64.52.80.44 Open in urlscan Pro
64.52.80.44 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://64.52.80.44:9999/login
Submission Tags: c2 malware castle Search All
Submission: On August 22 via api (August 22nd 2025, 12:26:34 pm UTC) from US — Scanned from CH

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 0 domains to perform 9 HTTP transactions. The main IP is 64.52.80.44, located in Los Angeles, United States and belongs to BLNWX, US. The main domain is 64.52.80.44.

This is the only time 64.52.80.44 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
9	64.52.80.44 64.52.80.44		399629 (BLNWX) (BLNWX)
9	1

9 64.52.80.44 (Los Angeles, United States)

ASN399629 (BLNWX, US)

64.52.80.44	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
9	0

	Domain	Requested by
9	0

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://64.52.80.44:9999/login
Frame ID: 0EA418D9473E8BB992306E1EC725B444
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Castle

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

1
IPs

1
Countries

1377 kB
Transfer

1374 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login Show response 64.52.80.44/	391 B 739 B	318ms 166ms	Document text/html	64.52.80.44 BLNWX
General Check archive.org Download Go to Full URL http://64.52.80.44:9999/login Protocol HTTP/1.1 Server 64.52.80.44 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software / Express Resource Hash `75f627440b237164127118a611d23dc8b91e680517b87883030d5e73b31e168f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Access-Control-Allow-Origin * Cache-Control public, max-age=0 Connection keep-alive Content-Length 391 Content-Type text/html; charset=UTF-8 Date Fri, 22 Aug 2025 12:26:35 GMT ETag W/"187-19880d77a70" Keep-Alive timeout=5 Last-Modified Wed, 06 Aug 2025 19:24:22 GMT X-Powered-By Express
GET H/1.1	200 OK	index-Di5rolk2.js Show response 64.52.80.44/assets/	1 MB 1 MB	158ms 158ms	Script application/javascript	64.52.80.44 BLNWX
General Check archive.org Download Go to Full URL http://64.52.80.44:9999/assets/index-Di5rolk2.js Requested by Host: 64.52.80.44 URL: http://64.52.80.44:9999/login Protocol HTTP/1.1 Server 64.52.80.44 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software / Express Resource Hash `bfe315560f102a9ac91a7fc3293bf4e48551d88f9e777f66ba885e7a67fd6ba5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Origin http://64.52.80.44:9999 Referer http://64.52.80.44:9999/login Response headers Cache-Control public, max-age=0 ETag W/"1494f0-19880d77a70" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 1348848 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:35 GMT Last-Modified Wed, 06 Aug 2025 19:24:22 GMT X-Powered-By Express Content-Type application/javascript; charset=UTF-8
GET H/1.1	200 OK	index-B2d76rFb.css 64.52.80.44/assets/	9 KB 9 KB	316ms 159ms	Stylesheet text/css	64.52.80.44 BLNWX
General Check archive.org Download Go to Full URL http://64.52.80.44:9999/assets/index-B2d76rFb.css Requested by Host: 64.52.80.44 URL: http://64.52.80.44:9999/login Protocol HTTP/1.1 Server 64.52.80.44 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software / Express Resource Hash `a3512a2a26178d601c6875d7866f7be543b9e73438a3c2e3ccbb49c8074bb1ab` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Origin http://64.52.80.44:9999 Referer http://64.52.80.44:9999/login Response headers Cache-Control public, max-age=0 ETag W/"2471-19880d77a70" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 9329 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:35 GMT Last-Modified Wed, 06 Aug 2025 19:24:22 GMT X-Powered-By Express Content-Type text/css; charset=UTF-8
GET H/1.1	200 OK	inter-latin-400-normal-C38fXH4l.woff2 64.52.80.44/assets/	23 KB 23 KB	164ms 164ms	Font font/woff2	64.52.80.44 BLNWX
General Check archive.org Download Go to Full URL http://64.52.80.44:9999/assets/inter-latin-400-normal-C38fXH4l.woff2 Requested by Host: 64.52.80.44 URL: http://64.52.80.44:9999/assets/index-B2d76rFb.css Protocol HTTP/1.1 Server 64.52.80.44 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software / Express Resource Hash `8909904ab6c872eb994093482a88a28eca2cd95912d7b6fecd72103b0dc07edc` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Origin http://64.52.80.44:9999 Referer http://64.52.80.44:9999/assets/index-B2d76rFb.css Response headers Cache-Control public, max-age=0 ETag W/"5c70-19880d77a70" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 23664 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:37 GMT Last-Modified Wed, 06 Aug 2025 19:24:22 GMT X-Powered-By Express Content-Type font/woff2
GET H/1.1	200 OK	inter-latin-500-normal-Cerq10X2.woff2 64.52.80.44/assets/	24 KB 24 KB	313ms 157ms	Font font/woff2	64.52.80.44 BLNWX
General Check archive.org Download Go to Full URL http://64.52.80.44:9999/assets/inter-latin-500-normal-Cerq10X2.woff2 Requested by Host: 64.52.80.44 URL: http://64.52.80.44:9999/assets/index-B2d76rFb.css Protocol HTTP/1.1 Server 64.52.80.44 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software / Express Resource Hash `f3779f1efccc4bdcdf9c0a02ab95bf6bd092ed09c48c08cedc725889edd1d19f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Origin http://64.52.80.44:9999 Referer http://64.52.80.44:9999/assets/index-B2d76rFb.css Response headers Cache-Control public, max-age=0 ETag W/"5ed0-19880d77a70" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 24272 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:37 GMT Last-Modified Wed, 06 Aug 2025 19:24:22 GMT X-Powered-By Express Content-Type font/woff2
GET H/1.1	403 Forbidden	session Show response 64.52.80.44/t31PU1M2X6/api/	53 B 327 B	159ms 159ms	XHR application/json	64.52.80.44 BLNWX
General Check archive.org Download Go to Full URL http://64.52.80.44:9999/t31PU1M2X6/api/session Requested by Host: 64.52.80.44 URL: http://64.52.80.44:9999/assets/index-Di5rolk2.js Protocol HTTP/1.1 Server 64.52.80.44 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software / Express Resource Hash `aeb4603d4fb9103831213bb784b504f958969b809d1e426a2700c7c358b53cc5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept application/json, text/plain, / Referer http://64.52.80.44:9999/login Response headers ETag W/"35-5MqXNANFL2N55Fp5vmn7Y0ye1rQ" Connection keep-alive Access-Control-Allow-Origin * Content-Length 53 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:37 GMT Content-Type application/json; charset=utf-8 X-Powered-By Express
GET H/1.1	200 OK	favicon.ico 64.52.80.44/	391 B 739 B	318ms 161ms	Other text/html	64.52.80.44 BLNWX
General Check archive.org Download Go to Full URL http://64.52.80.44:9999/favicon.ico Protocol HTTP/1.1 Server 64.52.80.44 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software / Express Resource Hash `75f627440b237164127118a611d23dc8b91e680517b87883030d5e73b31e168f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Referer http://64.52.80.44:9999/login Response headers Cache-Control public, max-age=0 ETag W/"187-19880d77a70" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 391 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:37 GMT Last-Modified Wed, 06 Aug 2025 19:24:22 GMT X-Powered-By Express Content-Type text/html; charset=UTF-8
GET H/1.1	403 Forbidden	session Show response 64.52.80.44/t31PU1M2X6/api/	53 B 327 B	158ms 157ms	XHR application/json	64.52.80.44 BLNWX
General Check archive.org Download Go to Full URL http://64.52.80.44:9999/t31PU1M2X6/api/session Requested by Host: 64.52.80.44 URL: http://64.52.80.44:9999/assets/index-Di5rolk2.js Protocol HTTP/1.1 Server 64.52.80.44 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software / Express Resource Hash `aeb4603d4fb9103831213bb784b504f958969b809d1e426a2700c7c358b53cc5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept application/json, text/plain, / Referer http://64.52.80.44:9999/login Response headers ETag W/"35-5MqXNANFL2N55Fp5vmn7Y0ye1rQ" Connection keep-alive Access-Control-Allow-Origin * Content-Length 53 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:38 GMT Content-Type application/json; charset=utf-8 X-Powered-By Express
GET H/1.1	403 Forbidden	session Show response 64.52.80.44/t31PU1M2X6/api/	53 B 327 B	157ms 157ms	XHR application/json	64.52.80.44 BLNWX
General Check archive.org Download Go to Full URL http://64.52.80.44:9999/t31PU1M2X6/api/session Requested by Host: 64.52.80.44 URL: http://64.52.80.44:9999/assets/index-Di5rolk2.js Protocol HTTP/1.1 Server 64.52.80.44 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software / Express Resource Hash `aeb4603d4fb9103831213bb784b504f958969b809d1e426a2700c7c358b53cc5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Accept application/json, text/plain, / Referer http://64.52.80.44:9999/login Response headers ETag W/"35-5MqXNANFL2N55Fp5vmn7Y0ye1rQ" Connection keep-alive Access-Control-Allow-Origin * Content-Length 53 Keep-Alive timeout=5 Date Fri, 22 Aug 2025 12:26:40 GMT Content-Type application/json; charset=utf-8 X-Powered-By Express

Verdicts & Comments Add Verdict or Comment

1 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

string| __reactRouterVersion

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: http://64.52.80.44:9999/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: http://64.52.80.44:9999/t31PU1M2X6/api/session Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: http://64.52.80.44:9999/t31PU1M2X6/api/session Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: http://64.52.80.44:9999/t31PU1M2X6/api/session Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

64.52.80.44
75f627440b237164127118a611d23dc8b91e680517b87883030d5e73b31e168f
8909904ab6c872eb994093482a88a28eca2cd95912d7b6fecd72103b0dc07edc
a3512a2a26178d601c6875d7866f7be543b9e73438a3c2e3ccbb49c8074bb1ab
aeb4603d4fb9103831213bb784b504f958969b809d1e426a2700c7c358b53cc5
bfe315560f102a9ac91a7fc3293bf4e48551d88f9e777f66ba885e7a67fd6ba5
f3779f1efccc4bdcdf9c0a02ab95bf6bd092ed09c48c08cedc725889edd1d19f

64.52.80.44 Open in urlscan Pro 64.52.80.44 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

0 %HTTPS

0 %IPv6

0 Domains

0 Subdomains

1 IPs

1 Countries

1377 kBTransfer

1374 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Window variables

0 Cookies

4 Console Messages

Indicators

64.52.80.44 Open in urlscan Pro
64.52.80.44 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

1
IPs

1
Countries

1377 kB
Transfer

1374 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions