jx2-bavuong.com
158.247.208.239 Public Scan Open in urlscan Pro

Go To Rescan
Add Verdict Report

URL:
http://jx2-bavuong.com/newbot/login.php 6yr old
Submission Tags: c2 malware bluebotnet Search All
Submission: On November 27 via api (November 27th 2020, 2:03:25 am UTC) from US

Summary HTTP 6 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 158.247.208.239, located in United States and belongs to AS-CHOOPA, US. The main domain is jx2-bavuong.com. 6yr old

This is the only time jx2-bavuong.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
5	158.247.208.239 158.247.208.239		20473 (AS-CHOOPA) (AS-CHOOPA)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b		20446 (HIGHWINDS3) (HIGHWINDS3)
6	2

5 158.247.208.239 (United States)

ASN20473 (AS-CHOOPA, US)

jx2-bavuong.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
5	jx2-bavuong.com jx2-bavuong.com 6yr old	149 KB
1	jquery.com code.jquery.com 13yr old	82 KB
6	2

	Domain	Requested by
5	jx2-bavuong.com	jx2-bavuong.com
1	code.jquery.com	jx2-bavuong.com
6	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://jx2-bavuong.com/newbot/login.php
Frame ID: 799223302A2A3BDFBA6BCF85CA446A8C
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i
headers server /php\/?([\d.]+)?/i

Windows Server (Operating systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Win32|Win64/i

Bootstrap (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

OpenSSL (Web server extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

mod_dav (Web server extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /\b(?:mod_)?DAV\b(?:\/([\d.]+))?/i

mod_ssl (Web server extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /mod_ssl(?:\/([\d.]+))?/i

Modernizr (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

jQuery (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Apache () Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
headers server /\b(?:mod_)?DAV\b(?:\/([\d.]+))?/i
headers server /mod_ssl(?:\/([\d.]+))?/i

Page Statistics

6
Requests

0 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

232 kB
Transfer

425 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response jx2-bavuong.com/newbot/	2 KB 2 KB	905ms 558ms	Document text/html	158.247.208.239 AS-CHOOPA
General Check archive.org Download Go to Full URL http://jx2-bavuong.com/newbot/login.php Protocol HTTP/1.1 Server 158.247.208.239 , United States, ASN20473 (AS-CHOOPA, US), Reverse DNS Software Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 / PHP/5.2.9 Resource Hash `4dbb17663d1d98673341d6fc511348ab9ce1e175d11119fd9d04bb5b77ac6f09` Request headers Host jx2-bavuong.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 27 Nov 2020 10:03:26 GMT Server Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 X-Powered-By PHP/5.2.9 Content-Length 1636 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	bootstrap.css jx2-bavuong.com/newbot/css/	118 KB 119 KB	289ms 287ms	Stylesheet text/css	158.247.208.239 AS-CHOOPA
General Check archive.org Download Go to Full URL http://jx2-bavuong.com/newbot/css/bootstrap.css Requested by Host: jx2-bavuong.com URL: http://jx2-bavuong.com/newbot/login.php Protocol HTTP/1.1 Server 158.247.208.239 , United States, ASN20473 (AS-CHOOPA, US), Reverse DNS Software Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 / Resource Hash `0e430441e9833f9e3b9219b4837068670afbb50171678365b95f45de9291b632` Request headers Referer http://jx2-bavuong.com/newbot/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 27 Nov 2020 10:03:26 GMT Last-Modified Sat, 07 Jun 2014 13:30:41 GMT Server Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 ETag "200000001531a-1d984-4fb3efbfd637b" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 121220
GET H/1.1	404 Not Found	stili-custom.css jx2-bavuong.com/newbot/css/	0 0	592ms 574ms	Stylesheet text/html	158.247.208.239 AS-CHOOPA
General Check archive.org Download Go to Full URL http://jx2-bavuong.com/newbot/css/stili-custom.css Requested by Host: jx2-bavuong.com URL: http://jx2-bavuong.com/newbot/login.php Protocol HTTP/1.1 Server 158.247.208.239 , United States, ASN20473 (AS-CHOOPA, US), Reverse DNS Software Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 / Resource Hash Request headers Referer http://jx2-bavuong.com/newbot/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 27 Nov 2020 10:03:26 GMT Server Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 Vary accept-language,accept-charset Content-Language en Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Content-Type text/html; charset=iso-8859-1 Keep-Alive timeout=5, max=100
GET H/1.1	404 Not Found	modernizr.custom.js jx2-bavuong.com/newbot/js/	0 0	618ms 600ms	Script text/html	158.247.208.239 AS-CHOOPA
General Check archive.org Download Go to Full URL http://jx2-bavuong.com/newbot/js/modernizr.custom.js Requested by Host: jx2-bavuong.com URL: http://jx2-bavuong.com/newbot/login.php Protocol HTTP/1.1 Server 158.247.208.239 , United States, ASN20473 (AS-CHOOPA, US), Reverse DNS Software Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 / Resource Hash Request headers Referer http://jx2-bavuong.com/newbot/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 27 Nov 2020 10:03:26 GMT Server Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 Vary accept-language,accept-charset Content-Language en Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Content-Type text/html; charset=iso-8859-1 Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	jquery.js Show response code.jquery.com/	276 KB 82 KB	14ms 7ms	Script application/javascript	2001:4de0:ac19::1:b:3b HIGHWINDS3
General Check archive.org Download Go to Full URL http://code.jquery.com/jquery.js Requested by Host: jx2-bavuong.com URL: http://jx2-bavuong.com/newbot/login.php Protocol HTTP/1.1 Server 2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash `3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc` Request headers Referer http://jx2-bavuong.com/newbot/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 27 Nov 2020 02:03:26 GMT Content-Encoding gzip Last-Modified Fri, 24 Oct 2014 00:16:08 GMT Server nginx ETag W/"54499a48-4508e" Vary Accept-Encoding X-HW 1606442606.dop159.fr8.t,1606442606.cds051.fr8.c Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=315360000, public Connection Keep-Alive Accept-Ranges bytes Content-Length 83875
GET H/1.1	200 OK	bootstrap.min.js Show response jx2-bavuong.com/newbot/js/	28 KB 29 KB	583ms 565ms	Script application/javascript	158.247.208.239 AS-CHOOPA
General Check archive.org Download Go to Full URL http://jx2-bavuong.com/newbot/js/bootstrap.min.js Requested by Host: jx2-bavuong.com URL: http://jx2-bavuong.com/newbot/login.php Protocol HTTP/1.1 Server 158.247.208.239 , United States, ASN20473 (AS-CHOOPA, US), Reverse DNS Software Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 / Resource Hash `898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1` Request headers Referer http://jx2-bavuong.com/newbot/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 27 Nov 2020 10:03:26 GMT Last-Modified Thu, 13 Feb 2014 14:54:42 GMT Server Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 ETag "2000000015324-71b6-4f24ade8b1080" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 29110

Verdicts & Comments Add Verdict or Comment

8 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| jQuery111106511808741400533

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
jx2-bavuong.com
158.247.208.239
2001:4de0:ac19::1:b:3b
0e430441e9833f9e3b9219b4837068670afbb50171678365b95f45de9291b632
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
4dbb17663d1d98673341d6fc511348ab9ce1e175d11119fd9d04bb5b77ac6f09
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1