That makes sense since we just saw the same problem with USPS realtime shipping rates via production.shippingapis.com, which seems like an odd attack target.

edit: and I mean the exact same issue, it was resolving to a confluence owned IP that was serving a squatter page for the domain.