Domain > crows-nest.tools.aws.dev

More information on this domain is in AlienVault OTX

DNS Resolutions

Date	IP Address
2022-12-13	99.86.159.75 (ClassC)
2022-12-13	99.86.159.93 (ClassC)
2025-11-20	18.161.6.49 (ClassC)

HTTP/1.1 403 ForbiddenContent-Type: text/htmlContent-Length: 8767Connection: keep-aliveDate: Thu, 20 Nov 2025 22:34:04 GMTLast-Modified: Fri, 05 Sep 2025 17:31:44 GMTETag: 3259783635d069ba344428919cf6e8c7x-amz-server-side-encryption: AES256x-amz-version-id: 2goMtfEd.GCrjRJGmsDgejwrU5PT5z92Accept-Ranges: bytesServer: AmazonS3X-Cache: Error from cloudfrontVia: 1.1 99db15345b0e5e7ad9c267ae999b8cf4.cloudfront.net (CloudFront)X-Amz-Cf-Pop: HIO52-P1X-Amz-Cf-Id: _VGH97Ov3ZaSVJELM3Iv1KPsLYOC3Vk-biFxIfa_H3hEa2zYC1Kb3g

!DOCTYPE html>html>head>    script typetext/javascript>        function getParameterByName(name, url) {            if (!url) url  window.location.href;            name  name.replace(/\\/g, \\$&);            var regex  new RegExp(?& + name + ((^&#*)|&|#|$)),                results  regex.exec(url);            if (!results) return null;            if (!results2) return ;            return decodeURIComponent(results2.replace(/\+/g,  ));        }        function getValidURL(url) {            try {                return new URL(url);            } catch (e) {                return null;            }        }        /*!         * JavaScript Cookie v2.1.4         * https://github.com/js-cookie/js-cookie         *         * Copyright 2006, 2015 Klaus Hartl & Fagner Brack         * Released under the MIT license         */        ;(function (factory) {            var registeredInModuleLoader  false;            if (typeof define  function && define.amd) {                define(factory);                registeredInModuleLoader  true;            }            if (typeof exports  object) {                module.exports  factory();                registeredInModuleLoader  true;            }            if (!registeredInModuleLoader) {                var OldCookies  window.Cookies;                var api  window.Cookies  factory();                api.noConflict  function () {                    window.Cookies  OldCookies;                    return api;                };            }        }(function () {            function extend () {                var i  0;                var result  {};                for (; i  arguments.length; i++) {                    var attributes  arguments i ;                    for (var key in attributes) {                        resultkey  attributeskey;                    }                }                return result;            }            function init (converter) {                function api (key, value, attributes) {                    var result;                    if (typeof document  undefined) {                        return;                    }                    // Write                    if (arguments.length > 1) {                        attributes  extend({                            path: /                        }, api.defaults, attributes);                        if (typeof attributes.expires  number) {                            var expires  new Date();                            expires.setMilliseconds(expires.getMilliseconds() + attributes.expires * 864e+5);                            attributes.expires  expires;                        }                        // Were using expires because max-age is not supported by IE                        attributes.expires  attributes.expires ? attributes.expires.toUTCString() : ;                        try {                            result  JSON.stringify(value);                            if (/^\{\/.test(result)) {                                value  result;                            }                        } catch (e) {}                        if (!converter.write) {                            value  encodeURIComponent(String(value))                                .replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent);                        } else {                            value  converter.write(value, key);                        }                        key  encodeURIComponent(String(key));                        key  key.replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent);                        key  key.replace(//g, escape);                        var stringifiedAttributes  ;                        for (var attributeName in attributes) {                            if (!attributesattributeName) {                                continue;                            }                            stringifiedAttributes + ;  + attributeName;                            if (attributesattributeName  true) {                                continue;                            }                            stringifiedAttributes +  + attributesattributeName;                        }                        return (document.cookie  key +  + value + stringifiedAttributes);                    }                    // Read                    if (!key) {                        result  {};                    }                    // To prevent the for loop in the first place assign an empty array                    // in case there are no cookies at all. Also prevents odd result when                    // calling get()                    var cookies  document.cookie ? document.cookie.split(; ) : ;                    var rdecode  /(%0-9A-Z{2})+/g;                    var i  0;                    for (; i  cookies.length; i++) {                        var parts  cookiesi.split();                        var cookie  parts.slice(1).join();                        if (cookie.charAt(0)  ) {                            cookie  cookie.slice(1, -1);                        }                        try {                            var name  parts0.replace(rdecode, decodeURIComponent);                            cookie  converter.read ?                                converter.read(cookie, name) : converter(cookie, name) ||                                cookie.replace(rdecode, decodeURIComponent);                            if (this.json) {                                try {                                    cookie  JSON.parse(cookie);                                } catch (e) {}                            }                            if (key  name) {                                result  cookie;                                break;                            }                            if (!key) {                                resultname  cookie;                            }                        } catch (e) {}                    }                    return result;                }                api.set  api;                api.get  function (key) {                    return api.call(api, key);                };                api.getJSON  function () {                    return api.apply({                        json: true                    }, .slice.call(arguments));                };                api.defaults  {};                api.remove  function (key, attributes) {                    api(key, , extend(attributes, {                        expires: -1                    }));                };                api.withConverter  init;                return api;            }            return init(function () {});        }));        var policy  getParameterByName(policy);        var kpid  getParameterByName(kpid);        var exp  getParameterByName(exp);        var sig  getParameterByName(sig);        var encodedTargetUrl  getParameterByName(encodedTargetUrl);        var decodedTargetUrl  encodedTargetUrl && decodeURIComponent(encodedTargetUrl);        var validTargetURL  getValidURL(decodedTargetUrl)        if (policy && kpid && exp && sig) {            var curr_origin  window.location.origin;            Cookies.set(CloudFront-Policy, policy, { secure: true, sameSite: None, expires: 1 });            Cookies.set(CloudFront-Key-Pair-Id, kpid, { secure: true, sameSite: None, expires: 1 });            Cookies.set(CloudFront-Expiration, exp, { secure: true, sameSite: None, expires: 1 });            Cookies.set(CloudFront-Signature, sig, { secure: true, sameSite: None, expires: 1 });            if(validTargetURL && curr_origin  validTargetURL.origin) {                window.location.replace(decodedTargetUrl);            } else {                window.location.replace(curr_origin);            }        } else if (Cookies.get(CloudFront-Policy)){            //Nothing to do.        } else {            var referrer  window.location            var encodedUrl  encodeURIComponent(referrer.href)            window.location.replace(https://cloudfrontsigner.ninjas.security.a2z.com/sign?encodedTargetUrl+encodedUrl);        }    /script>/head>body>p>Redirecting you for Auth/p>!-- This one should be a Bindle that doesnt exist, and triggers a 400 response from ECS. -->div styledisplay:none idbindlediv>amzn1.bindle.resource.pxwhzcyry5pctxbb7z3a/div>/body>/html>

Subdomains

Date	Domain	IP
web.us-east-1.gamma.eunomia.tools.aws.dev	2025-10-05	18.161.6.45
api.us-east-1.gamma.eunomia.tools.aws.dev	2024-08-08	3.220.246.122
api.us-east-1.beta.eunomia.tools.aws.dev	2024-04-23	54.235.147.64
api-gamma.us-east-1.doina.tools.aws.dev	2023-08-31	34.230.132.4
api-beta.us-west-2.doina.tools.aws.dev	2024-06-16	52.34.42.104
api.admin.dev.embrace.tools.aws.dev	2023-10-31	52.48.219.31
api.mattservice.tools.aws.dev	2024-06-09	18.190.106.193
clairvoyance.tools.aws.dev	2024-09-11	204.246.191.5
api.alpha.clairvoyance.tools.aws.dev	2024-10-05	54.194.246.16
alpha-mullgavi.opensearch.wf.aoe.tools.aws.dev	2024-12-23	54.245.174.21
preprod.us-east-1.prevere.tools.aws.dev	2024-06-03	18.233.134.112
alpha-high.us-west-2.prevere.tools.aws.dev	2024-11-25	100.20.209.173
vitadyl-high.us-west-2.prevere.tools.aws.dev	2024-11-25	44.238.248.79
alpha-low.us-west-2.prevere.tools.aws.dev	2024-05-13	52.13.235.231
dcurfman-low.us-west-2.prevere.tools.aws.dev	2025-01-02	52.88.232.59
beta.iad.fleet-master-api.tools.aws.dev	2024-07-22	52.7.27.194
prod.cgk.fleet-master-api.tools.aws.dev	2025-10-24	108.136.176.226
prod.icn.fleet-master-api.tools.aws.dev	2025-08-31	3.36.81.12
prod.corp.fleet-master-api.tools.aws.dev	2025-06-05	52.23.142.157
beta.fleet-master-portal.tools.aws.dev	2024-06-09	3.224.90.129
auushman-run.dev.contentportal.tools.aws.dev	2025-10-23	3.163.24.53
diesel.tools.aws.dev	2024-05-13	52.88.150.6
apll.tools.aws.dev	2024-06-03	54.214.134.185
beta.apll.tools.aws.dev	2024-06-03	54.149.75.210
swl.triciche-wye.aps.abp.tools.aws.dev	2024-12-20	54.186.91.23
mwapi.andglenn-eff.aps.abp.tools.aws.dev	2025-03-13	34.211.65.149
mwapi.broksco-soy.aps.abp.tools.aws.dev	2025-03-13	44.231.103.70
alpha.us-east-1.api.omnimeter.tools.aws.dev	2024-04-30	3.215.128.100
migration-best-practices.tools.aws.dev	2025-10-25	3.175.34.46
prod.migration-best-practices.tools.aws.dev	2025-10-25	3.175.34.46
beta.us-east-1.zombie-fleet.tools.aws.dev	2023-10-19	52.21.187.202
crows-nest.tools.aws.dev	2025-11-20	18.161.6.49
alpha.crows-nest.tools.aws.dev	2024-02-26	18.161.6.109
beta.shadow.tools.aws.dev	2023-07-20	3.163.24.14
api.alpha.beta.shadow.tools.aws.dev	2024-12-27	204.246.191.61
api.shadow.tools.aws.dev	2025-05-03	3.163.24.51

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > crows-nest.tools.aws.dev

Is this malicious?

DNS Resolutions

Port 80

Port 443

Subdomains