urlscan.io logo urlscan.io
SecurityTrails logo

34.134.154.94 Open in urlscan Pro
34.134.154.94  Public Scan

Go To Rescan Add Verdict Report
URL: http://34.134.154.94/
Submission Tags: c2 malware steam Search All
Submission: On January 07 via api from US — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 0 domains to perform 3 HTTP transactions. The main IP is 34.134.154.94, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is 34.134.154.94.
This is the only time 34.134.154.94 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 34.134.154.94 396982 (GOOGLE-CL...)
3 1
Apex Domain
Subdomains		 Transfer
3 0
Domain Requested by
3 0

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://34.134.154.94/
Frame ID: 4E99103F816C30DD0E76A572A46FAD1B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

C2 Dashboard - Steam Stealer

Page URL History Show full URLs

  1. http://34.134.154.94/ HTTP 307
    https://34.134.154.94/ HTTP 307
    http://34.134.154.94/ Page URL

Page Statistics

3
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

1
IPs

1
Countries

27 kB
Transfer

26 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://34.134.154.94/ HTTP 307
    https://34.134.154.94/ HTTP 307
    http://34.134.154.94/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
34.134.154.94/
Redirect Chain
  • http://34.134.154.94/
  • https://34.134.154.94/
  • http://34.134.154.94/
12 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://34.134.154.94/
Protocol
HTTP/1.1
Server
34.134.154.94 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
94.154.134.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
779099dc13d1399fb88bc772c0d21477ce30fcbc224cfc006db0adde73939a04

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Content-Length
12006
Content-Type
text/html; charset=UTF-8
Date
Wed, 07 Jan 2026 20:45:41 GMT
ETag
W/"2ee6-19b94c202e3"
Keep-Alive
timeout=5
Last-Modified
Tue, 06 Jan 2026 19:21:41 GMT
X-Powered-By
Express

Redirect headers

Location
http://34.134.154.94/
Non-Authoritative-Reason
HttpsUpgrades
app.js
34.134.154.94/ 		14 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://34.134.154.94/app.js
Requested by
Host: 34.134.154.94
URL: http://34.134.154.94/
Protocol
HTTP/1.1
Server
34.134.154.94 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
94.154.134.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
f5c86a01b234e5fdcb469c40d97c165c4ef5e3a7467a6d384c2298b66bb6976f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
http://34.134.154.94/

Response headers

Cache-Control
public, max-age=0
ETag
W/"36e9-19b95279739"
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
14057
Keep-Alive
timeout=5
Date
Wed, 07 Jan 2026 20:45:41 GMT
Last-Modified
Tue, 06 Jan 2026 21:12:38 GMT
X-Powered-By
Express
Content-Type
application/javascript; charset=UTF-8
favicon.ico
34.134.154.94/ 		150 B
454 B 		Other
General
Check archive.org
Download Go to
Full URL
http://34.134.154.94/favicon.ico
Protocol
HTTP/1.1
Server
34.134.154.94 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
94.154.134.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
Security Headers
Name Value
Content-Security-Policy default-src 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Referer
http://34.134.154.94/

Response headers

Content-Security-Policy
default-src 'none'
Connection
keep-alive
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
Content-Length
150
Keep-Alive
timeout=5
Date
Wed, 07 Jan 2026 20:45:41 GMT
Content-Type
text/html; charset=utf-8
X-Powered-By
Express

Verdicts & Comments Add Verdict or Comment

14 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

function| fetchWithAuth function| logout function| showDashboard function| loadStats function| loadSessions function| viewSession function| deleteSession function| generateKey function| loadAllCaptures function| downloadBase64File function| switchTab function| closeModal function| getCaptureIcon function| escapeHtml

0 Cookies

2 Console Messages

Source Level URL
Text
recommendation verbose URL: http://34.134.154.94/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: http://34.134.154.94/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

34.134.154.94
6e21162bc64073fe9e3d3d6375ca24d04fed1912a5b7716aac0cb0f2d16fae7c
779099dc13d1399fb88bc772c0d21477ce30fcbc224cfc006db0adde73939a04
f5c86a01b234e5fdcb469c40d97c165c4ef5e3a7467a6d384c2298b66bb6976f