45.145.42.80
45.145.42.80  Public Scan Open in urlscan Pro

Internal
urlscan.io (IP) urlscan.io (Domain)
Effective Hostname
VirusTotal SecurityTrails crt.sh
Submitted URL
Google Safe Browsing Archive.org
Effective IP
VirusTotal SecurityTrails Domaintools Censys
Go To Rescan
Add Verdict Report
URL:
http://45.145.42.80:5000/login
Submission Tags: c2 malware nexus Search All
Submission: On May 24 via api (May 24th 2026, 1:44:02 pm UTC) from US — Scanned from US
Summary HTTP 6 Redirects  Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 45.145.42.80, located in Frankfurt am Main, Germany and belongs to DATAFOREST dataforest GmbH, DE. The main domain is 45.145.42.80.
This is the only time 45.145.42.80 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 45.145.42.80 45.145.42.80 58212 (DATAFORES...) (DATAFOREST dataforest GmbH)
1 64.233.180.95 64.233.180.95 15169 (GOOGLE) (GOOGLE - Google LLC)
2 104.17.24.14 104.17.24.14 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 173.194.45.94 173.194.45.94 15169 (GOOGLE) (GOOGLE - Google LLC)
6 4
Apex Domain
Subdomains		 Transfer
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 256 13yr old
166 KB
1 gstatic.com
fonts.gstatic.com — Cisco Umbrella Rank: 33 10yr old
47 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 50 10yr old
1 KB
6 3
Domain Requested by
2 cdnjs.cloudflare.com 45.145.42.80
cdnjs.cloudflare.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com 45.145.42.80
6 3

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
WR2		 2026-05-07 -
2026-07-30		 3mo crt.sh
cdnjs.cloudflare.com
WE1		 2026-05-12 -
2026-08-10		 3mo crt.sh
*.gstatic.com
WR2		 2026-05-07 -
2026-07-30		 3mo crt.sh

This page contains 1 frames:

Primary Page: http://45.145.42.80:5000/login
Frame ID: 218740233C08B0694781C7ED8FF1786C
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

NEXUS C2 | Login

Detected technologies

(CDN)
Overall confidence: 100%
Detected patterns
  • cdnjs\.cloudflare\.com
(Font scripts)
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

6
Requests

67 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

222 kB
Transfer

315 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol		 Status Resource
Path		 Size
x-fer		 Time
Latency		 Type
MIME-Type		 IP
Location
GET
H/1.1 		200
OK 		Primary Request login Show response
45.145.42.80/ 		7 KB
7 KB 		313ms
282ms 		Document
text/html		 45.145.42.80
DATAFOREST datafo...
General
Check archive.org
Download Go to
Full URL
http://45.145.42.80:5000/login
Protocol
HTTP/1.1
Server
45.145.42.80 Frankfurt am Main, Germany, ASN58212 (DATAFOREST dataforest GmbH, DE),
Reverse DNS
Software
Werkzeug/3.1.8 Python/3.13.13 /
Resource Hash
59b4305b81134f47abdf78527e8d22d17566cfdb75bd9054fad564cc9c82c2cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36

Response headers

Connection
close
Content-Length
7387
Content-Type
text/html; charset=utf-8
Date
Sun, 24 May 2026 13:44:02 GMT
Server
Werkzeug/3.1.8 Python/3.13.13
GET
H2 		200
 css2
fonts.googleapis.com/ 		14 KB
1 KB 		436ms
114ms 		Stylesheet
text/css		 64.233.180.95
Google LLC
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&display=swap
Requested by
Host: 45.145.42.80
URL: http://45.145.42.80:5000/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.233.180.95 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
pe-in-f95.1e100.net
Software
ESF /
Resource Hash
73b27e58c581d4b90d0bf8a83f6b8e516aa43ee3ea519f28158e48a8ef801366
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua-platform
"Linux"
Referer
http://45.145.42.80:5000/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
sec-ch-ua
"Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24"
sec-ch-ua-mobile
?0

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 24 May 2026 13:44:03 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 24 May 2026 13:44:03 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sun, 24 May 2026 13:31:06 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
GET
H3 		200
 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/ 		100 KB
19 KB 		233ms
43ms 		Stylesheet
text/css		 104.17.24.14
Cloudflare
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
Requested by
Host: 45.145.42.80
URL: http://45.145.42.80:5000/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua-platform
"Linux"
Referer
http://45.145.42.80:5000/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
sec-ch-ua
"Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24"
sec-ch-ua-mobile
?0

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"6421d693-4940"
age
915705
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gjFKbNAqJlXxsfvspFdJ8MtocIN7nzU%2BCt%2BOGxlBQwdvXG8fEDRD5%2Bt6m7LBje1OrOfAaiK9ME5sPGBxzN2nFxIpser5aFcbditVCZo2%2FMF2nShpyCizop%2FVont%2BqGvZUvVY52BG"}]}
x-content-type-options
nosniff
expires
Fri, 14 May 2027 13:44:02 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 24 May 2026 13:44:02 GMT
content-type
text/css; charset=utf-8
last-modified
Mon, 27 Mar 2023 17:46:59 GMT
vary
Accept-Encoding
priority
u=0,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
a00cbb9a49f80e76-DFW
accept-ranges
bytes
access-control-allow-origin
*
content-length
18752
server
cloudflare
GET
H3 		200
 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/ 		147 KB
147 KB 		45ms
44ms 		Font
application/octet-stream		 104.17.24.14
Cloudflare
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Origin
http://45.145.42.80:5000
sec-ch-ua-platform
"Linux"
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
sec-ch-ua
"Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24"
sec-ch-ua-mobile
?0

Response headers

cf-cdnjs-via
cfworker/kv
cf-cache-status
HIT
etag
"6421d693-24a6c"
age
1521758
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RhoZajYEnC%2FHpKhp%2BOe0aXKMxYA2c9ndtLGLBXeCqdNL0VBV7yPvCDBkpRGGFYZ1RRW4Iwk2EiaRis%2FAtR2r2w7Q0eERSDTqGdhwf1vH8cffgBy06gVDXVH6YnXyDUgMc%2F1WWKIR"}]}
x-content-type-options
nosniff
expires
Fri, 14 May 2027 13:44:03 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 24 May 2026 13:44:03 GMT
content-type
application/octet-stream; charset=utf-8
last-modified
Mon, 27 Mar 2023 17:46:59 GMT
vary
Accept-Encoding
priority
u=0,i=?0
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
a00cbb9c38a74918-DFW
accept-ranges
bytes
access-control-allow-origin
*
content-length
150124
server
cloudflare
GET
H3 		200
 UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
fonts.gstatic.com/s/inter/v20/ 		47 KB
47 KB 		140ms
68ms 		Font
font/woff2		 173.194.45.94
Google LLC
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.45.94 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
yuiadum-in-f94.1e100.net
Software
sffe /
Resource Hash
3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://45.145.42.80:5000
sec-ch-ua-platform
"Linux"
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
sec-ch-ua
"Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24"
sec-ch-ua-mobile
?0

Response headers

age
79868
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 23 May 2027 15:32:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 23 May 2026 15:32:55 GMT
last-modified
Tue, 09 Sep 2025 18:33:53 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
48256
x-xss-protection
0
server
sffe
GET
H/1.1 		404
NOT FOUND 		favicon.ico
45.145.42.80/ 		207 B
389 B 		301ms
266ms 		Other
text/html		 45.145.42.80
DATAFOREST datafo...
General
Check archive.org
Download Go to
Full URL
http://45.145.42.80:5000/favicon.ico
Protocol
HTTP/1.1
Server
45.145.42.80 Frankfurt am Main, Germany, ASN58212 (DATAFOREST dataforest GmbH, DE),
Reverse DNS
Software
Werkzeug/3.1.8 Python/3.13.13 /
Resource Hash
e9639e3c4681ce85f852fbac48e2eeee5ba51296dbfec57c200d59b76237ab80

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Referer
http://45.145.42.80:5000/login

Response headers

Content-Length
207
Date
Sun, 24 May 2026 13:44:03 GMT
Content-Type
text/html; charset=utf-8
Server
Werkzeug/3.1.8 Python/3.13.13
Connection
close

Verdicts & Comments Add Verdict or Comment

0 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source Level URL
Text
recommendation verbose URL: http://45.145.42.80:5000/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: http://45.145.42.80:5000/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (NOT FOUND)