URL: http://95.161.131.138/
Submission Tags: c2 malware misha Search All
Submission: On August 22 via api from US — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 95.161.131.138, located in Antigua And Barbuda and belongs to GRIZ-INET-SERVICE, RU. The main domain is 95.161.131.138.
This is the only time 95.161.131.138 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 95.161.131.138 35029 (GRIZ-INET...)
11 2
Apex Domain
Subdomains
Transfer
11
function sub() { [native code] }.
232 KB
11 1
Domain Requested by
11 95.161.131.138 95.161.131.138
11 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://95.161.131.138/
Frame ID: 77804A4199C03D7D0AF83D43BCA31773
Requests: 12 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+class="[^"]*(?:uk-container|uk-section)
  • uikit.*\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

232 kB
Transfer

775 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
95.161.131.138/
58 KB
8 KB
Document
General
Full URL
http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
c9a64c2022ff3d739fda56877506af837cd878b87b74add5a3418ca04d0568d0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
7689
Content-Type
text/html; charset=UTF-8
Date
Mon, 22 Aug 2022 01:08:24 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding
uikit.min.css
95.161.131.138/css/
264 KB
29 KB
Stylesheet
General
Full URL
http://95.161.131.138/css/uikit.min.css
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
c670f15dbe05be734450b9cce1a36d2d5ae7e5eb59892070730dfedb9f51536f

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 Oct 2020 10:51:20 GMT
Server
Apache/2.4.38 (Debian)
ETag
"421e8-5b21802d49a00-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
29345
misha.css
95.161.131.138/css/
52 KB
30 KB
Stylesheet
General
Full URL
http://95.161.131.138/css/misha.css
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
9092f63924c3f69c026391d3377e253f00a7ad41d0ee889f4389fba1303f5311

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 11 Mar 2021 19:58:28 GMT
Server
Apache/2.4.38 (Debian)
ETag
"ce00-5bd4834ff6100-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
30836
jquery-3.5.1.min.js
95.161.131.138/js/
87 KB
31 KB
Script
General
Full URL
http://95.161.131.138/js/jquery-3.5.1.min.js
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Sep 2020 19:49:48 GMT
Server
Apache/2.4.38 (Debian)
ETag
"15d84-5ae6e0dfeef00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
30910
uikit.min.js
95.161.131.138/js/
128 KB
41 KB
Script
General
Full URL
http://95.161.131.138/js/uikit.min.js
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
30fe52942ce0cd7cd663c7e6b4aa8546533ea58634ab9da15a229b6cfb72f7e0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 Oct 2020 10:51:26 GMT
Server
Apache/2.4.38 (Debian)
ETag
"201b2-5b21803302780-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
41598
uikit-icons.min.js
95.161.131.138/js/
63 KB
18 KB
Script
General
Full URL
http://95.161.131.138/js/uikit-icons.min.js
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
41d7f230bbd7b28c17e7d0980d0388a349a1596d340ab375812d5f96135b621c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 Oct 2020 10:51:22 GMT
Server
Apache/2.4.38 (Debian)
ETag
"fa1c-5b21802f31e80-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
17985
misha.js
95.161.131.138/js/
56 KB
13 KB
Script
General
Full URL
http://95.161.131.138/js/misha.js
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
ba6400513c84628e8a5aa8b11cf79c02f08a06c6def7fa82b5fceaa6d1de68c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 10 Feb 2022 18:36:12 GMT
Server
Apache/2.4.38 (Debian)
ETag
"de0b-5d7ae3977ff00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
12741
jquery.json-browse.js
95.161.131.138/js/
4 KB
2 KB
Script
General
Full URL
http://95.161.131.138/js/jquery.json-browse.js
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
1c6fbc4e1a091e61f7898e42a429812279e18bd08a4337f236bcb13a159c11f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Last-Modified
Tue, 30 Aug 2016 20:33:46 GMT
Server
Apache/2.4.38 (Debian)
ETag
"1130-53b4fe5b73e80-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1416
jquery.json-browse.css
95.161.131.138/js/
1 KB
857 B
Stylesheet
General
Full URL
http://95.161.131.138/js/jquery.json-browse.css
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
667ca09d199806b1a7e82f4d8d18e535df7d7ee7e6135af872c39fa9bf42b90c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Last-Modified
Tue, 30 Aug 2016 20:33:46 GMT
Server
Apache/2.4.38 (Debian)
ETag
"47d-53b4fe5b73e80-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
521
/
95.161.131.138/
58 KB
58 KB
Image
General
Full URL
http://95.161.131.138/
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
7689
Expires
Thu, 19 Nov 1981 08:52:00 GMT
index.php
95.161.131.138/
2 KB
2 KB
XHR
General
Full URL
http://95.161.131.138/index.php
Requested by
Host: 95.161.131.138
URL: http://95.161.131.138/js/jquery-3.5.1.min.js
Protocol
HTTP/1.1
Server
95.161.131.138 , Antigua And Barbuda, ASN35029 (GRIZ-INET-SERVICE, RU),
Reverse DNS
Software
Apache/2.4.38 (Debian) /
Resource Hash
a7c0eae9902f8c5cf6794868ec263f4f96e4c8dbf2268462efa209b4f6417dfc

Request headers

Accept
*/*
Referer
http://95.161.131.138/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 01:08:24 GMT
Content-Encoding
gzip
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
1578
Expires
Thu, 19 Nov 1981 08:52:00 GMT
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7f1639c79f7647214e31f5fc229fb14d9182dfa36341b6041cc4edae002088d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://95.161.131.138/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/jpeg

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery function| UIkit function| UIkitIcons string| country_options_str object| stealer_json_content function| create_modal_handler function| filter_stealer_content function| stealer_cls_selector function| ebtn_processor function| notice function| net_query function| create_pagination function| query_success function| openFileHelper function| query_failure function| create_modal function| create_form_modal function| not_zero_str function| get_country function| trigger_dl function| base64_to_bin function| play_alarm function| copy_text_to_clipboard object| countries

1 Cookies

Domain/Path Name / Value
95.161.131.138/ Name: PHPSESSID
Value: 2ssa6rp9emdcp0o9d9e9t1f6u7