nwt9-t131-l500-xploit.8.netwars.sans.org Open in urlscan Pro
52.13.27.0  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request interview_upload.html Show response nwt9-t131-l500-xploit.8.netwars.sans.org/	2 KB 3 KB	628ms 207ms	Document text/html	52.13.27.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.13.27.0 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-13-27-0.us-west-2.compute.amazonaws.com Software nginx / Resource Hash a79886dddf308bb17703ec4fcf204f34479848c4a969da386e1723be8c240677 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers content-length 2273 content-type text/html; charset=utf-8 date Fri, 31 May 2024 19:18:23 GMT server nginx
GET H2	200	materialize.min.css nwt9-t131-l500-xploit.8.netwars.sans.org/css/	139 KB 139 KB	211ms 210ms	Stylesheet text/css	52.13.27.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nwt9-t131-l500-xploit.8.netwars.sans.org/css/materialize.min.css Requested by Host: nwt9-t131-l500-xploit.8.netwars.sans.org URL: https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.13.27.0 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-13-27-0.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 33a6e0489b7638c6d6cd305d0bd3fb557707aed9d53f5c59a0ec0f156d950149 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 31 May 2024 19:18:23 GMT last-modified Mon, 01 May 2023 15:54:25 GMT server nginx etag "1682956465.3-141863-715396240" content-type text/css; charset=utf-8 cache-control public, max-age=43200 content-length 141863 expires Sat, 01 Jun 2024 07:18:23 GMT
GET H2	200	MaterialIcons.css nwt9-t131-l500-xploit.8.netwars.sans.org/css/	428 B 959 B	415ms 414ms	Stylesheet text/css	52.13.27.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nwt9-t131-l500-xploit.8.netwars.sans.org/css/MaterialIcons.css Requested by Host: nwt9-t131-l500-xploit.8.netwars.sans.org URL: https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.13.27.0 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-13-27-0.us-west-2.compute.amazonaws.com Software nginx / Resource Hash a8c297caa5943ec7a51af98e30aca060f195e1d0103cffbb4e379981ad28593c Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 31 May 2024 19:18:23 GMT last-modified Mon, 01 May 2023 15:54:25 GMT server nginx etag "1682956465.3-428-4284552114" content-type text/css; charset=utf-8 cache-control public, max-age=43200 content-length 428 expires Sat, 01 Jun 2024 07:18:23 GMT
GET H2	200	jquery.min.js Show response nwt9-t131-l500-xploit.8.netwars.sans.org/js/	86 KB 87 KB	822ms 822ms	Script application/javascript	52.13.27.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nwt9-t131-l500-xploit.8.netwars.sans.org/js/jquery.min.js Requested by Host: nwt9-t131-l500-xploit.8.netwars.sans.org URL: https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.13.27.0 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-13-27-0.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 31 May 2024 19:18:23 GMT last-modified Mon, 01 May 2023 15:54:25 GMT server nginx etag "1682956465.3-88145-2716209601" content-type application/javascript; charset=utf-8 cache-control public, max-age=43200 content-length 88145 expires Sat, 01 Jun 2024 07:18:23 GMT
GET H2	200	materialize.min.js Show response nwt9-t131-l500-xploit.8.netwars.sans.org/js/	177 KB 178 KB	822ms 822ms	Script application/javascript	52.13.27.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nwt9-t131-l500-xploit.8.netwars.sans.org/js/materialize.min.js Requested by Host: nwt9-t131-l500-xploit.8.netwars.sans.org URL: https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.13.27.0 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-13-27-0.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 53f7070cc4c81c278c72f7a106fd71434e766cf49b26d6ee8b0e1003d7132b3d Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 31 May 2024 19:18:23 GMT last-modified Mon, 01 May 2023 15:54:25 GMT server nginx etag "1682956465.3-181109-21697464" content-type application/javascript; charset=utf-8 cache-control public, max-age=43200 content-length 181109 expires Sat, 01 Jun 2024 07:18:23 GMT
GET H2	404	favicon.ico nwt9-t131-l500-xploit.8.netwars.sans.org/	232 B 647 B	208ms 207ms	Other text/html	52.13.27.0 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://nwt9-t131-l500-xploit.8.netwars.sans.org/favicon.ico Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.13.27.0 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-13-27-0.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 9177a352dcbf8875ebb2e22e682760d47faa4d77398add153dd7084e7568c5bc Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://nwt9-t131-l500-xploit.8.netwars.sans.org/interview_upload.html?appid=t5o8t59m1k18v4l0 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 31 May 2024 19:18:24 GMT server nginx content-length 232 content-type text/html; charset=utf-8

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| _get function| _createClass function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| Component function| docHandleKeydown function| docHandleKeyup function| docHandleFocus function| docHandleBlur function| getTime object| $jscomp object| $jscomp$this function| cash object| M object| Waves string| message

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nwt9-t131-l500-xploit.8.netwars.sans.org/	1970-01-20 21:09:47	Name: AWSALB Value: QckRTUkZU54OzLadujV18S3Rzigqqq3aAno2LtGQTw5Wb+RpLcqIVmhAhsKlUkO/35Z9NmS7PrAafk8RtxfdnXayC93kScWcIdU8fZQFADy09bo0+kfMCKOA4iX3
			nwt9-t131-l500-xploit.8.netwars.sans.org/	1970-01-20 21:09:47	Name: AWSALBCORS Value: QckRTUkZU54OzLadujV18S3Rzigqqq3aAno2LtGQTw5Wb+RpLcqIVmhAhsKlUkO/35Z9NmS7PrAafk8RtxfdnXayC93kScWcIdU8fZQFADy09bo0+kfMCKOA4iX3

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nwt9-t131-l500-xploit.8.netwars.sans.org/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nwt9-t131-l500-xploit.8.netwars.sans.org
52.13.27.0
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
33a6e0489b7638c6d6cd305d0bd3fb557707aed9d53f5c59a0ec0f156d950149
53f7070cc4c81c278c72f7a106fd71434e766cf49b26d6ee8b0e1003d7132b3d
9177a352dcbf8875ebb2e22e682760d47faa4d77398add153dd7084e7568c5bc
a79886dddf308bb17703ec4fcf204f34479848c4a969da386e1723be8c240677
a8c297caa5943ec7a51af98e30aca060f195e1d0103cffbb4e379981ad28593c