74.234.120.8
74.234.120.8  Public Scan Open in urlscan Pro

Internal
urlscan.io (IP) urlscan.io (Domain)
Effective Hostname
VirusTotal SecurityTrails crt.sh
Submitted URL
Google Safe Browsing Archive.org
Effective IP
VirusTotal SecurityTrails Domaintools Censys
Go To Rescan
Add Verdict Report
URL:
http://74.234.120.8:8443/login
Submission Tags: c2 malware phantomdroid Search All
Submission: On May 24 via api (May 24th 2026, 1:43:47 pm UTC) from US — Scanned from US
Summary HTTP 6 Redirects  Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 74.234.120.8, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is 74.234.120.8.
This is the only time 74.234.120.8 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 74.234.120.8 74.234.120.8 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1 64.233.180.95 64.233.180.95 15169 (GOOGLE) (GOOGLE - Google LLC)
2 173.194.45.94 173.194.45.94 15169 (GOOGLE) (GOOGLE - Google LLC)
6 3
Apex Domain
Subdomains		 Transfer
2 gstatic.com
fonts.gstatic.com — Cisco Umbrella Rank: 33 10yr old
78 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 50 10yr old
1 KB
6 2
Domain Requested by
2 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com 74.234.120.8
6 2

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
WR2		 2026-05-07 -
2026-07-30		 3mo crt.sh
*.gstatic.com
WR2		 2026-05-07 -
2026-07-30		 3mo crt.sh

This page contains 1 frames:

Primary Page: http://74.234.120.8:8443/login
Frame ID: 1C8FB8D03F71576E0865A9110F8EE310
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PhantomDroid C2 — Login

Page Statistics

6
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

101 kB
Transfer

111 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol		 Status Resource
Path		 Size
x-fer		 Time
Latency		 Type
MIME-Type		 IP
Location
GET
H/1.1 		200
OK 		Primary Request login Show response
74.234.120.8/ 		1 KB
1 KB 		290ms
260ms 		Document
text/html		 74.234.120.8
Microsoft Corpora...
General
Check archive.org
Download Go to
Full URL
http://74.234.120.8:8443/login
Protocol
HTTP/1.1
Server
74.234.120.8 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
uvicorn /
Resource Hash
b581a2a56420e5836a836f0f7d361b31eb43df863ce2ab648cb8d2cd29cb1264

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36

Response headers

content-length
1070
content-type
text/html; charset=utf-8
date
Sun, 24 May 2026 13:43:48 GMT
server
uvicorn
GET
H/1.1 		200
OK 		style.css
74.234.120.8/static/css/ 		20 KB
20 KB 		152ms
152ms 		Stylesheet
text/css		 74.234.120.8
Microsoft Corpora...
General
Check archive.org
Download Go to
Full URL
http://74.234.120.8:8443/static/css/style.css
Requested by
Host: 74.234.120.8
URL: http://74.234.120.8:8443/login
Protocol
HTTP/1.1
Server
74.234.120.8 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
uvicorn /
Resource Hash
4cbb38fec535d5c1acb80fb035422e0862faa059f3fdb255116c3ecaaefad0b6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Referer
http://74.234.120.8:8443/login

Response headers

content-length
20261
date
Sun, 24 May 2026 13:43:48 GMT
etag
6de03f61f8c0523549d089c9beca165b
content-type
text/css; charset=utf-8
last-modified
Mon, 18 May 2026 08:44:04 GMT
server
uvicorn
GET
H2 		200
 css2
fonts.googleapis.com/ 		12 KB
1 KB 		316ms
114ms 		Stylesheet
text/css		 64.233.180.95
Google LLC
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&family=Inter:wght@400;600;700&display=swap
Requested by
Host: 74.234.120.8
URL: http://74.234.120.8:8443/static/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.233.180.95 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
pe-in-f95.1e100.net
Software
ESF /
Resource Hash
292f0b8d6bb68ec7853ae6608f28055495ded4e6b8cf6cd9b4413bcbdf73821c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua-platform
"Linux"
Referer
http://74.234.120.8:8443/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
sec-ch-ua
"Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24"
sec-ch-ua-mobile
?0

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 24 May 2026 13:43:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 24 May 2026 13:43:50 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sun, 24 May 2026 13:43:50 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
GET
H3 		200
 tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yKwBNntkaToggR7BYRbKPxDcwg.woff2
fonts.gstatic.com/s/jetbrainsmono/v24/ 		31 KB
31 KB 		249ms
118ms 		Font
font/woff2		 173.194.45.94
Google LLC
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/jetbrainsmono/v24/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yKwBNntkaToggR7BYRbKPxDcwg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&family=Inter:wght@400;600;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.45.94 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
yuiadum-in-f94.1e100.net
Software
sffe /
Resource Hash
83c005d49d8a6a50474c73a5a36ac0468076e9c4a29da7bdb14995d80560a5be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://74.234.120.8:8443
sec-ch-ua-platform
"Linux"
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
sec-ch-ua
"Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24"
sec-ch-ua-mobile
?0

Response headers

age
49627
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 23 May 2027 23:56:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 23 May 2026 23:56:43 GMT
last-modified
Wed, 10 Sep 2025 16:52:37 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
31432
x-xss-protection
0
server
sffe
GET
H3 		200
 UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
fonts.gstatic.com/s/inter/v20/ 		47 KB
47 KB 		199ms
68ms 		Font
font/woff2		 173.194.45.94
Google LLC
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&family=Inter:wght@400;600;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.45.94 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
yuiadum-in-f94.1e100.net
Software
sffe /
Resource Hash
3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://74.234.120.8:8443
sec-ch-ua-platform
"Linux"
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
sec-ch-ua
"Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24"
sec-ch-ua-mobile
?0

Response headers

age
79855
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 23 May 2027 15:32:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 23 May 2026 15:32:55 GMT
last-modified
Tue, 09 Sep 2025 18:33:53 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
48256
x-xss-protection
0
server
sffe
GET
H/1.1 		404
Not Found 		favicon.ico
74.234.120.8/ 		22 B
154 B 		148ms
148ms 		Other
application/json		 74.234.120.8
Microsoft Corpora...
General
Check archive.org
Download Go to
Full URL
http://74.234.120.8:8443/favicon.ico
Protocol
HTTP/1.1
Server
74.234.120.8 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
uvicorn /
Resource Hash
37ec4665a8102d115ffd1ac20dae94c98b4dac64b0c1a68228aa2a531caeb35d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Referer
http://74.234.120.8:8443/login

Response headers

content-length
22
date
Sun, 24 May 2026 13:43:49 GMT
content-type
application/json
server
uvicorn

Verdicts & Comments Add Verdict or Comment

0 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source Level URL
Text
recommendation verbose URL: http://74.234.120.8:8443/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: http://74.234.120.8:8443/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)