185.112.59.16
185.112.59.16 Public Scan Open in urlscan Pro

Go To Rescan
Add Verdict Report

URL:
http://185.112.59.16/
Submission Tags: c2 malware shade Search All
Submission: On May 24 via api (May 24th 2026, 2:19:39 pm UTC) from US — Scanned from NL

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 185.112.59.16, located in Amsterdam, Netherlands and belongs to DHOST-AS Digital Hosting Provider LLC, RU. The main domain is 185.112.59.16.

This is the only time 185.112.59.16 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	185.112.59.16 185.112.59.16	209207 (DHOST-AS ...) (DHOST-AS Digital Hosting Provider LLC)
1	142.250.154.95 142.250.154.95	15169 (GOOGLE) (GOOGLE - Google LLC)
1	142.251.14.94 142.251.14.94	15169 (GOOGLE) (GOOGLE - Google LLC)
12	3

10 185.112.59.16 (Amsterdam, Netherlands)

ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU)

185.112.59.16	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.250.154.95 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: bt-in-f95.1e100.net

fonts.googleapis.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.251.14.94 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: pm-in-f94.1e100.net

fonts.gstatic.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
1	gstatic.com fonts.gstatic.com — Cisco Umbrella Rank: 33 10yr old	39 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 50 10yr old	1 KB
12	2

	Domain	Requested by
1	185.112.59.16
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	185.112.59.16
12	3

This site contains links to these domains. Also see Links.

Domain
185.112.59.16

Subject Issuer	Validity	Valid
upload.video.google.com WE2	`2026-05-07` - `2026-07-30`	3mo	crt.sh
*.gstatic.com WE2	`2026-05-07` - `2026-07-30`	3mo	crt.sh

This page contains 1 frames:

Primary Page: http://185.112.59.16/
Frame ID: CDBF6A801A3CC74A3F56DDB7C0F2CC88
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SHADE C2 — Panel

Page URL History Show full URLs

http://185.112.59.16/ HTTP 307
https://185.112.59.16/ HTTP 307
http://185.112.59.16/ Page URL

Page Statistics

12
Requests

17 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

324 kB
Transfer

330 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://185.112.59.16:8080/api/stealer/19eed1aceffea2fa/download
Title: ↓

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://185.112.59.16/ HTTP 307
https://185.112.59.16/ HTTP 307
http://185.112.59.16/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
185.112.59.16/
Redirect Chain

http://185.112.59.16/
https://185.112.59.16/
http://185.112.59.16/

596 B
657 B

670ms
105ms

Document
text/html

185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16/
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 422059c8d9ac89393e8723a5933e50d0130c29edca2cf502eecbfcecfe20bf67

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Sun, 24 May 2026 14:19:41 GMT
ETag: W/"6a11f09d-254"
Last-Modified: Sat, 23 May 2026 18:23:25 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

Redirect headers

Location: http://185.112.59.16/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 2778ms
207ms Stylesheet
text/css 142.250.154.95
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@300;400;500;700&display=swap

Requested by

Host: 185.112.59.16
URL: http://185.112.59.16/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

142.250.154.95 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bt-in-f95.1e100.net

Software

ESF /

Resource Hash

fcf03b564fd02d1fd36a51483a40c7f772df7fb151eaa82b34e1654c6ef1933a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: http://185.112.59.16/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sun, 24 May 2026 14:19:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 24 May 2026 14:19:44 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Sun, 24 May 2026 14:19:44 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H/1.1 200
OK index-B5nrgJYE.js Show response
185.112.59.16/assets/ 265 KB
265 KB 93ms
93ms Script
application/javascript 185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16/assets/index-B5nrgJYE.js
Requested by: Host: 185.112.59.16
URL: http://185.112.59.16/
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 8df7292315b7b47f853f1c26190f02700ea683dda52013a5477f256ec614c7d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Origin: http://185.112.59.16
Referer: http://185.112.59.16/

Response headers

ETag: "6a11f09d-42433"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 271411
Date: Sun, 24 May 2026 14:19:41 GMT
Content-Type: application/javascript
Last-Modified: Sat, 23 May 2026 18:23:25 GMT
Server: nginx/1.18.0 (Ubuntu)

GET
H/1.1 200
OK index-D4JvQtU7.css
185.112.59.16/assets/ 14 KB
14 KB 1026ms
101ms Stylesheet
text/css 185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16/assets/index-D4JvQtU7.css
Requested by: Host: 185.112.59.16
URL: http://185.112.59.16/
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 665f0f565cb3e0d2e2968d32494c4a49e60689b99a7ac316933c0b23492b0b11

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Origin: http://185.112.59.16
Referer: http://185.112.59.16/

Response headers

ETag: "6a11f09d-387f"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14463
Date: Sun, 24 May 2026 14:19:42 GMT
Content-Type: text/css
Last-Modified: Sat, 23 May 2026 18:23:25 GMT
Server: nginx/1.18.0 (Ubuntu)

GET
H3 200 tDbV2o-flEEny0FZhsfKu5WU4xD7OwE.woff2
fonts.gstatic.com/s/jetbrainsmono/v24/ 39 KB
39 KB 149ms
88ms Font
font/woff2 142.251.14.94
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/jetbrainsmono/v24/tDbV2o-flEEny0FZhsfKu5WU4xD7OwE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@300;400;500;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.14.94 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pm-in-f94.1e100.net

Software

sffe /

Resource Hash

18be452724bfdc236c074ca94a249a7f41a86752c7d04ab258ce9ed5651f6a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://185.112.59.16
sec-ch-ua-platform: "Linux"
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

age: 156476
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 22 May 2027 18:51:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 22 May 2026 18:51:48 GMT
last-modified: Wed, 10 Sep 2025 16:52:35 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 40404
x-xss-protection: 0
server: sffe

OPTIONS
H/1.1 204
No Content beacons
185.112.59.16/api/ 0
0 460ms
102ms Preflight 185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16:8080/api/beacons
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: http://185.112.59.16
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Date: Sun, 24 May 2026 14:19:44 GMT

OPTIONS
H/1.1 204
No Content stealer
185.112.59.16/api/ 0
0 598ms
138ms Preflight 185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16:8080/api/stealer
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: http://185.112.59.16
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Date: Sun, 24 May 2026 14:19:44 GMT

GET
H/1.1 200
OK beacons Show response
185.112.59.16/api/ 401 B
666 B 233ms
94ms Fetch
application/json 185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16:8080/api/beacons
Requested by: Host: 185.112.59.16
URL: http://185.112.59.16/assets/index-B5nrgJYE.js
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: /
Resource Hash: 128a42657eeaec4b60effc1af28b08d1db948c0bcc7aeea778ca85b5a42c5207

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Content-Type: application/json
Referer: http://185.112.59.16/

Response headers

Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Origin: *
Content-Length: 401
Date: Sun, 24 May 2026 14:19:45 GMT
Content-Type: application/json
Access-Control-Allow-Methods: GET, POST, PATCH, DELETE, OPTIONS

GET
H/1.1 200
OK stealer Show response
185.112.59.16/api/ 771 B
1 KB 188ms
97ms Fetch
application/json 185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16:8080/api/stealer
Requested by: Host: 185.112.59.16
URL: http://185.112.59.16/assets/index-B5nrgJYE.js
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: /
Resource Hash: a62965b8a03747798b55834f3afa9da49a6e9bb40eb0f471000b3b43c48e862d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Content-Type: application/json
Referer: http://185.112.59.16/

Response headers

Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Origin: *
Content-Length: 771
Date: Sun, 24 May 2026 14:19:45 GMT
Content-Type: application/json
Access-Control-Allow-Methods: GET, POST, PATCH, DELETE, OPTIONS

GET
H/1.1 200
OK favicon.ico
185.112.59.16/ 596 B
657 B 32ms
32ms Other
text/html 185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16/favicon.ico
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 422059c8d9ac89393e8723a5933e50d0130c29edca2cf502eecbfcecfe20bf67

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Referer: http://185.112.59.16/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
ETag: W/"6a11f09d-254"
Connection: keep-alive
Date: Sun, 24 May 2026 14:19:44 GMT
Content-Type: text/html
Last-Modified: Sat, 23 May 2026 18:23:25 GMT
Server: nginx/1.18.0 (Ubuntu)

GET
H/1.1 200
OK beacons Show response
185.112.59.16/api/ 401 B
666 B 74ms
73ms Fetch
application/json 185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16:8080/api/beacons
Requested by: Host: 185.112.59.16
URL: http://185.112.59.16/assets/index-B5nrgJYE.js
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: /
Resource Hash: 128a42657eeaec4b60effc1af28b08d1db948c0bcc7aeea778ca85b5a42c5207

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Content-Type: application/json
Referer: http://185.112.59.16/

Response headers

Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Origin: *
Content-Length: 401
Date: Sun, 24 May 2026 14:19:50 GMT
Content-Type: application/json
Access-Control-Allow-Methods: GET, POST, PATCH, DELETE, OPTIONS

OPTIONS
H/1.1 204
No Content beacons
185.112.59.16/api/ 0
0 62ms
62ms Preflight 185.112.59.16
DHOST-AS Digital ...

General

Check archive.org

Download Go to

Full URL: http://185.112.59.16:8080/api/beacons
Protocol: HTTP/1.1
Server: 185.112.59.16 Amsterdam, Netherlands, ASN209207 (DHOST-AS Digital Hosting Provider LLC, RU),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: http://185.112.59.16
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Type, Authorization
Access-Control-Allow-Methods: GET, POST, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Date: Sun, 24 May 2026 14:19:50 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

185.112.59.16
fonts.googleapis.com
fonts.gstatic.com
142.250.154.95
142.251.14.94
185.112.59.16
128a42657eeaec4b60effc1af28b08d1db948c0bcc7aeea778ca85b5a42c5207
18be452724bfdc236c074ca94a249a7f41a86752c7d04ab258ce9ed5651f6a7e
422059c8d9ac89393e8723a5933e50d0130c29edca2cf502eecbfcecfe20bf67
665f0f565cb3e0d2e2968d32494c4a49e60689b99a7ac316933c0b23492b0b11
8df7292315b7b47f853f1c26190f02700ea683dda52013a5477f256ec614c7d6
a62965b8a03747798b55834f3afa9da49a6e9bb40eb0f471000b3b43c48e862d
fcf03b564fd02d1fd36a51483a40c7f772df7fb151eaa82b34e1654c6ef1933a

185.112.59.16 185.112.59.16 Public Scan Open in urlscan Pro

Internal

Effective Hostname

Submitted URL

Effective IP

Summary

urlscan.io Verdict: No classification

Domain & IP information

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

17 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

324 kBTransfer

330 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Window variables

0 Cookies

Indicators

185.112.59.16
185.112.59.16 Public Scan Open in urlscan Pro

Screenshot
Live screenshot

Full Image

12
Requests

17 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

324 kB
Transfer

330 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions