119.91.52.117
119.91.52.117 Public Scan Open in urlscan Pro

Go To Rescan
Add Verdict Report

URL:
http://119.91.52.117:8888/supershell/login
Submission Tags: c2 malware supershell Search All
Submission: On October 31 via api (October 31st 2025, 2:55:16 am UTC) from US — Scanned from CA

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 119.91.52.117, located in Guangzhou, China and belongs to TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN. The main domain is 119.91.52.117.

This is the only time 119.91.52.117 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 7	119.91.52.117 119.91.52.117	45090 (TENCENT-N...) (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited)
2	104.21.58.14 104.21.58.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	3

7 119.91.52.117 (Guangzhou, China) 1 redirects

ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)

119.91.52.117	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 104.21.58.14 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

rsms.me 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
2	rsms.me rsms.me — Cisco Umbrella Rank: 13535 13yr old	347 KB
0	Failed function sub() { [native code] }. Failed
10	2

	Domain	Requested by
2	rsms.me	119.91.52.117 rsms.me
0	119.91.52.117 Failed	119.91.52.117
10	2

This site contains no links.

Subject Issuer	Validity	Valid
rsms.me WE1	`2025-10-09` - `2026-01-07`	3mo	crt.sh

This page contains 1 frames:

Primary Page: http://119.91.52.117:8888/supershell/login
Frame ID: A229ABAB0910BA5804C333981E4CF885
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Supershell - 登录

Page URL History Show full URLs

http://119.91.52.117:8888/supershell/login/ HTTP 302
http://119.91.52.117:8888/supershell/login Page URL

Page Statistics

10
Requests

20 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

868 kB
Transfer

877 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://119.91.52.117:8888/supershell/login/ HTTP 302
http://119.91.52.117:8888/supershell/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login Show response 119.91.52.117/supershell/ Redirect Chain http://119.91.52.117:8888/supershell/login/ http://119.91.52.117:8888/supershell/login	3 KB 2 KB	241ms 241ms	Document text/html	119.91.52.117 TENCENT-NET-AP Sh...
General Check archive.org Download Go to Full URL http://119.91.52.117:8888/supershell/login Protocol HTTP/1.1 Server 119.91.52.117 Guangzhou, China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN), Reverse DNS Software nginx/1.18.0 / Resource Hash `6084d5352ce347a3f6b9f7b789acc8b422b748a0cd99549f2ea534e439b8999b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Fri, 31 Oct 2025 02:55:17 GMT Server nginx/1.18.0 Transfer-Encoding chunked Redirect headers Connection keep-alive Content-Length 221 Content-Type text/html; charset=utf-8 Date Fri, 31 Oct 2025 02:55:17 GMT Location /supershell/login Server nginx/1.18.0
GET H/1.1	200 OK	tabler.min.css 119.91.52.117/static/css/	487 KB 487 KB	243ms 243ms	Stylesheet text/css	119.91.52.117 TENCENT-NET-AP Sh...
General Check archive.org Download Go to Full URL http://119.91.52.117:8888/static/css/tabler.min.css Requested by Host: 119.91.52.117 URL: http://119.91.52.117:8888/supershell/login Protocol HTTP/1.1 Server 119.91.52.117 Guangzhou, China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN), Reverse DNS Software nginx/1.18.0 / Resource Hash `c3e9d7da708c0f3a5998e558656f2ec90f3fbbe8973651b534da0a60b24563ea` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Referer http://119.91.52.117:8888/supershell/login Response headers ETag "68fa026d-79b90" Connection keep-alive Accept-Ranges bytes Content-Length 498576 Date Fri, 31 Oct 2025 02:55:17 GMT Content-Type text/css Last-Modified Thu, 23 Oct 2025 10:24:45 GMT Server nginx/1.18.0
GET H/1.1	200 OK	toastr.min.css 119.91.52.117/static/css/	6 KB 7 KB	471ms 451ms	Stylesheet text/css	119.91.52.117 TENCENT-NET-AP Sh...
General Check archive.org Download Go to Full URL http://119.91.52.117:8888/static/css/toastr.min.css Requested by Host: 119.91.52.117 URL: http://119.91.52.117:8888/supershell/login Protocol HTTP/1.1 Server 119.91.52.117 Guangzhou, China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN), Reverse DNS Software nginx/1.18.0 / Resource Hash `47dd690f8f315bea076e92581a7e7147443bb4c847e313ab5a7d50a8c44836d0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Referer http://119.91.52.117:8888/supershell/login Response headers ETag "68fa026c-1936" Connection keep-alive Accept-Ranges bytes Content-Length 6454 Date Fri, 31 Oct 2025 02:55:17 GMT Content-Type text/css Last-Modified Thu, 23 Oct 2025 10:24:44 GMT Server nginx/1.18.0
GET H3	200	inter.css rsms.me/inter/	11 KB 2 KB	60ms 28ms	Stylesheet text/css	104.21.58.14 CLOUDFLARENET
General Check archive.org Download Go to Full URL https://rsms.me/inter/inter.css Requested by Host: 119.91.52.117 URL: http://119.91.52.117:8888/supershell/login Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.58.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `46d01c7807f64a24c1b2853b756ef15f3a2facdf4a9f066eaf5d39c0c9935441` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Referer http://119.91.52.117:8888/ Response headers x-fastly-request-id 32a32eb407b6de16952a3df9f8a0520aadf98128 content-encoding gzip cf-cache-status HIT etag W/"6737eec5-2ce9" age 280 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MhO27gnwhMpq4dBRJ3ppLQqK1Mx81VQhe%2FdxEO5FeZqfSbi%2BZAkJMc9HQI59zzVoipFljNyNv9g5Biu8WV1pHznTpYO8%2BWM%3D"}]} x-github-request-id 87C0:177A:1E48E57:20533EE:685BAB22 expires Wed, 15 Oct 2025 06:45:16 GMT x-proxy-cache MISS alt-svc h3=":443"; ma=86400 x-cache HIT server-timing cfExtPri date Fri, 31 Oct 2025 02:55:17 GMT last-modified Sat, 16 Nov 2024 01:00:53 GMT content-type text/css; charset=utf-8 x-served-by cache-yyz4568-YYZ x-cache-hits 0 vary Accept-Encoding priority u=0,i=?0 cache-control max-age=14400 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} x-timer S1752150042.035988,VS0,VE1 via 1.1 varnish cf-ray 996fdf671c47ab5a-YYZ accept-ranges bytes access-control-allow-origin * content-length 1305 x-origin-cache HIT server cloudflare
GET H/1.1	200 OK	logo.svg 119.91.52.117/static/img/	17 KB 17 KB	467ms 448ms	Image image/svg+xml	119.91.52.117 TENCENT-NET-AP Sh...
General Check archive.org Download Go to Show image Full URL http://119.91.52.117:8888/static/img/logo.svg Requested by Host: 119.91.52.117 URL: http://119.91.52.117:8888/supershell/login Protocol HTTP/1.1 Server 119.91.52.117 Guangzhou, China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN), Reverse DNS Software nginx/1.18.0 / Resource Hash `662b68e7f5cec8085faf5f341578bea97a3bc6785f5e900a677da664fb4202de` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Referer http://119.91.52.117:8888/supershell/login Response headers ETag "68fa0238-44ca" Connection keep-alive Accept-Ranges bytes Content-Length 17610 Date Fri, 31 Oct 2025 02:55:17 GMT Content-Type image/svg+xml Last-Modified Thu, 23 Oct 2025 10:23:52 GMT Server nginx/1.18.0
GET		tabler.min.js 119.91.52.117/static/js/	0 0

GET		jquery.min.js 119.91.52.117/static/js/	0 0

GET H/1.1	200 OK	toastr.min.js Show response 119.91.52.117/static/js/	5 KB 5 KB	491ms 472ms	Script application/javascript	119.91.52.117 TENCENT-NET-AP Sh...
General Check archive.org Download Go to Full URL http://119.91.52.117:8888/static/js/toastr.min.js Requested by Host: 119.91.52.117 URL: http://119.91.52.117:8888/supershell/login Protocol HTTP/1.1 Server 119.91.52.117 Guangzhou, China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN), Reverse DNS Software nginx/1.18.0 / Resource Hash `1e0c2ad4e069276efa1d43fd1f7549912bfd64219119037e26574f27ca4d7143` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Referer http://119.91.52.117:8888/supershell/login Response headers ETag "68fa0233-1483" Connection keep-alive Accept-Ranges bytes Content-Length 5251 Date Fri, 31 Oct 2025 02:55:17 GMT Content-Type application/javascript Last-Modified Thu, 23 Oct 2025 10:23:47 GMT Server nginx/1.18.0
GET H/1.1	200 OK	login.js Show response 119.91.52.117/static/js/func/	3 KB 3 KB	233ms 233ms	Script application/javascript	119.91.52.117 TENCENT-NET-AP Sh...
General Check archive.org Download Go to Full URL http://119.91.52.117:8888/static/js/func/login.js Requested by Host: 119.91.52.117 URL: http://119.91.52.117:8888/supershell/login Protocol HTTP/1.1 Server 119.91.52.117 Guangzhou, China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN), Reverse DNS Software nginx/1.18.0 / Resource Hash `0c170addf4db0652f05cb8692978add1e819daa3891780164468c600055f5159` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Referer http://119.91.52.117:8888/supershell/login Response headers ETag "68fa0237-ac4" Connection keep-alive Accept-Ranges bytes Content-Length 2756 Date Fri, 31 Oct 2025 02:55:18 GMT Content-Type application/javascript Last-Modified Thu, 23 Oct 2025 10:23:51 GMT Server nginx/1.18.0
GET H3	200	InterVariable.woff2 rsms.me/inter/font-files/	344 KB 345 KB	65ms 38ms	Font font/woff2	104.21.58.14 CLOUDFLARENET
General Check archive.org Download Go to Full URL https://rsms.me/inter/font-files/InterVariable.woff2?v=4.1 Requested by Host: rsms.me URL: https://rsms.me/inter/inter.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.58.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `693b77d4f32ee9b8bfc995589b5fad5e99adf2832738661f5402f9978429a8e3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Origin http://119.91.52.117:8888 Referer https://rsms.me/inter/inter.css Response headers x-fastly-request-id 5e20c39024d39bbd5e4b368832e6e0d23095d50d cf-cache-status MISS etag "6737eec5-55ff0" age 483 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zJg6zSUD3iqMruUmWbwQczd1buOEIhYkfzvk7sYJKeIP0NZEZFPPHJ30Me%2BkyhKpZ3bMerAaAKeALmg1iTMNKqSXX0LLKH8%3D"}]} x-github-request-id 3D55:32EDCE:25AE086:2B56BD6:6902AF5D expires Thu, 30 Oct 2025 00:30:45 GMT x-proxy-cache MISS alt-svc h3=":443"; ma=86400 x-cache HIT server-timing cfExtPri date Fri, 31 Oct 2025 02:55:22 GMT content-type font/woff2 last-modified Sat, 16 Nov 2024 01:00:53 GMT x-served-by cache-yyz4577-YYZ x-cache-hits 16 vary Accept-Encoding priority u=0,i=?0 cache-control max-age=2678400 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} x-timer S1761879323.837038,VS0,VE0 via 1.1 varnish cf-ray 996fdf87a895ac45-YYZ accept-ranges bytes access-control-allow-origin * content-length 352240 server cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 119.91.52.117
URL: http://119.91.52.117:8888/static/js/tabler.min.js

Domain: 119.91.52.117
URL: http://119.91.52.117:8888/static/js/jquery.min.js

Verdicts & Comments Add Verdict or Comment

0 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: http://119.91.52.117:8888/supershell/login Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

119.91.52.117
rsms.me
119.91.52.117
104.21.58.14
119.91.52.117
0c170addf4db0652f05cb8692978add1e819daa3891780164468c600055f5159
1e0c2ad4e069276efa1d43fd1f7549912bfd64219119037e26574f27ca4d7143
46d01c7807f64a24c1b2853b756ef15f3a2facdf4a9f066eaf5d39c0c9935441
47dd690f8f315bea076e92581a7e7147443bb4c847e313ab5a7d50a8c44836d0
6084d5352ce347a3f6b9f7b789acc8b422b748a0cd99549f2ea534e439b8999b
662b68e7f5cec8085faf5f341578bea97a3bc6785f5e900a677da664fb4202de
693b77d4f32ee9b8bfc995589b5fad5e99adf2832738661f5402f9978429a8e3
c3e9d7da708c0f3a5998e558656f2ec90f3fbbe8973651b534da0a60b24563ea

119.91.52.117 119.91.52.117 Public Scan Open in urlscan Pro

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

20 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

868 kBTransfer

877 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Window variables

0 Cookies

1 Console Messages

Indicators

119.91.52.117
119.91.52.117 Public Scan Open in urlscan Pro

Screenshot
Live screenshot

Full Image

10
Requests

20 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

868 kB
Transfer

877 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions