stealer.app - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 45.61.136.191, located in Los Angeles, United States and belongs to BLNWX, US. The main domain is stealer.app.
TLS certificate: Issued by R3 on March 2nd 2023. Valid for: 3 months.

This is the only time stealer.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
7	45.61.136.191 45.61.136.191		399629 (BLNWX) (BLNWX)
7	1

7 45.61.136.191 (Los Angeles, United States)

ASN399629 (BLNWX, US)

stealer.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	stealer.app stealer.app	574 KB
7	1

	Domain	Requested by
7	stealer.app	stealer.app
7	1

This site contains no links.

Subject Issuer	Validity	Valid
stealer.app R3	`2023-03-02` - `2023-05-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://stealer.app/
Frame ID: EF3220845055A0D2FDFBE77869D5A3AF
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

nnPWLgTcMVZOemhglmXYB

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

574 kB
Transfer

1662 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response stealer.app/	436 B 586 B	1236ms 174ms	Document text/html	45.61.136.191 BLNWX
General Check archive.org Show headers Download Go to Full URL https://stealer.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.61.136.191 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `08e655d65512c3adf93c90644ed702ca1d87867447c5e91ab50cd6ab56aca3bc` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Wed, 12 Apr 2023 21:11:46 GMT ETag W/"6414b87f-1b4" Last-Modified Fri, 17 Mar 2023 18:59:11 GMT Server nginx/1.18.0 (Ubuntu) Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	main.33885602.js Show response stealer.app/static/js/	1 MB 410 KB	355ms 354ms	Script application/javascript	45.61.136.191 BLNWX
General Check archive.org Show headers Download Go to Full URL https://stealer.app/static/js/main.33885602.js Requested by Host: stealer.app URL: https://stealer.app/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.61.136.191 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `ee473bfc1571c7349cd9567c9bdd23d095a283ecbbc5d87aec9ce1786df05651` Request headers accept-language de-DE,de;q=0.9 Referer https://stealer.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 12 Apr 2023 21:11:46 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 18:59:11 GMT Server nginx/1.18.0 (Ubuntu) ETag W/"6414b87f-176c65" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Connection keep-alive
POST H/1.1	200 OK	auth Show response stealer.app/api/	67 B 781 B	681ms 681ms	Fetch application/json	45.61.136.191 BLNWX
General Check archive.org Show headers Download Go to Full URL https://stealer.app/api/auth Requested by Host: stealer.app URL: https://stealer.app/static/js/main.33885602.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.61.136.191 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Express Resource Hash `1895e65f0efcdfd3b04b38f710b0d5bfb889ea0eccfe3786e58a71e4768601d8` Request headers Referer https://stealer.app/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 content-type application/x-www-form-urlencoded Response headers Date Wed, 12 Apr 2023 21:11:47 GMT Content-Encoding br CF-Cache-Status DYNAMIC NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server nginx/1.18.0 (Ubuntu) X-Powered-By Express ETag W/"43-H7N2Ot+SkcQzg0CLFuTNJ+hghKo" Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EGYn9a86sl%2Fj1HbxoqO6xWOb35rUtKcZkpWmBhcqeF%2BAXpjav0k2B1WMwicEwQkUuFr1g7hwYiiO2rg2MSoJHq1qQTYOnBMxMPcP53k8XD2i%2Bhtg4zJ8113H5RsJRg%3D%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/json; charset=utf-8 Connection keep-alive CF-RAY 7b6e76b95cc52a94-LAX alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H/1.1	200 OK	Inter500.6ec7ed4e8bb2539ef7f1.woff2 stealer.app/static/media/	22 KB 23 KB	176ms 175ms	Font application/octet-stream	45.61.136.191 BLNWX
General Check archive.org Show headers Download Go to Full URL https://stealer.app/static/media/Inter500.6ec7ed4e8bb2539ef7f1.woff2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.61.136.191 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `f30e3427416f89e608b5abb868cdc1a970f628692a6363f06ed6e153514cdd99` Request headers Referer https://stealer.app/ Origin https://stealer.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 12 Apr 2023 21:11:48 GMT Last-Modified Fri, 17 Mar 2023 18:59:11 GMT Server nginx/1.18.0 (Ubuntu) ETag "6414b87f-58f8" Content-Type application/octet-stream Connection keep-alive Accept-Ranges bytes Content-Length 22776
GET H/1.1	200 OK	Inter700.ec64ea577b0349e055ad.woff2 stealer.app/static/media/	104 KB 104 KB	351ms 175ms	Font application/octet-stream	45.61.136.191 BLNWX
General Check archive.org Show headers Download Go to Full URL https://stealer.app/static/media/Inter700.ec64ea577b0349e055ad.woff2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.61.136.191 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7` Request headers Referer https://stealer.app/ Origin https://stealer.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 12 Apr 2023 21:11:48 GMT Last-Modified Fri, 17 Mar 2023 18:59:11 GMT Server nginx/1.18.0 (Ubuntu) ETag "6414b87f-19e9c" Content-Type application/octet-stream Connection keep-alive Accept-Ranges bytes Content-Length 106140
GET H/1.1	200 OK	Inter600.e395c69c1e9b3eecf384.woff2 stealer.app/static/media/	22 KB 22 KB	696ms 348ms	Font application/octet-stream	45.61.136.191 BLNWX
General Check archive.org Show headers Download Go to Full URL https://stealer.app/static/media/Inter600.e395c69c1e9b3eecf384.woff2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.61.136.191 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `d1ef4390c4596a1a06003c2145be22885ef0196e0abe0165a95f90cc0524ba99` Request headers Referer https://stealer.app/ Origin https://stealer.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 12 Apr 2023 21:11:48 GMT Last-Modified Fri, 17 Mar 2023 18:59:11 GMT Server nginx/1.18.0 (Ubuntu) ETag "6414b87f-5830" Content-Type application/octet-stream Connection keep-alive Accept-Ranges bytes Content-Length 22576
GET H/1.1	200 OK	DMMono500.36e961e1a43113ab3885.woff2 stealer.app/static/media/	14 KB 15 KB	695ms 347ms	Font application/octet-stream	45.61.136.191 BLNWX
General Check archive.org Show headers Download Go to Full URL https://stealer.app/static/media/DMMono500.36e961e1a43113ab3885.woff2 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.61.136.191 Los Angeles, United States, ASN399629 (BLNWX, US), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `4a876d5c36b19c51da005b3f0854f1dc876745dba569a1b8fc6171a8f7670d3b` Request headers Referer https://stealer.app/ Origin https://stealer.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 12 Apr 2023 21:11:48 GMT Last-Modified Fri, 17 Mar 2023 18:59:11 GMT Server nginx/1.18.0 (Ubuntu) ETag "6414b87f-394c" Content-Type application/octet-stream Connection keep-alive Accept-Ranges bytes Content-Length 14668

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| saveAs function| _ object| __REACT_INTL_CONTEXT__

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

stealer.app
45.61.136.191
08e655d65512c3adf93c90644ed702ca1d87867447c5e91ab50cd6ab56aca3bc
1895e65f0efcdfd3b04b38f710b0d5bfb889ea0eccfe3786e58a71e4768601d8
4a876d5c36b19c51da005b3f0854f1dc876745dba569a1b8fc6171a8f7670d3b
c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7
d1ef4390c4596a1a06003c2145be22885ef0196e0abe0165a95f90cc0524ba99
ee473bfc1571c7349cd9567c9bdd23d095a283ecbbc5d87aec9ce1786df05651
f30e3427416f89e608b5abb868cdc1a970f628692a6363f06ed6e153514cdd99

stealer.app Open in urlscan Pro 45.61.136.191 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

574 kBTransfer

1662 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

0 Cookies

Indicators

stealer.app Open in urlscan Pro
45.61.136.191 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

574 kB
Transfer

1662 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions