jxshxt.com Open in urlscan Pro
103.200.22.100 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://jxshxt.com/bot/login.php
Submission Tags: c2 malware bluebotnet Search All
Submission: On January 05 via api (January 5th 2020, 9:32:27 pm UTC) from AQ

Summary HTTP 6 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 103.200.22.100, located in Viet Nam and belongs to FPT-AS-AP The Corporation for Financing & Promoting Technology, VN. The main domain is jxshxt.com.

This is the only time jxshxt.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
5	103.200.22.100 103.200.22.100		18403 (FPT-AS-AP...) (FPT-AS-AP The Corporation for Financing & Promoting Technology)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a		20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
6	2

5 103.200.22.100 (Viet Nam)

ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN)
PTR: web01.vietnix.vn

jxshxt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	jxshxt.com jxshxt.com	34 KB
1	jquery.com code.jquery.com	82 KB
6	2

	Domain	Requested by
5	jxshxt.com	jxshxt.com
1	code.jquery.com	jxshxt.com
6	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://jxshxt.com/bot/login.php
Frame ID: 0A86004CFC5EAA23EDB6783A60391691
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

6
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

117 kB
Transfer

425 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login.php Show response
jxshxt.com/bot/ 2 KB
1 KB 826ms
575ms Document
text/html 103.200.22.100
FPT-AS-AP The Cor...

General

Check archive.org

Show headers Download Go to

Full URL

http://jxshxt.com/bot/login.php

Protocol

HTTP/1.1

Server

103.200.22.100 , Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN),

Reverse DNS

web01.vietnix.vn

Software

nginx /

Resource Hash

fdc4026379daeb9d806327a9828c66b4d799201c58c840f7166509521d11cd1f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: jxshxt.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Server: nginx
Date: Sun, 05 Jan 2020 21:32:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET
H/1.1 200
OK bootstrap.css
jxshxt.com/bot/css/ 118 KB
24 KB 242ms
240ms Stylesheet
text/css 103.200.22.100
FPT-AS-AP The Cor...

General

Check archive.org

Show headers Download Go to

Full URL: http://jxshxt.com/bot/css/bootstrap.css
Requested by: Host: jxshxt.com
URL: http://jxshxt.com/bot/login.php
Protocol: HTTP/1.1
Server: 103.200.22.100 , Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN),
Reverse DNS: web01.vietnix.vn
Software: nginx /
Resource Hash: 0e430441e9833f9e3b9219b4837068670afbb50171678365b95f45de9291b632

Request headers

Referer: http://jxshxt.com/bot/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: public
Date: Sun, 05 Jan 2020 21:32:09 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jun 2014 01:00:41 GMT
Server: nginx
ETag: W/"53926439-1d984"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=1800, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sun, 05 Jan 2020 22:02:09 GMT

GET
H/1.1 404
Not Found stili-custom.css
jxshxt.com/bot/css/ 0
0 473ms
452ms Stylesheet
text/html 103.200.22.100
FPT-AS-AP The Cor...

General

Check archive.org

Show headers Download Go to

Full URL: http://jxshxt.com/bot/css/stili-custom.css
Requested by: Host: jxshxt.com
URL: http://jxshxt.com/bot/login.php
Protocol: HTTP/1.1
Server: 103.200.22.100 , Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN),
Reverse DNS: web01.vietnix.vn
Software: nginx /
Resource Hash

Request headers

Referer: http://jxshxt.com/bot/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Sun, 05 Jan 2020 21:32:09 GMT
Server: nginx
Connection: keep-alive
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found modernizr.custom.js
jxshxt.com/bot/js/ 0
0 477ms
455ms Script
text/html 103.200.22.100
FPT-AS-AP The Cor...

General

Check archive.org

Show headers Download Go to

Full URL: http://jxshxt.com/bot/js/modernizr.custom.js
Requested by: Host: jxshxt.com
URL: http://jxshxt.com/bot/login.php
Protocol: HTTP/1.1
Server: 103.200.22.100 , Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN),
Reverse DNS: web01.vietnix.vn
Software: nginx /
Resource Hash

Request headers

Referer: http://jxshxt.com/bot/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Sun, 05 Jan 2020 21:32:09 GMT
Server: nginx
Connection: keep-alive
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK jquery.js Show response
code.jquery.com/ 276 KB
82 KB 15ms
7ms Script
application/javascript 2001:4de0:ac19::1:b:1a
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: http://code.jquery.com/jquery.js
Requested by: Host: jxshxt.com
URL: http://jxshxt.com/bot/login.php
Protocol: HTTP/1.1
Server: 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc

Request headers

Referer: http://jxshxt.com/bot/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Sun, 05 Jan 2020 21:32:09 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Oct 2014 00:16:08 GMT
Server: nginx
ETag: W/"54499a48-4508e"
Vary: Accept-Encoding
X-HW: 1578259929.dop038.fr8.t,1578259929.cds051.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 83875

GET
H/1.1 200
OK bootstrap.min.js Show response
jxshxt.com/bot/js/ 28 KB
9 KB 466ms
445ms Script
application/javascript 103.200.22.100
FPT-AS-AP The Cor...

General

Check archive.org

Show headers Download Go to

Full URL: http://jxshxt.com/bot/js/bootstrap.min.js
Requested by: Host: jxshxt.com
URL: http://jxshxt.com/bot/login.php
Protocol: HTTP/1.1
Server: 103.200.22.100 , Viet Nam, ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN),
Reverse DNS: web01.vietnix.vn
Software: nginx /
Resource Hash: 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Request headers

Referer: http://jxshxt.com/bot/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: public
Date: Sun, 05 Jan 2020 21:32:09 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Feb 2014 01:24:42 GMT
Server: nginx
ETag: W/"52fc1eda-71b6"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=1800, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sun, 05 Jan 2020 22:02:09 GMT

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| jQuery111103311376014956564

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
jxshxt.com
103.200.22.100
2001:4de0:ac19::1:b:1a
0e430441e9833f9e3b9219b4837068670afbb50171678365b95f45de9291b632
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
fdc4026379daeb9d806327a9828c66b4d799201c58c840f7166509521d11cd1f