Hostnames |
ec2-52-21-224-45.compute-1.amazonaws.com sftp.anomali.com anomali.brickftp.com anomali.files.com |
Domains | amazonaws.com anomali.com brickftp.com files.com |
Cloud Provider | Amazon |
Cloud Region | us-east-1 |
Cloud Service | EC2 |
Country | United States |
City | Ashburn |
Organization | Amazon Technologies Inc. |
ISP | Amazon.com, Inc. |
ASN | AS14618 |
-674619221 | 2024-05-24T14:47:52.23187322 / tcp
SSH-2.0-FILES.COM Key type: ssh-rsa Key: AAAAB3NzaC1yc2EAAAADAQABAAACAQCD+pdvc7zeWkcDuyo4k7fca+BVqSSnbGteq2fcquo+jbN9 rXySnlbHyAZsxwXIxn/TMWFQCgD619TbdMQ2F4x0tC/UfrNiF0tCQ0UZNlOuQz6G2a0QBzMRgeug GqbFOHHQTaOcgMJoW0ai8vbpHlGMybqcjQg+MWC8fNl4WcX9Ruze713WhcTIbrA4P7iqlyjFkiaQ MX642mO0/RboME/4TdyNg7w0bxJaLifiIGtStZ5cRWSW8nxr/PEdQPeSg/2HshyUFJx6GD7ej3Ne FsDuYCYFdBXGpZ/Tp6i2mIC/NoVO+3Hz7Pw6JA+H3tEy8U9zqSwPk9RIGlKoWTtZvo9xcBwCFIPy MymU83gfioZYZN4uK196oX/2sspMUIOTUlA4eeIdmbDbK0w1QYGr1bOk/5bKgxybDx4m7FsY3NDy lZKDmS1SMVPg1C/GYVdpheOHZpzH5f8qT34ZRFGmktIhRqD+cSiNdcDMDebRBeFG/mCIVSNnoEiD KjKqH/+dpdiJHlTDSH1QCg/d+HSX4eEVG0AudIeSELjaJg2V0kVbk9gF28G0BzQ6NxGm9d7hZD61 BfjcuxgRr1bqx6uEip0WrNTinNEIleB1L6M5BUapeICBe+F0Kte+qBYrVENWJoai9V9l/IuBvYWI WkMf0MsuGeiQi2IOvEMfwrD9jBlWqw== Fingerprint: 79:e1:fc:1c:8d:d7:95:25:84:c5:70:16:4d:07:e0:c5 Kex Algorithms: curve25519-sha256 curve25519-sha256@libssh.org curve448-sha512 diffie-hellman-group-exchange-sha256 diffie-hellman-group18-sha512 diffie-hellman-group17-sha512 diffie-hellman-group16-sha512 diffie-hellman-group15-sha512 diffie-hellman-group14-sha256 ext-info-s kex-strict-s-v00@openssh.com Server Host Key Algorithms: ssh-rsa rsa-sha2-256 rsa-sha2-512 Encryption Algorithms: chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com MAC Algorithms: hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha1-etm@openssh.com Compression Algorithms: none zlib zlib@openssh.com
-1355278202 | 2024-05-28T03:17:33.86619680 / tcp
HTTP/1.1 301 Moved Permanently Server: files.com Date: Tue, 28 May 2024 03:17:33 GMT Content-Type: text/html Content-Length: 166 Connection: keep-alive Location: https://52.21.224.45/ Cache-Control: no-cache X-Request-ID: b846c81c6fd052861e681be5d79cef9d
1881472064 | 2024-06-01T07:14:41.281243443 / tcp
HTTP/1.1 200 OK Server: files.com Date: Sat, 01 Jun 2024 07:14:41 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Strict-Transport-Security: max-age=631139040; includeSubdomains; preload; Cache-Control: no-store X-Files-Frontend-App: true x-content-type-options: nosniff x-xss-protection: 1; mode=block x-download-options: noopen x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none referrer-policy: same-origin Expect-CT: enforce, max-age=60, report-uri="https://actionverb.report-uri.com/r/d/ct/enforce" Permissions-Policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=() X-Request-ID: 4428e3165ec1e00340a7b5c92328ee1c Content-Security-Policy: base-uri 'self'; block-all-mixed-content ; child-src brickftp.com go.oncehub.com 'self'; connect-src 'self' *.files.com *.s3.amazonaws.com s3.amazonaws.com s3-af-south-1.amazonaws.com s3-ap-northeast-1.amazonaws.com s3-ap-northeast-2.amazonaws.com s3-ap-northeast-3.amazonaws.com s3-ap-south-1.amazonaws.com s3-ap-southeast-1.amazonaws.com s3-ap-southeast-2.amazonaws.com s3-ca-central-1.amazonaws.com s3-eu-central-1.amazonaws.com s3-eu-north-1.amazonaws.com s3-eu-south-1.amazonaws.com s3-eu-west-1.amazonaws.com s3-eu-west-2.amazonaws.com s3-eu-west-3.amazonaws.com s3-me-south-1.amazonaws.com s3-sa-east-1.amazonaws.com s3-us-east-1.amazonaws.com s3-us-east-2.amazonaws.com s3-us-gov-east-1.amazonaws.com s3-us-gov-west-1.amazonaws.com s3-us-west-1.amazonaws.com s3-us-west-2.amazonaws.com staging-wopi.files.com wopi.files.com; font-src 'self' data:; form-action 'self'; frame-src 'self' go.oncehub.com staging-wopi.files.com wopi.files.com jssdk.files.com; img-src 'self' data: blob: https:; media-src 'self' *.amazonaws.com *.wasabisys.com *.files.com; object-src 'self'; script-src 'self' 'nonce-ZQNHA3oPks687bMlORzA8a45RVlcryrt'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests ; worker-src 'self'; report-uri https://actionverb.report-uri.io/r/default/csp/enforce
Certificate: Data: Version: 3 (0x2) Serial Number: 03:bc:ff:3c:3a:50:c2:2c:6e:56:32:61:80:69:bf:8c:84:e9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Apr 14 23:15:35 2024 GMT Not After : Jul 13 23:15:34 2024 GMT Subject: CN=sftp.anomali.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:c3:45:2b:14:0e:07:11:44:63:02:88:35:46:7b: b1:e8:f6:24:bf:fb:a0:b2:5c:cf:75:e3:fc:94:78: 79:65:a2:92:1c:92:84:54:3f:83:a3:04:3d:c6:66: 67:ce:f5:2d:6c:92:82:a6:09:c6:67:6a:84:ce:2e: b3:7c:93:68:b6:69:0c:a2:e6:e4:5a:0e:da:85:5a: e9:f1:c9:b3:2a:69:87:94:7a:63:2d:f1:16:f2:d0: da:bd:61:57:af:aa:da:6c:94:82:be:53:3a:9c:6b: 88:10:a2:50:74:99:d8:1d:26:7d:e2:01:bf:cb:d1: d3:6d:9c:2a:ca:19:47:e9:da:cd:e4:08:b5:b4:41: 59:98:31:38:ec:bf:53:0e:28:73:88:ca:78:08:dc: 5b:c7:66:34:8b:b1:d2:3e:6a:55:a0:36:1e:22:10: e8:a0:d5:cb:51:34:9f:0f:b0:93:30:f7:2b:92:f9: 52:20:0b:82:9d:5b:ca:ac:bb:a2:f0:cb:0e:81:d2: 99:61:d2:d6:92:4f:92:74:d7:54:3a:b3:74:c6:88: 98:ae:f7:1e:37:b6:88:97:17:3b:34:8a:77:51:35: 31:38:88:b0:64:ae:40:71:ef:73:3d:49:9b:26:7d: b1:cc:41:80:43:46:f7:12:e6:bc:c7:9a:62:ef:71: 1a:f5:6d:b7:04:af:41:93:4a:23:77:67:aa:d0:75: 7b:92:11:38:8e:71:fe:e2:c9:ea:e9:88:91:30:05: f5:4d:bd:a4:a2:3f:50:f1:42:9d:1d:48:7d:4b:72: d1:5e:73:b5:d2:97:e7:32:63:d5:68:94:55:68:9d: 9e:5a:0e:9c:7e:9c:b6:ed:7a:f9:12:02:f2:4f:22: c0:aa:57:62:79:16:35:1a:e6:42:6d:76:da:f9:0a: be:e7:01:18:ca:2b:fe:e6:0e:67:0a:53:98:e6:e9: 8b:ed:53:6c:15:c3:ad:ba:b5:52:10:83:19:96:30: 54:97:8b:bb:40:6b:b4:20:09:f8:a7:44:6e:4f:f2: c0:23:3c:7f:8d:67:f3:45:f5:5e:6d:38:62:b9:fb: 52:5f:e3:ba:b3:cc:ba:2f:db:90:b8:a5:97:47:24: 1b:c1:29:ea:96:61:05:d0:f1:54:19:4e:18:86:02: eb:f0:67:cf:c5:d6:c9:f7:6e:9c:68:c8:f9:b7:18: b2:d3:2c:a8:30:ed:ab:2e:16:c5:1c:79:d0:ad:6d: dc:54:4b:e6:7f:a2:9c:07:b1:fe:67:89:80:02:00: b7:ac:8d:d0:87:a3:8a:67:94:77:c5:9d:0a:92:e7: cb:8c:d1:24:e8:32:00:f2:9e:e7:e8:98:5c:38:b5: 82:bf:b7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: C2:9E:77:2C:FC:9A:39:64:9E:63:3D:E6:A9:8F:05:1F:E9:1E:5F:13 X509v3 Authority Key Identifier: 14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6 Authority Information Access: OCSP - URI:http://r3.o.lencr.org CA Issuers - URI:http://r3.i.lencr.org/ X509v3 Subject Alternative Name: DNS:anomali.brickftp.com, DNS:anomali.files.com, DNS:sftp.anomali.com X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12: ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E Timestamp : Apr 15 00:15:35.255 2024 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:F1:A6:8C:B8:36:7B:8C:18:9B:96:7E: BC:9A:BE:2C:02:F6:C6:21:F8:9B:21:88:FE:A3:3D:28: 20:05:2E:41:74:02:21:00:AF:99:A9:23:EE:30:AE:84: FC:39:F3:83:14:9E:76:B5:9A:9E:2A:86:AD:DA:CD:26: FA:B2:CC:95:B7:6A:FB:4C Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34: B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74 Timestamp : Apr 15 00:15:35.298 2024 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:29:99:D3:9D:AC:C0:48:08:5F:77:A3:0C: 94:9E:EB:5F:61:E4:4D:16:AD:B0:BC:F4:1D:3A:F3:AD: 09:F6:BC:C5:02:21:00:DD:43:9E:F3:A8:F3:28:F2:01: 83:39:D5:0A:F7:E9:D7:53:94:C6:19:07:48:42:E0:92: E2:0D:02:CB:BB:0F:D3 Signature Algorithm: sha256WithRSAEncryption Signature Value: 2c:70:a0:89:c7:7a:d9:20:78:98:c3:ac:12:dc:08:4c:6a:db: 19:11:8f:59:3b:2c:a4:86:91:ac:75:69:12:56:31:5c:a6:63: 0e:57:cd:29:19:9e:98:76:c7:00:06:24:e8:02:bf:66:75:1c: f2:a7:06:b6:08:01:de:88:72:4c:50:77:3f:c8:ed:e0:29:d6: 59:84:1d:64:2e:00:2b:a1:93:22:b2:e4:ee:be:ab:89:75:28: e4:e4:2b:48:f9:47:1b:4c:07:7f:cb:22:95:d7:6a:5a:a6:16: 54:f1:9c:7b:61:3a:ec:44:1a:44:b2:09:63:6c:81:80:ee:a5: a4:73:a0:5e:3d:42:f2:b5:6f:13:3d:6b:b1:01:10:6e:cc:5d: fe:6b:d8:f7:b1:66:33:27:65:f6:15:ca:59:d8:2f:53:80:6c: 71:12:25:ef:1a:ac:88:f5:1a:d5:56:a1:01:e7:68:83:9e:f1: 5a:59:ce:56:8d:d5:8e:99:87:d1:27:fc:cf:8c:c0:1a:ed:fa: 8b:12:64:ff:d0:94:fc:e1:8c:e8:42:be:48:51:ff:0d:90:b4: a1:36:3d:82:34:bc:03:31:37:eb:19:4f:47:3f:75:f9:21:cd: dd:43:60:a0:dc:72:68:92:6e:fd:5a:f8:71:e7:ed:b4:02:80: 22:9a:d0:34