103.16.215.175 Open in urlscan Pro
103.16.215.175 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://103.16.215.175/?fbclid=
Effective URL:
https://103.16.215.175/?fbclid=
Submission: On May 29 via manual (May 29th 2024, 2:18:08 am UTC) from VN — Scanned from DE

Summary HTTP 25 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 25 HTTP transactions. The main IP is 103.16.215.175, located in Viet Nam and belongs to HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN. The main domain is 103.16.215.175.
TLS certificate: Issued by mkcert EGOHVLBTYIAMXPW\Administrator@... on May 23rd 2024. Valid for: 2 years.

This is the only time 103.16.215.175 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
17	103.16.215.175 103.16.215.175	140815 (HTTVSERVE...) (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED)
1	18.173.187.113 18.173.187.113	16509 (AMAZON-02) (AMAZON-02)
25	3

17 103.16.215.175 (Viet Nam)

ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN)

103.16.215.175	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.187.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-113.muc50.r.cloudfront.net

cdn.socket.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	socket.io cdn.socket.io — Cisco Umbrella Rank: 36572	15 KB
0	Failed function sub() { [native code] }. Failed
25	2

	Domain	Requested by
1	cdn.socket.io	103.16.215.175
0	103.16.215.175 Failed	cdn.socket.io
25	2

This site contains no links.

Subject Issuer	Validity	Valid
mkcert EGOHVLBTYIAMXPW\Administrator@EGOHVLBTYIAMXPW	`2024-05-23` - `2026-08-23`	2 years	crt.sh
cdn.socket.io Amazon RSA 2048 M03	`2023-10-22` - `2024-11-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://103.16.215.175/?fbclid=
Frame ID: 4B487BF0DC5C43B327EB7F190D321F52
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Facebook

Page URL History Show full URLs

http://103.16.215.175/?fbclid= HTTP 307
https://103.16.215.175/?fbclid= Page URL

Detected technologies

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

Page Statistics

25
Requests

4 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1454 kB
Transfer

2519 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://103.16.215.175/?fbclid= HTTP 307
https://103.16.215.175/?fbclid= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
103.16.215.175/
Redirect Chain

http://103.16.215.175/?fbclid=
https://103.16.215.175/?fbclid=

1 MB
1 MB

1347ms
633ms

Document
text/html

103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/?fbclid=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 62e5924ec81c8a5b59c9f9a98e904e06d5dc14168a7124e4ab14c957749bd9aa

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Disposition: inline; filename=index.html
Content-Length: 1468962
Content-Type: text/html; charset=utf-8
Date: Wed, 29 May 2024 02:17:56 GMT
ETag: "1715458608.6734746-1468962-3748665287"
Last-Modified: Sat, 11 May 2024 20:16:48 GMT
Server: nginx/1.24.0

Redirect headers

Location: https://103.16.215.175/?fbclid=
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 socket.io.min.js Show response
cdn.socket.io/4.7.5/ 49 KB
15 KB 120ms
32ms Script
application/javascript 18.173.187.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.socket.io/4.7.5/socket.io.min.js

Requested by

Host: 103.16.215.175
URL: https://103.16.215.175/?fbclid=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.187.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-187-113.muc50.r.cloudfront.net

Software

Vercel /

Resource Hash

73eba16bc895fdfa454e27ecb80def31ede8d861f99e175ff93b110eabec044f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://103.16.215.175/
Origin: https://103.16.215.175
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 14 Mar 2024 17:31:13 GMT
content-encoding: gzip
via: 1.1 7949f2957c23173b6f2b16db26ab42f6.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000
x-amz-cf-pop: MUC50-P4
age: 6511604
x-cache: Hit from cloudfront
content-disposition: inline; filename="socket.io.min.js"
server: Vercel
x-vercel-id: fra1::bplzj-1710437473433-91b2047e89fc
etag: W/"777eb8fd4f8320b6e5cc9a7159bdec6a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: qZU5xkr5nW-MDcAnYIPYWDdGzp51xg-RlJt3Xns1dldvNwevgide4Q==

GET
H/1.1 200
OK / Show response
103.16.215.175/socket.io/ 97 B
319 B 1023ms
341ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28ysb
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 56e2117da96703263f2b2c1412c088f12edc61f7be75cc7db2352ca451fa3b38

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: */*
Referer: https://103.16.215.175/?fbclid=
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:17:58 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 388bbefc3d8aaa1f470a7a8ac0aacdfdc23e35a73250ff521ec0c02b2307ab23

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 283 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bfdad424a51e11ef88c6a3a32bfb78605b769fb7af8c891e9eb6a68b4a52a7da

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1bf32eebc96d971f46d8e5dc0941375b98ece6c2c3e9138502ed4f9d82882d9e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff07adf92416d61fe8408504940902fac913581b92a9947652c2f8d2db819f2b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 342ms
341ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28z6c&sid=BymQLBIMW4LNbcGcACyY
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:17:58 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET /
103.16.215.175/socket.io/ 0
0

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 339ms
339ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zB-&sid=BymQLBIMW4LNbcGcACyY
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:17:59 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET
DATA 200
OK truncated
/ 745 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4be99519c4e42b5e733d599ba5d0d40c34e63dcf70dfdf7238e5501a943f7ef8

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK / Show response
103.16.215.175/socket.io/ 97 B
319 B 321ms
321ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zSt
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 844ce42c53fef4aa00955286c05d9aed1decc4b82fcfe60b1455ac57b51767ec

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: */*
Referer: https://103.16.215.175/?fbclid=
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:00 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 317ms
317ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zXw&sid=XM3MLZ1CFl9wuEwfACyZ
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:00 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET /
103.16.215.175/socket.io/ 0
0

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 319ms
319ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zcw&sid=XM3MLZ1CFl9wuEwfACyZ
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:00 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET
H/1.1 200
OK / Show response
103.16.215.175/socket.io/ 97 B
319 B 319ms
319ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zol
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 1e772a0cfbe5b354d47dfc334429050898480f7ccbcd373a31979311c432fa40

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: */*
Referer: https://103.16.215.175/?fbclid=
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:01 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 324ms
323ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28ztn&sid=6KlJUFZ44MpcC0ZtACya
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:01 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET /
103.16.215.175/socket.io/ 0
0

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 757ms
367ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zys&sid=6KlJUFZ44MpcC0ZtACya
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:02 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET
H/1.1 200
OK / Show response
103.16.215.175/socket.io/ 97 B
319 B 357ms
357ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28-9H
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 45a84bdeb1cc21712cad93392028625681a9ccbf0bfea1168c96a8276898809d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: */*
Referer: https://103.16.215.175/?fbclid=
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:02 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 358ms
357ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28-Eu&sid=-CltBclE0IQHx7VXACyb
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:03 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET /
103.16.215.175/socket.io/ 0
0

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 363ms
363ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28-KV&sid=-CltBclE0IQHx7VXACyb
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:03 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET
H/1.1 200
OK / Show response
103.16.215.175/socket.io/ 97 B
319 B 1894ms
1893ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28-fv
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 334595d12148df23ff61cd9aa364c642ef009b05815c49bb4bf7d599b676bb8c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: */*
Referer: https://103.16.215.175/?fbclid=
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:06 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 356ms
356ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28_7X&sid=3FvERVkYNhjmGVA7ACyc
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:06 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET /
103.16.215.175/socket.io/ 0
0

POST
H/1.1 400
BAD REQUEST / Show response
103.16.215.175/socket.io/ 25 B
201 B 686ms
360ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28_D8&sid=3FvERVkYNhjmGVA7ACyc
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: 2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: text/plain;charset=UTF-8
Accept: */*
Referer: https://103.16.215.175/?fbclid=
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:07 GMT
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain

GET
H/1.1 200
OK / Show response
103.16.215.175/socket.io/ 97 B
319 B 373ms
373ms XHR
text/plain 103.16.215.175
HTTVSERVER-VN HTT...

General

Check archive.org

Show headers Download Go to

Full URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28_Qe
Requested by: Host: cdn.socket.io
URL: https://cdn.socket.io/4.7.5/socket.io.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 103.16.215.175 , Viet Nam, ASN140815 (HTTVSERVER-VN HTTVSERVER TECHNOLOGY COMPANY LIMITED, VN),
Reverse DNS
Software: nginx/1.24.0 /
Resource Hash: fc2185538a9e901c3f19c07c425912202ec11c759d1746ea1650807a2e6a0fca

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: */*
Referer: https://103.16.215.175/?fbclid=
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 29 May 2024 02:18:08 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.24.0
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8

POST /
103.16.215.175/socket.io/ 0
0

GET /
103.16.215.175/socket.io/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 103.16.215.175
URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28z6c.0&sid=BymQLBIMW4LNbcGcACyY

Domain: 103.16.215.175
URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zXx&sid=XM3MLZ1CFl9wuEwfACyZ

Domain: 103.16.215.175
URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28ztn.0&sid=6KlJUFZ44MpcC0ZtACya

Domain: 103.16.215.175
URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28-Eu.0&sid=-CltBclE0IQHx7VXACyb

Domain: 103.16.215.175
URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28_7Y&sid=3FvERVkYNhjmGVA7ACyc

Domain: 103.16.215.175
URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28_WW&sid=tKdYP2nXVWoI0A89ACyd

Domain: 103.16.215.175
URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28_WW.0&sid=tKdYP2nXVWoI0A89ACyd

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| io object| socket function| nextPage

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28z6c&sid=BymQLBIMW4LNbcGcACyY Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)
network	warning	URL: https://cdn.socket.io/4.7.5/socket.io.min.js(Line 5) Message: WebSocket connection to 'wss://103.16.215.175/socket.io/?EIO=4&transport=websocket&sid=BymQLBIMW4LNbcGcACyY' failed: WebSocket is closed before the connection is established.
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zB-&sid=BymQLBIMW4LNbcGcACyY Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zXw&sid=XM3MLZ1CFl9wuEwfACyZ Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)
network	warning	URL: https://cdn.socket.io/4.7.5/socket.io.min.js(Line 5) Message: WebSocket connection to 'wss://103.16.215.175/socket.io/?EIO=4&transport=websocket&sid=XM3MLZ1CFl9wuEwfACyZ' failed: WebSocket is closed before the connection is established.
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zcw&sid=XM3MLZ1CFl9wuEwfACyZ Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28ztn&sid=6KlJUFZ44MpcC0ZtACya Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)
network	warning	URL: https://cdn.socket.io/4.7.5/socket.io.min.js(Line 5) Message: WebSocket connection to 'wss://103.16.215.175/socket.io/?EIO=4&transport=websocket&sid=6KlJUFZ44MpcC0ZtACya' failed: WebSocket is closed before the connection is established.
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28zys&sid=6KlJUFZ44MpcC0ZtACya Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28-Eu&sid=-CltBclE0IQHx7VXACyb Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)
network	warning	URL: https://cdn.socket.io/4.7.5/socket.io.min.js(Line 5) Message: WebSocket connection to 'wss://103.16.215.175/socket.io/?EIO=4&transport=websocket&sid=-CltBclE0IQHx7VXACyb' failed: WebSocket is closed before the connection is established.
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28-KV&sid=-CltBclE0IQHx7VXACyb Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28_7X&sid=3FvERVkYNhjmGVA7ACyc Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)
network	warning	URL: https://cdn.socket.io/4.7.5/socket.io.min.js(Line 5) Message: WebSocket connection to 'wss://103.16.215.175/socket.io/?EIO=4&transport=websocket&sid=3FvERVkYNhjmGVA7ACyc' failed: WebSocket is closed before the connection is established.
network	error	URL: https://103.16.215.175/socket.io/?EIO=4&transport=polling&t=O_28_D8&sid=3FvERVkYNhjmGVA7ACyc Message: Failed to load resource: the server responded with a status of 400 (BAD REQUEST)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

103.16.215.175
cdn.socket.io
103.16.215.175
103.16.215.175
18.173.187.113
1bf32eebc96d971f46d8e5dc0941375b98ece6c2c3e9138502ed4f9d82882d9e
1e772a0cfbe5b354d47dfc334429050898480f7ccbcd373a31979311c432fa40
2abec5323a68cb966f80b34bd91a5a433f313a6a35c0498651a4aed8acc7670c
334595d12148df23ff61cd9aa364c642ef009b05815c49bb4bf7d599b676bb8c
388bbefc3d8aaa1f470a7a8ac0aacdfdc23e35a73250ff521ec0c02b2307ab23
45a84bdeb1cc21712cad93392028625681a9ccbf0bfea1168c96a8276898809d
4be99519c4e42b5e733d599ba5d0d40c34e63dcf70dfdf7238e5501a943f7ef8
56e2117da96703263f2b2c1412c088f12edc61f7be75cc7db2352ca451fa3b38
62e5924ec81c8a5b59c9f9a98e904e06d5dc14168a7124e4ab14c957749bd9aa
73eba16bc895fdfa454e27ecb80def31ede8d861f99e175ff93b110eabec044f
844ce42c53fef4aa00955286c05d9aed1decc4b82fcfe60b1455ac57b51767ec
bfdad424a51e11ef88c6a3a32bfb78605b769fb7af8c891e9eb6a68b4a52a7da
fc2185538a9e901c3f19c07c425912202ec11c759d1746ea1650807a2e6a0fca
ff07adf92416d61fe8408504940902fac913581b92a9947652c2f8d2db819f2b

103.16.215.175 Open in urlscan Pro 103.16.215.175 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

4 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

1454 kBTransfer

2519 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

15 Console Messages

Indicators

103.16.215.175 Open in urlscan Pro
103.16.215.175 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

4 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1454 kB
Transfer

2519 kB
Size

0
Cookies

25 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!