85.158.108.135 Open in urlscan Pro
85.158.108.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://85.158.108.135:5050/login
Submission Tags: c2 malware castle Search All
Submission: On August 22 via api (August 22nd 2025, 12:26:31 pm UTC) from US — Scanned from DK

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 0 domains to perform 9 HTTP transactions. The main IP is 85.158.108.135, located in Bulgaria and belongs to HZ-EU-AS HZ Hosting Ltd, BG. The main domain is 85.158.108.135.

This is the only time 85.158.108.135 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
9	85.158.108.135 85.158.108.135		59711 (HZ-EU-AS ...) (HZ-EU-AS HZ Hosting Ltd)
9	1

9 85.158.108.135 (Bulgaria)

ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG)

85.158.108.135	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
9	0

	Domain	Requested by
9	0

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://85.158.108.135:5050/login
Frame ID: 4C575F25853A1341A511477620B41532
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Castle

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

1
IPs

1
Countries

1292 kB
Transfer

1289 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login Show response 85.158.108.135/	391 B 739 B	86ms 45ms	Document text/html	85.158.108.135 HZ-EU-AS HZ Hosti...
General Check archive.org Download Go to Full URL http://85.158.108.135:5050/login Protocol HTTP/1.1 Server 85.158.108.135 , Bulgaria, ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG), Reverse DNS Software / Express Resource Hash `c919c4370c6f2abce479ede4fd04b5dd0e064406a6f368a0afd55304621dcd55` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Access-Control-Allow-Origin * Cache-Control public, max-age=0 Connection keep-alive Content-Length 391 Content-Type text/html; charset=UTF-8 Date Fri, 22 Aug 2025 12:26:32 GMT ETag W/"187-197c73a53d0" Keep-Alive timeout=5 Last-Modified Tue, 01 Jul 2025 18:22:58 GMT X-Powered-By Express
GET H/1.1	200 OK	index-DOfwhp3V.js Show response 85.158.108.135/assets/	1 MB 1 MB	50ms 49ms	Script application/javascript	85.158.108.135 HZ-EU-AS HZ Hosti...
General Check archive.org Download Go to Full URL http://85.158.108.135:5050/assets/index-DOfwhp3V.js Requested by Host: 85.158.108.135 URL: http://85.158.108.135:5050/login Protocol HTTP/1.1 Server 85.158.108.135 , Bulgaria, ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG), Reverse DNS Software / Express Resource Hash `fdf89b4ab7720ca147e83f20ed8b7a5759060f5cd8658ec0a15fba2fb99439d6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Origin http://85.158.108.135:5050 Referer http://85.158.108.135:5050/login Response headers Cache-Control public, max-age=0 ETag W/"133f57-197c73a53d0" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 1261399 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:32 GMT Last-Modified Tue, 01 Jul 2025 18:22:58 GMT X-Powered-By Express Content-Type application/javascript; charset=UTF-8
GET H/1.1	200 OK	index-BGwKVD2M.css 85.158.108.135/assets/	9 KB 9 KB	89ms 46ms	Stylesheet text/css	85.158.108.135 HZ-EU-AS HZ Hosti...
General Check archive.org Download Go to Full URL http://85.158.108.135:5050/assets/index-BGwKVD2M.css Requested by Host: 85.158.108.135 URL: http://85.158.108.135:5050/login Protocol HTTP/1.1 Server 85.158.108.135 , Bulgaria, ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG), Reverse DNS Software / Express Resource Hash `5f1521ed34e2ed05a6b2f9f6cfacc595692d66e0cd072acaba2d68840d375be6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Origin http://85.158.108.135:5050 Referer http://85.158.108.135:5050/login Response headers Cache-Control public, max-age=0 ETag W/"2471-197c73a53d0" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 9329 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:32 GMT Last-Modified Tue, 01 Jul 2025 18:22:58 GMT X-Powered-By Express Content-Type text/css; charset=UTF-8
GET H/1.1	200 OK	inter-latin-400-normal-BOOGhInR.woff2 85.158.108.135/assets/	23 KB 23 KB	45ms 45ms	Font font/woff2	85.158.108.135 HZ-EU-AS HZ Hosti...
General Check archive.org Download Go to Full URL http://85.158.108.135:5050/assets/inter-latin-400-normal-BOOGhInR.woff2 Requested by Host: 85.158.108.135 URL: http://85.158.108.135:5050/assets/index-BGwKVD2M.css Protocol HTTP/1.1 Server 85.158.108.135 , Bulgaria, ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG), Reverse DNS Software / Express Resource Hash `dd05e326cf8eac3b55acecf29c842ed73e6e6dd06491cf47f7e8800680ab3e33` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Origin http://85.158.108.135:5050 Referer http://85.158.108.135:5050/assets/index-BGwKVD2M.css Response headers Cache-Control public, max-age=0 ETag W/"5c8c-197c73a53d0" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 23692 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:32 GMT Last-Modified Tue, 01 Jul 2025 18:22:58 GMT X-Powered-By Express Content-Type font/woff2
GET H/1.1	200 OK	inter-latin-500-normal-D2bGa7uu.woff2 85.158.108.135/assets/	24 KB 24 KB	88ms 44ms	Font font/woff2	85.158.108.135 HZ-EU-AS HZ Hosti...
General Check archive.org Download Go to Full URL http://85.158.108.135:5050/assets/inter-latin-500-normal-D2bGa7uu.woff2 Requested by Host: 85.158.108.135 URL: http://85.158.108.135:5050/assets/index-BGwKVD2M.css Protocol HTTP/1.1 Server 85.158.108.135 , Bulgaria, ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG), Reverse DNS Software / Express Resource Hash `b0e7558f4710a1e255b93e3deefe3aebb19f3bb41c150f685a74d3b1a1c79e87` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Origin http://85.158.108.135:5050 Referer http://85.158.108.135:5050/assets/index-BGwKVD2M.css Response headers Cache-Control public, max-age=0 ETag W/"5f30-197c73a53d0" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 24368 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:32 GMT Last-Modified Tue, 01 Jul 2025 18:22:58 GMT X-Powered-By Express Content-Type font/woff2
GET H/1.1	403 Forbidden	session Show response 85.158.108.135/0gSmLDjBIhyf/api/	53 B 327 B	45ms 44ms	XHR application/json	85.158.108.135 HZ-EU-AS HZ Hosti...
General Check archive.org Download Go to Full URL http://85.158.108.135:5050/0gSmLDjBIhyf/api/session Requested by Host: 85.158.108.135 URL: http://85.158.108.135:5050/assets/index-DOfwhp3V.js Protocol HTTP/1.1 Server 85.158.108.135 , Bulgaria, ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG), Reverse DNS Software / Express Resource Hash `aeb4603d4fb9103831213bb784b504f958969b809d1e426a2700c7c358b53cc5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept application/json, text/plain, / Referer http://85.158.108.135:5050/login Response headers ETag W/"35-5MqXNANFL2N55Fp5vmn7Y0ye1rQ" Connection keep-alive Access-Control-Allow-Origin * Content-Length 53 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:32 GMT Content-Type application/json; charset=utf-8 X-Powered-By Express
GET H/1.1	200 OK	favicon.ico 85.158.108.135/	391 B 739 B	88ms 44ms	Other text/html	85.158.108.135 HZ-EU-AS HZ Hosti...
General Check archive.org Download Go to Full URL http://85.158.108.135:5050/favicon.ico Protocol HTTP/1.1 Server 85.158.108.135 , Bulgaria, ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG), Reverse DNS Software / Express Resource Hash `c919c4370c6f2abce479ede4fd04b5dd0e064406a6f368a0afd55304621dcd55` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer http://85.158.108.135:5050/login Response headers Cache-Control public, max-age=0 ETag W/"187-197c73a53d0" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 391 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:32 GMT Last-Modified Tue, 01 Jul 2025 18:22:58 GMT X-Powered-By Express Content-Type text/html; charset=UTF-8
GET H/1.1	403 Forbidden	session Show response 85.158.108.135/0gSmLDjBIhyf/api/	53 B 327 B	45ms 45ms	XHR application/json	85.158.108.135 HZ-EU-AS HZ Hosti...
General Check archive.org Download Go to Full URL http://85.158.108.135:5050/0gSmLDjBIhyf/api/session Requested by Host: 85.158.108.135 URL: http://85.158.108.135:5050/assets/index-DOfwhp3V.js Protocol HTTP/1.1 Server 85.158.108.135 , Bulgaria, ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG), Reverse DNS Software / Express Resource Hash `aeb4603d4fb9103831213bb784b504f958969b809d1e426a2700c7c358b53cc5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept application/json, text/plain, / Referer http://85.158.108.135:5050/login Response headers ETag W/"35-5MqXNANFL2N55Fp5vmn7Y0ye1rQ" Connection keep-alive Access-Control-Allow-Origin * Content-Length 53 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:33 GMT Content-Type application/json; charset=utf-8 X-Powered-By Express
GET H/1.1	403 Forbidden	session Show response 85.158.108.135/0gSmLDjBIhyf/api/	53 B 327 B	45ms 45ms	XHR application/json	85.158.108.135 HZ-EU-AS HZ Hosti...
General Check archive.org Download Go to Full URL http://85.158.108.135:5050/0gSmLDjBIhyf/api/session Requested by Host: 85.158.108.135 URL: http://85.158.108.135:5050/assets/index-DOfwhp3V.js Protocol HTTP/1.1 Server 85.158.108.135 , Bulgaria, ASN59711 (HZ-EU-AS HZ Hosting Ltd, BG), Reverse DNS Software / Express Resource Hash `aeb4603d4fb9103831213bb784b504f958969b809d1e426a2700c7c358b53cc5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept application/json, text/plain, / Referer http://85.158.108.135:5050/login Response headers ETag W/"35-5MqXNANFL2N55Fp5vmn7Y0ye1rQ" Connection keep-alive Access-Control-Allow-Origin * Content-Length 53 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:35 GMT Content-Type application/json; charset=utf-8 X-Powered-By Express

Verdicts & Comments Add Verdict or Comment

1 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

string| __reactRouterVersion

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://85.158.108.135:5050/0gSmLDjBIhyf/api/session Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
recommendation	verbose	URL: http://85.158.108.135:5050/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: http://85.158.108.135:5050/0gSmLDjBIhyf/api/session Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: http://85.158.108.135:5050/0gSmLDjBIhyf/api/session Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

85.158.108.135
5f1521ed34e2ed05a6b2f9f6cfacc595692d66e0cd072acaba2d68840d375be6
aeb4603d4fb9103831213bb784b504f958969b809d1e426a2700c7c358b53cc5
b0e7558f4710a1e255b93e3deefe3aebb19f3bb41c150f685a74d3b1a1c79e87
c919c4370c6f2abce479ede4fd04b5dd0e064406a6f368a0afd55304621dcd55
dd05e326cf8eac3b55acecf29c842ed73e6e6dd06491cf47f7e8800680ab3e33
fdf89b4ab7720ca147e83f20ed8b7a5759060f5cd8658ec0a15fba2fb99439d6

85.158.108.135 Open in urlscan Pro 85.158.108.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

0 %HTTPS

0 %IPv6

0 Domains

0 Subdomains

1 IPs

1 Countries

1292 kBTransfer

1289 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Window variables

0 Cookies

4 Console Messages

Indicators

85.158.108.135 Open in urlscan Pro
85.158.108.135 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

1
IPs

1
Countries

1292 kB
Transfer

1289 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions