URL: http://31.14.40.209/
Submission Tags: c2 malware misha Search All
Submission: On August 22 via api from US — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 0 domains to perform 11 HTTP transactions. The main IP is 31.14.40.209, located in Romania and belongs to SERVERROOM, US. The main domain is 31.14.40.209.
This is the only time 31.14.40.209 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 31.14.40.209 19624 (SERVERROOM)
11 2
Apex Domain
Subdomains
Transfer
11 0
Domain Requested by
11 0

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://31.14.40.209/
Frame ID: C9FF23B2D3114F1182E31C8942294169
Requests: 12 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+class="[^"]*(?:uk-container|uk-section)
  • uikit.*\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

2
IPs

1
Countries

254 kB
Transfer

775 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
31.14.40.209/
58 KB
9 KB
Document
General
Full URL
http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
c9a64c2022ff3d739fda56877506af837cd878b87b74add5a3418ca04d0568d0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 22 Aug 2022 01:07:52 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
uikit.min.css
31.14.40.209/css/
264 KB
36 KB
Stylesheet
General
Full URL
http://31.14.40.209/css/uikit.min.css
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
c670f15dbe05be734450b9cce1a36d2d5ae7e5eb59892070730dfedb9f51536f

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 22:15:07 GMT
Server
nginx
ETag
W/"6254a86b-421e8"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 22 Aug 2022 13:07:52 GMT
misha.css
31.14.40.209/css/
52 KB
31 KB
Stylesheet
General
Full URL
http://31.14.40.209/css/misha.css
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
9092f63924c3f69c026391d3377e253f00a7ad41d0ee889f4389fba1303f5311

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 22:15:07 GMT
Server
nginx
ETag
W/"6254a86b-ce00"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 22 Aug 2022 13:07:52 GMT
jquery-3.5.1.min.js
31.14.40.209/js/
87 KB
34 KB
Script
General
Full URL
http://31.14.40.209/js/jquery-3.5.1.min.js
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 22:15:07 GMT
Server
nginx
ETag
W/"6254a86b-15d84"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 22 Aug 2022 13:07:52 GMT
uikit.min.js
31.14.40.209/js/
128 KB
47 KB
Script
General
Full URL
http://31.14.40.209/js/uikit.min.js
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
30fe52942ce0cd7cd663c7e6b4aa8546533ea58634ab9da15a229b6cfb72f7e0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 22:15:07 GMT
Server
nginx
ETag
W/"6254a86b-201b2"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 22 Aug 2022 13:07:52 GMT
uikit-icons.min.js
31.14.40.209/js/
63 KB
20 KB
Script
General
Full URL
http://31.14.40.209/js/uikit-icons.min.js
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
41d7f230bbd7b28c17e7d0980d0388a349a1596d340ab375812d5f96135b621c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 22:15:07 GMT
Server
nginx
ETag
W/"6254a86b-fa1c"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 22 Aug 2022 13:07:52 GMT
misha.js
31.14.40.209/js/
56 KB
15 KB
Script
General
Full URL
http://31.14.40.209/js/misha.js
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
ba6400513c84628e8a5aa8b11cf79c02f08a06c6def7fa82b5fceaa6d1de68c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 22:15:07 GMT
Server
nginx
ETag
W/"6254a86b-de0b"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 22 Aug 2022 13:07:52 GMT
jquery.json-browse.js
31.14.40.209/js/
4 KB
2 KB
Script
General
Full URL
http://31.14.40.209/js/jquery.json-browse.js
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
1c6fbc4e1a091e61f7898e42a429812279e18bd08a4337f236bcb13a159c11f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 22:15:07 GMT
Server
nginx
ETag
W/"6254a86b-1130"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 22 Aug 2022 13:07:52 GMT
jquery.json-browse.css
31.14.40.209/js/
1 KB
884 B
Stylesheet
General
Full URL
http://31.14.40.209/js/jquery.json-browse.css
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
667ca09d199806b1a7e82f4d8d18e535df7d7ee7e6135af872c39fa9bf42b90c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Apr 2022 22:15:07 GMT
Server
nginx
ETag
W/"6254a86b-47d"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=43200
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 22 Aug 2022 13:07:52 GMT
/
31.14.40.209/
58 KB
58 KB
Image
General
Full URL
http://31.14.40.209/
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 19 Nov 1981 08:52:00 GMT
index.php
31.14.40.209/
2 KB
2 KB
XHR
General
Full URL
http://31.14.40.209/index.php
Requested by
Host: 31.14.40.209
URL: http://31.14.40.209/js/jquery-3.5.1.min.js
Protocol
HTTP/1.1
Server
31.14.40.209 , Romania, ASN19624 (SERVERROOM, US),
Reverse DNS
Software
nginx /
Resource Hash
1867697b4cc7aae64f70f5e0f7a7bba1aeff3457f0d7effed78f639641e7f5da

Request headers

Accept
*/*
Referer
http://31.14.40.209/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 01:07:52 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 19 Nov 1981 08:52:00 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c46a4900f01f5846ab3d2ddaa1200ce0afaa4d65c2846cc95e42baf6c7a5208e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://31.14.40.209/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/jpeg

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery function| UIkit function| UIkitIcons string| country_options_str object| stealer_json_content function| create_modal_handler function| filter_stealer_content function| stealer_cls_selector function| ebtn_processor function| notice function| net_query function| create_pagination function| query_success function| openFileHelper function| query_failure function| create_modal function| create_form_modal function| not_zero_str function| get_country function| trigger_dl function| base64_to_bin function| play_alarm function| copy_text_to_clipboard object| countries

1 Cookies

Domain/Path Name / Value
31.14.40.209/ Name: PHPSESSID
Value: 16tok2ajd9ljttjfa9so0tr3ch