URL: http://79.143.73.170:8000/
Submission Tags: c2 malware ficker Search All
Submission: On February 20 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 3 countries across 2 domains to perform 6 HTTP transactions. The main IP is 79.143.73.170, located in Russian Federation and belongs to RU-JSCIOT, RU. The main domain is 79.143.73.170.
This is the only time 79.143.73.170 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 79.143.73.170 29182 (RU-JSCIOT)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
6 3
Apex Domain
Subdomains
Transfer
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43
776 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196
4 KB
6 2
Domain Requested by
1 fonts.googleapis.com 79.143.73.170
1 cdnjs.cloudflare.com 79.143.73.170
6 2

This site contains links to these domains. Also see Links.

Domain
material-ui.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-02-01 -
2023-04-26
3 months crt.sh

This page contains 1 frames:

Primary Page: http://79.143.73.170:8000/
Frame ID: 3B186F5FF7FD231F602107D5872DF11F
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

Panel

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

33 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

3
Countries

1706 kB
Transfer

1708 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
79.143.73.170/
3 KB
3 KB
Document
General
Full URL
http://79.143.73.170:8000/
Protocol
HTTP/1.1
Server
79.143.73.170 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS
testfck.com
Software
Rocket /
Resource Hash
0b78f650c24e14c7aec553da36c978c6c26cbd9daf92024d008eb84cc2aa7645

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
3258
Content-Type
text/html; charset=utf-8
Date
Mon, 20 Feb 2023 12:04:26 GMT
Server
Rocket
jquery-jvectormap.css
cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/
6 KB
4 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/jquery-jvectormap.css
Requested by
Host: 79.143.73.170
URL: http://79.143.73.170:8000/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59c3d4149227f84e2aa682cea0734bfe5a7f991b3c80820fac98865bf23371db
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://79.143.73.170:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 12:04:26 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
483633
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3263
last-modified
Mon, 04 May 2020 16:11:59 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ecf-19eb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B9F1PXgok8gZQKcf2mBTgfOPTHpGtW3uJnx9RaNxree8I6%2BESqYR20KiWabMQBW%2F1E8du3LDLX54wqrAs7tRFJu%2FDrLwEVLIyST67jiqOxPOOgwplpprSMjk0BXIu5aktEQWcgQkUWr4vy%2BL71QQ%2Bbng"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
79c71ad2fb1237c6-FRA
expires
Sat, 10 Feb 2024 12:04:26 GMT
icon
fonts.googleapis.com/
569 B
776 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: 79.143.73.170
URL: http://79.143.73.170:8000/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://79.143.73.170:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 20 Feb 2023 12:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 20 Feb 2023 12:04:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 20 Feb 2023 12:04:26 GMT
3.31fd5e51.chunk.js
79.143.73.170/static/js/
2 MB
2 MB
Script
General
Full URL
http://79.143.73.170:8000/static/js/3.31fd5e51.chunk.js
Requested by
Host: 79.143.73.170
URL: http://79.143.73.170:8000/
Protocol
HTTP/1.1
Server
79.143.73.170 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS
testfck.com
Software
Rocket /
Resource Hash
708aaa98e2e04ebe5d85553e6d22f49eb5a9e47af0c2c1fa7aa10fe9b76fbe73

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://79.143.73.170:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Mon, 20 Feb 2023 12:04:26 GMT
Server
Rocket
Content-Length
1665130
Content-Type
application/javascript
main.b570aeff.chunk.js
79.143.73.170/static/js/
72 KB
72 KB
Script
General
Full URL
http://79.143.73.170:8000/static/js/main.b570aeff.chunk.js
Requested by
Host: 79.143.73.170
URL: http://79.143.73.170:8000/
Protocol
HTTP/1.1
Server
79.143.73.170 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS
testfck.com
Software
Rocket /
Resource Hash
7d434cd55e07d4918ea89b921653e1363d25bdf33638a369d906b5341d1df1cc

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://79.143.73.170:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Mon, 20 Feb 2023 12:04:26 GMT
Server
Rocket
Content-Length
73639
Content-Type
application/javascript
islogged
79.143.73.170/api/
44 B
168 B
Fetch
General
Full URL
http://79.143.73.170:8000/api/islogged
Requested by
Host: 79.143.73.170
URL: http://79.143.73.170:8000/static/js/main.b570aeff.chunk.js
Protocol
HTTP/1.1
Server
79.143.73.170 , Russian Federation, ASN29182 (RU-JSCIOT, RU),
Reverse DNS
testfck.com
Software
Rocket /
Resource Hash
07b4b50c13d33e8acb5c76d17f4cdff9ffd9efce6e2e22b4406a8ecc27c1964e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://79.143.73.170:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date
Mon, 20 Feb 2023 12:04:27 GMT
Server
Rocket
Content-Length
44
Content-Type
application/json

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange object| webpackJsonpkaguya-react number| 2f1acc6c3a606b082e5eef5e54414ffb function| tmp function| ChoiceField function| ListBox function| ComboBox function| EditBox function| Button function| PushButton function| RadioButton function| CheckBox function| TextField function| PasswordField object| AcroForm function| html2pdf function| _jzlib_Deflater function| Deflater function| RGBColor function| PNG object| d3

0 Cookies