Help
RSS
API
Feed
Maltego
Contact
Domain > app.nabu.ag
×
More information on this domain is in
AlienVault OTX
Is this malicious?
Yes
No
DNS Resolutions
Date
IP Address
2023-08-02
143.204.86.31
(
ClassC
)
2025-10-22
3.175.34.63
(
ClassC
)
Port 80
HTTP/1.1 301 Moved PermanentlyServer: CloudFrontDate: Wed, 22 Oct 2025 14:32:40 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveLocation: https://app.nabu.ag/X-Cache: Redirect from cloudfrontVia: 1.1 7a41090c7fbdcc9568968409dbc13c78.cloudfront.net (CloudFront)X-Amz-Cf-Pop: HIO52-P3Alt-Svc: h3:443; ma86400X-Amz-Cf-Id: 3-0wrlnQDWKMkLb_4qBBQem6_JCO60ExnfF9H-Ojdb4QPvWumQoYPg html>head>title>301 Moved Permanently/title>/head>body>center>h1>301 Moved Permanently/h1>/center>hr>center>CloudFront/center>/body>/html>
Port 443
HTTP/1.1 200 OKContent-Type: text/htmlContent-Length: 10407Connection: keep-aliveDate: Sun, 12 Oct 2025 04:09:27 GMTCache-Control: public, max-age0, s-maxage31536000Server: AmazonS3Accept-Ranges: bytesETag: 2152b1149bc2da620a4ea502810e0a52Last-Modified: Thu, 28 Aug 2025 14:16:48 GMTX-Cache: Hit from cloudfrontVia: 1.1 6eef5cc48e8050472c6d6d9862d365dc.cloudfront.net (CloudFront)X-Amz-Cf-Pop: HIO52-P3Alt-Svc: h3:443; ma86400X-Amz-Cf-Id: y1p6lYsvgzVrxV_f1VKOehoACHQCZ-HvYagwp6tQFqX6lwSvV5LL2AAge: 901393 !doctype html>html langen> head> meta charsetUTF-8 /> link relicon typeimage/png href/assets/aquafly_favicon-BSihIp2l.png /> meta nameviewport contentwidthdevice-width, initial-scale1.0 /> !-- CSP disabled to prevent lockdown interference --> !-- meta http-equivContent-Security-Policy content...> --> title>Nabu/title> !-- EMERGENCY: Run before ANY other scripts to prevent lockdown injection --> script> console.log(🚨 EMERGENCY: Pre-emptive lockdown prevention); // Immediately freeze the global objects to prevent lockdown injection (function() { try { // Method 1: Override Object.defineProperty globally const originalDefineProperty Object.defineProperty; Object.defineProperty function(obj, prop, descriptor) { // Block lockdown property definitions if (prop lockdown || prop ses || prop harden) { console.log(`🛡️ BLOCKED: Attempted to define ${prop}`); return obj; // Return object unchanged } return originalDefineProperty.call(this, obj, prop, descriptor); }; console.log(✅ Object.defineProperty intercepted); // Method 2: Pre-define lockdown as a harmless function window, globalThis, self.forEach(obj > { if (obj) { try { obj.lockdown () > { console.log(🛡️ Lockdown call neutralized (pre-emptive)); return; }; console.log(`✅ Pre-emptive lockdown defined on ${obj window ? window : obj globalThis ? globalThis : self}`); } catch (e) { console.log(⚠️ Could not pre-define lockdown:, e.message); } } }); // Method 3: Intercept script loading const originalCreateElement document.createElement; document.createElement function(tagName) { const element originalCreateElement.call(this, tagName); if (tagName.toLowerCase() script) { const originalSrc Object.getOwnPropertyDescriptor(HTMLScriptElement.prototype, src) || Object.getOwnPropertyDescriptor(Element.prototype, src); if (originalSrc && originalSrc.set) { Object.defineProperty(element, src, { get: originalSrc.get, set: function(value) { if (value && (value.includes(lockdown) || value.includes(ses))) { console.log(🛡️ BLOCKED: Lockdown script loading prevented:, value); return; // Dont set the src } return originalSrc.set.call(this, value); } }); } } return element; }; console.log(✅ Emergency lockdown prevention active); } catch (error) { console.error(❌ Emergency prevention failed:, error); } })(); /script> script> console.log(🔧 Pre-loading security compatibility fixes...); // Advanced lockdown/SES neutralization (function() { const neutralizeLockdown () > { try { console.log(🔍 Checking lockdown status...); // Method 1: Try to override lockdown function directly const overrideLockdown (obj, objName) > { if (!obj) return; try { // Check if lockdown exists if (typeof obj.lockdown ! undefined) { console.warn(`⚠️ ${objName}.lockdown detected - attempting neutralization`); // Try direct assignment first try { obj.lockdown () > { console.log(🛡️ Lockdown call intercepted and neutralized); return; }; console.log(`✅ ${objName}.lockdown neutralized via assignment`); } catch (assignError) { console.log(`⚠️ Assignment failed for ${objName}.lockdown:`, assignError.message); // Try delete try { delete obj.lockdown; console.log(`✅ ${objName}.lockdown deleted`); } catch (deleteError) { console.log(`⚠️ Delete failed for ${objName}.lockdown:`, deleteError.message); // Try descriptor override (only if configurable) try { const descriptor Object.getOwnPropertyDescriptor(obj, lockdown); if (descriptor && descriptor.configurable) { Object.defineProperty(obj, lockdown, { value: () > console.log(🛡️ Lockdown neutralized), writable: true, configurable: true }); console.log(`✅ ${objName}.lockdown overridden via descriptor`); } else { console.log(`⚠️ ${objName}.lockdown is non-configurable, using proxy method`); // Create a proxy to intercept lockdown calls const originalLockdown obj.lockdown; obj.lockdown new Proxy(originalLockdown, { apply: function(target, thisArg, argumentsList) { console.log(🛡️ Lockdown call intercepted via proxy); return; } }); } } catch (descriptorError) { console.log(`⚠️ Descriptor method failed:`, descriptorError.message); } } } } } catch (error) { console.log(`⚠️ Error processing ${objName}.lockdown:`, error.message); } }; // Apply to different contexts overrideLockdown(window, window); overrideLockdown(globalThis, globalThis); overrideLockdown(self, self); // Method 2: Intercept known SES/lockdown related objects const sesObjects ses, SES, harden, Compartment, lockdown; sesObjects.forEach(prop > { window, globalThis, self.forEach(obj > { if (obj && objprop) { try { const original objprop; objprop () > { console.log(`🛡️ ${prop} call intercepted and neutralized`); return {}; }; console.log(`✅ ${prop} neutralized`); } catch (e) { console.log(`⚠️ Could not neutralize ${prop}:`, e.message); } } }); }); // Method 3: Override intrinsics if possible try { if (typeof Object.freeze function) { const originalFreeze Object.freeze; Object.freeze function(obj) { // Dont freeze objects that might be related to React/app functionality if (obj && ( obj.constructor?.name?.includes(React) || obj.toString?.().includes(React) || obj.displayName )) { console.log(🛡️ Prevented freezing of React-related object); return obj; } return originalFreeze.call(this, obj); }; console.log(✅ Object.freeze intercepted); } } catch (freezeError) { console.log(⚠️ Could not intercept Object.freeze:, freezeError.message); } console.log(✅ Security compatibility fixes applied successfully); } catch (error) { console.error(❌ Critical error in security fixes:, error); console.log(🔄 Continuing with basic overrides...); // Fallback: Basic function replacement try { if (typeof window ! undefined) { window.lockdown () > console.log(🛡️ Lockdown disabled (fallback)); } if (typeof globalThis ! undefined) { globalThis.lockdown () > console.log(🛡️ Lockdown disabled (fallback)); } console.log(✅ Fallback security fixes applied); } catch (fallbackError) { console.error(❌ Even fallback fixes failed:, fallbackError); } } }; // Apply immediately neutralizeLockdown(); // Also apply when DOM is ready (in case lockdown is injected later) if (document.readyState loading) { document.addEventListener(DOMContentLoaded, neutralizeLockdown); } // Apply again after a short delay to catch any delayed lockdown injection setTimeout(neutralizeLockdown, 100); setTimeout(neutralizeLockdown, 1000); })(); /script> script typemodule crossorigin src/assets/index-CeN9Cr9h.js>/script> link relmodulepreload crossorigin href/assets/vendor-react-C8SX4lto.js> link relmodulepreload crossorigin href/assets/vendor-mui-D23aBFrY.js> /head> body> div idroot> div styledisplay: flex; justify-content: center; align-items: center; height: 100vh; font-family: Arial, sans-serif;> div>Loading.../div> /div> /div> /body>/html>
View on OTX
|
View on ThreatMiner
Please enable JavaScript to view the
comments powered by Disqus.
Data with thanks to
AlienVault OTX
,
VirusTotal
,
Malwr
and
others
. [
Sitemap
]