Report - 35.199.30.104:8080/

Report Overview

Visited public
2025-07-17 22:44:16
Tags
botpanel malware
Submit Tags
URL
35.199.30.104:8080/
Finishing URL
35.199.30.104:8080/
IP / ASN
35.199.30.104
#396982 GOOGLE-CLOUD-PLATFORM
Title
CHAOS
Malware - Botnet panel

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
35.199.30.104	unknown	unknown	No data	No data	6.2 kB	789 kB	35.199.30.104

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-17	medium	35.199.30.104	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	35.199.30.104:8080/static/js/sweetalert2.min.js	ScriptElement	67 kB	2023-05-22	2025-07-17
Pretty URL 35.199.30.104:8080/static/js/sweetalert2.min.js IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 11:27 Last Seen2025-07-17 22:48 Times Seen34 Hash 375f32d25f79dc7c64830873829a3366 3ce3f11c625ae6d5aff395a73edc5c54969b8536 f4ad91486a5b4f84863e5a7a10fbd619bd40d913fe100c3f7e307fcb1b5dd4a8 Loading...

	35.199.30.104:8080/static/js/app/login.js	ScriptElement	1.9 kB	2023-05-22	2025-07-17
Pretty URL 35.199.30.104:8080/static/js/app/login.js IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 11:27 Last Seen2025-07-17 22:48 Times Seen31 Hash 4e88b240a79aa705127eeb9e3b358ba5 5cde2d9ae19318f98744ea5bb66f100f263e25a3 1e933f1f60b597f5289a5989fc980aaa617eb9d0922bb651a24c0bec9a3a44e6 Loading...

	35.199.30.104:8080/	ScriptElement	126 B	2025-03-17	2025-07-17
Pretty URL 35.199.30.104:8080/ IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-17 10:47 Last Seen2025-07-17 22:48 Times Seen8 Hash 2149fa45fd7868b11cf41a84f7d5bf9f 8ebd0fe91ad9a294a3743d243ed9c27775ce5960 ba48165b716f3fd1f1658e901e9c581c1dab6a779a3da9be2512b206af1005da Loading...

	35.199.30.104:8080/static/js/bootstrap4-toggle.min.js	ScriptElement	4.4 kB	2023-03-07	2025-07-17
Pretty URL 35.199.30.104:8080/static/js/bootstrap4-toggle.min.js IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:27 Last Seen2025-07-17 22:48 Times Seen83 Hash 71d2baa15048d5c2b897ae4c41988b2c 4bcfdf2effe58345c69ed61d13adba541a4281e2 a7a23eb6e02aa4a4217bb95d90fd72a3f0eed104588e6d4edeb792288892e003 Loading...

	35.199.30.104:8080/static/js/app/common.js	ScriptElement	869 B	2023-05-22	2025-07-17
Pretty URL 35.199.30.104:8080/static/js/app/common.js IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 11:27 Last Seen2025-07-17 22:48 Times Seen32 Hash 92f35e8045abf4cf88a351929948a233 66424e8e971f17ee7f46ec2e5dc234bd1b6acb86 ee5eb22f58686285a97e904c5ff6a5d00c25f9d853f0a7a9699b4bcde781e6b6 Loading...

	35.199.30.104:8080/	ScriptElement	81 B	2025-03-17	2025-07-17
Pretty URL 35.199.30.104:8080/ IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-17 10:47 Last Seen2025-07-17 22:48 Times Seen8 Hash 8998c2d012b4ac168d4091710d4ed68a 188020aef24a2bb890aab47f3ab23cfd64a9b454 411e75024092a4c17a5fa9eb0437a73a7a37533e56c7eba3fb7467b0cf9351d8 Loading...

	35.199.30.104:8080/static/js/bootstrap-notify.js	ScriptElement	12 kB	2023-03-09	2025-07-17
Pretty URL 35.199.30.104:8080/static/js/bootstrap-notify.js IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:44 Last Seen2025-07-17 22:48 Times Seen44 Hash 1cbbd7bbe82c7f06b8e15cd9a467d8e9 288e08f46a7d03aa52d4728121fc29b6642576d5 6c92251e9da544454c66baed927afaa9201c5385e3d5a31c49f21fd32c4b7c39 Loading...

	35.199.30.104:8080/static/js/bootstrap.min.js	ScriptElement	64 kB	2023-03-07	2025-07-20
Pretty URL 35.199.30.104:8080/static/js/bootstrap.min.js IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-20 13:11 Times Seen6518 Hash f0c2bcf5ef0c4476508d79ec9cdcce07 3beed68ed7d753c6bf4f61c26386ddd7929ba030 edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba Loading...

	35.199.30.104:8080/static/js/jquery-3.5.1.js	ScriptElement	288 kB	2023-05-22	2025-07-17
Pretty URL 35.199.30.104:8080/static/js/jquery-3.5.1.js IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 11:27 Last Seen2025-07-17 22:48 Times Seen34 Hash 6cd09688969dece94039f4d7aee362e4 9fec1897e28aba38ae8c146f35f9ba37e8b0422c 2345d39b78d13dc50e6f897a7e066d95721210b7d80bf0dfe3923b0e0b296aa2 Loading...

	35.199.30.104:8080/static/js/app/notify.js	ScriptElement	176 B	2023-05-22	2025-07-17
Pretty URL 35.199.30.104:8080/static/js/app/notify.js IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 11:27 Last Seen2025-07-17 22:48 Times Seen34 Hash b26f8eedc6c186d46b9b62c45ede09f9 2e5e949fe069010a84e32357511e0c587bcebdf3 75714befaea48c4d28e3f3a0ae6dd661c43cb3acfd7e86f3c8a713b2b0d54307 Loading...

	35.199.30.104:8080/static/js/popper.min.js	ScriptElement	21 kB	2023-03-07	2025-07-21
Pretty URL 35.199.30.104:8080/static/js/popper.min.js IP 35.199.30.104 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-21 05:00 Times Seen6566 Hash 84415b7368fd6fc764cbe86039ce0626 62f238e73348c77eb9e865426a7d1b7de23cbb2d c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060 Loading...

HTTP Transactions (17)

URL IP Response Size

GET 35.199.30.104:8080/static/js/app/login.js

35.199.30.104

200 OK

1.9 kB

URL GET
35.199.30.104:8080/static/js/app/login.js
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text
Size
1.9 kB (1870 bytes)
Hash
4e88b240a79aa705127eeb9e3b358ba5
5cde2d9ae19318f98744ea5bb66f100f263e25a3
1e933f1f60b597f5289a5989fc980aaa617eb9d0922bb651a24c0bec9a3a44e6

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/app/login.js HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 1870
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:56 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/js/jquery-3.5.1.js

35.199.30.104

200 OK

288 kB

URL GET
35.199.30.104:8080/static/js/jquery-3.5.1.js
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
JavaScript source, ASCII text
Size
288 kB (287632 bytes)
Hash
6cd09688969dece94039f4d7aee362e4
9fec1897e28aba38ae8c146f35f9ba37e8b0422c
2345d39b78d13dc50e6f897a7e066d95721210b7d80bf0dfe3923b0e0b296aa2

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/jquery-3.5.1.js HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 287632
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:56 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/js/bootstrap.min.js

35.199.30.104

200 OK

64 kB

URL GET
35.199.30.104:8080/static/js/bootstrap.min.js
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
JavaScript source, ASCII text, with very long lines (63188)
Size
64 kB (63467 bytes)
Hash
f0c2bcf5ef0c4476508d79ec9cdcce07
3beed68ed7d753c6bf4f61c26386ddd7929ba030
edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/bootstrap.min.js HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 63467
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:56 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/js/app/notify.js

35.199.30.104

200 OK

176 B

URL GET
35.199.30.104:8080/static/js/app/notify.js
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text
Size
176 B (176 bytes)
Hash
b26f8eedc6c186d46b9b62c45ede09f9
2e5e949fe069010a84e32357511e0c587bcebdf3
75714befaea48c4d28e3f3a0ae6dd661c43cb3acfd7e86f3c8a713b2b0d54307

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/app/notify.js HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 176
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:56 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/css/footer.css

35.199.30.104

200 OK

763 B

URL GET
35.199.30.104:8080/static/css/footer.css
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text
Size
763 B (763 bytes)
Hash
ae5343b1cd4a4b31e790b279dce428e8
4a0974cd0995125d37a1b4261f3b34f08ad9ae08
73333fcadfd8fae30c52e5049eaa661e1120f157a8ba0676bd9b4ae115b7e6e0

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/footer.css HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 763
Content-Type: text/css; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:55 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/js/bootstrap-notify.js

35.199.30.104

200 OK

12 kB

URL GET
35.199.30.104:8080/static/js/bootstrap-notify.js
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
JavaScript source, ASCII text, with very long lines (553)
Size
12 kB (11606 bytes)
Hash
1cbbd7bbe82c7f06b8e15cd9a467d8e9
288e08f46a7d03aa52d4728121fc29b6642576d5
6c92251e9da544454c66baed927afaa9201c5385e3d5a31c49f21fd32c4b7c39

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/bootstrap-notify.js HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 11606
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:56 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/css/bootstrap.css

35.199.30.104

200 OK

199 kB

URL GET
35.199.30.104:8080/static/css/bootstrap.css
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text, with very long lines (629)
Size
199 kB (199412 bytes)
Hash
6d0390c053b857e8d09db0cf724428fb
378ada231c632ef54b5590cc14af6cf9b2ff2ea6
7935e6d0f7278c760cd580d4904437bd87d9c45d417dfa58196cf6945aa60ab8

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/bootstrap.css HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 199412
Content-Type: text/css; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:55 GMT
Date: Thu, 17 Jul 2025 22:43:52 GMT

GET 35.199.30.104:8080/static/css/bootstrap4-toggle.min.css

35.199.30.104

200 OK

2.8 kB

URL GET
35.199.30.104:8080/static/css/bootstrap4-toggle.min.css
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text, with very long lines (2397)
Size
2.8 kB (2795 bytes)
Hash
645f82ba08fb36644e9f044bbf8bc7d5
f4e2a54dab518243b9372e92fd624b72488a2f4b
3b6bccef2618dcabdc24197d2a55a07162038b61b0fa85b7f7e59c787a5931e0

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/bootstrap4-toggle.min.css HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 2795
Content-Type: text/css; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:55 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/css/dataTables.bootstrap4.min.css

35.199.30.104

200 OK

5.2 kB

URL GET
35.199.30.104:8080/static/css/dataTables.bootstrap4.min.css
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text, with very long lines (5221)
Size
5.2 kB (5222 bytes)
Hash
edf78b080b220a78a2e9e68ce274a60d
b41b47aaeb2edecd173984a55ae1a76cd69d9854
17e0da2800a542eb7cee178c202ea84e101132e5a77bcf96cf12034fb8d7b8f0

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/dataTables.bootstrap4.min.css HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 5222
Content-Type: text/css; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:55 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/css/bootstrap-4.css

35.199.30.104

200 OK

44 kB

URL GET
35.199.30.104:8080/static/css/bootstrap-4.css
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text, with very long lines (377)
Size
44 kB (44410 bytes)
Hash
47394642509b673df12c0020bda8841a
52a901ccf5ec0bf8c74f146a1c9b05fcc8448c73
8fcae70c58e5aab73dc2f301289608eb6e513ff2f022566e88463823b54aeb27

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/bootstrap-4.css HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 44410
Content-Type: text/css; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:55 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/js/popper.min.js

35.199.30.104

200 OK

21 kB

URL GET
35.199.30.104:8080/static/js/popper.min.js
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
JavaScript source, ASCII text, with very long lines (21084)
Size
21 kB (21257 bytes)
Hash
84415b7368fd6fc764cbe86039ce0626
62f238e73348c77eb9e865426a7d1b7de23cbb2d
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/popper.min.js HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 21257
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:56 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/js/app/common.js

35.199.30.104

200 OK

869 B

URL GET
35.199.30.104:8080/static/js/app/common.js
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text
Size
869 B (869 bytes)
Hash
92f35e8045abf4cf88a351929948a233
66424e8e971f17ee7f46ec2e5dc234bd1b6acb86
ee5eb22f58686285a97e904c5ff6a5d00c25f9d853f0a7a9699b4bcde781e6b6

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/app/common.js HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 869
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:55 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/

35.199.30.104

401 Unauthorized

4.5 kB

URL User Request GET
35.199.30.104:8080/
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document, Unicode text, UTF-8 text
Size
4.5 kB (4511 bytes)
Hash
81c8ecb34c59eb6783a6c7f291083b50
2834fe2ff07db65bdde266aa011728d47cfd15e6
b78ec7d301f2d25c974800c136c583b7b5a25ec5ec13dbf04cae9817fa8045aa

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=utf-8
Www-Authenticate: JWT realm=chaos
Date: Thu, 17 Jul 2025 22:43:52 GMT
Transfer-Encoding: chunked

GET 35.199.30.104:8080/static/js/bootstrap4-toggle.min.js

35.199.30.104

200 OK

4.4 kB

URL GET
35.199.30.104:8080/static/js/bootstrap4-toggle.min.js
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
JavaScript source, ASCII text, with very long lines (3984)
Size
4.4 kB (4431 bytes)
Hash
71d2baa15048d5c2b897ae4c41988b2c
4bcfdf2effe58345c69ed61d13adba541a4281e2
a7a23eb6e02aa4a4217bb95d90fd72a3f0eed104588e6d4edeb792288892e003

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/bootstrap4-toggle.min.js HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 4431
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:56 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

GET 35.199.30.104:8080/static/css/main_custom.css

35.199.30.104

200 OK

696 B

URL GET
35.199.30.104:8080/static/css/main_custom.css
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text
Size
696 B (696 bytes)
Hash
f69730597a143c93037fbae25120d8a2
14f18bda74e2d9704713c00b21cbefac6ffff0da
7cab98de4756c0c0e50f41117b6fe484f27b801a53d8298ed428ba00630de487

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/main_custom.css HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 696
Content-Type: text/css; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:55 GMT
Date: Thu, 17 Jul 2025 22:43:52 GMT

GET 35.199.30.104:8080/static/css/font_awesome.css

35.199.30.104

200 OK

70 kB

URL GET
35.199.30.104:8080/static/css/font_awesome.css
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
ASCII text
Size
70 kB (70060 bytes)
Hash
1eee8ee89dd11681ebe77db29e2634bf
3b3b8a6b682cf7eb51ce10e9cb69a36da7d374ee
3c5e8c6ad66d889f3f73d3bd1d0f2e4945ebfbe47d28162ee206cd1b9e75d561

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/font_awesome.css HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 70060
Content-Type: text/css; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:55 GMT
Date: Thu, 17 Jul 2025 22:43:52 GMT

GET 35.199.30.104:8080/static/js/sweetalert2.min.js

35.199.30.104

200 OK

67 kB

URL GET
35.199.30.104:8080/static/js/sweetalert2.min.js
IP
35.199.30.104:8080
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://35.199.30.104:8080/

File type
JavaScript source, ASCII text, with very long lines (41633)
Size
67 kB (66848 bytes)
Hash
375f32d25f79dc7c64830873829a3366
3ce3f11c625ae6d5aff395a73edc5c54969b8536
f4ad91486a5b4f84863e5a7a10fbd619bd40d913fe100c3f7e307fcb1b5dd4a8

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/sweetalert2.min.js HTTP/1.1
Host: 35.199.30.104:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://35.199.30.104:8080/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 66848
Content-Type: text/javascript; charset=utf-8
Last-Modified: Sat, 26 Oct 2024 18:02:56 GMT
Date: Thu, 17 Jul 2025 22:43:53 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML