d7cc2123829215f018fb` Request headers Referer https://monitoring.staging.investigator.corelight.io/login Origin https://monitoring.staging.investigator.corelight.io accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Sat, 15 Jul 2023 00:46:23 GMT content-encoding gzip content-disposition inline x-amzn-trace-id Root=1-64b1ec5f-1d932333664601e85924f4dd;Sampled=0;lineage=e0ed9978:0 x-amzn-requestid 93782ffd-b120-4830-a871-b196caa6a336 content-length 88295 x-amz-apigw-id IFHfAE-HvHcF3xg=

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

monitoring.staging.investigator.corelight.io
35.84.107.199
087430a1194c2ef7562d01c7fc9f5d582f0774d72823782dac5c0903c9057871
2a9e733aeb0d9d557b528618282ecc4a9b89c38082393b5e7f9bfa41e5c8de57
48ee56e2327b12516d4d19722340b6c107d3f627b348ef3645dcf28d2615f88d
54999e535d6d45ef1976bd20aa038d5e6ff1e6bb86fca0a6057d8a5084a36dee
5a3110d9028cb60f8b0df0bb80cb3039690a31399760d7cc2123829215f018fb
82ab74c45e91d46af3b46aeae7cb49628ef8bfa42614118b1a3d873070b99667
9ef057e9afc1c7b113ce8719edd6d44670a2392d761c8f40b38a9fd941fe20d0
bfec52b73525f09ee42f2a896fe46197080fe63acf4124927fc3bf4432ae6296
c4339491f8a89021f18019b5cd06c4f42af078265a4df1b6b23443c794fe6348
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

monitoring.staging.investigator.corelight.io Open in urlscan Pro 35.84.107.199 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1442 kBTransfer

7249 kBSize

0 Cookies

1 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

0 Cookies

Indicators

monitoring.staging.investigator.corelight.io Open in urlscan Pro
35.84.107.199 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1442 kB
Transfer

7249 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions