urlscan.io logo urlscan.io
SecurityTrails logo

134.122.197.80
134.122.197.80  Public Scan Open in urlscan Pro

Go To Rescan Add Verdict Report
URL: http://134.122.197.80/Bunny/login.php
Submission Tags: c2 malware bunnyloader Search All
Submission: On December 22 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 4 HTTP transactions. The main IP is 134.122.197.80, located in Singapore and belongs to BCPL-SG BGPNET Global ASN, SG. The main domain is 134.122.197.80.
This is the only time 134.122.197.80 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 134.122.197.80 64050 (BCPL-SG B...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 2
Apex Domain
Subdomains		 Transfer
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204 13yr old
88 KB
4 1
Domain Requested by
2 cdnjs.cloudflare.com 134.122.197.80
cdnjs.cloudflare.com
4 1

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 1yr crt.sh

This page contains 1 frames:

Primary Page: http://134.122.197.80/Bunny/login.php
Frame ID: 9D2C7ACCF45BFB269E18E6FDA3CDE4AC
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BunnyLoader | Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

4
Requests

50 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

108 kB
Transfer

154 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
134.122.197.80/Bunny/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://134.122.197.80/Bunny/login.php
Protocol
HTTP/1.1
Server
134.122.197.80 , Singapore, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 / PHP/8.2.4
Resource Hash
0301113a4235a37cdedd90315473f0ca6f604acd4573fdf1fd1a975b5dbec66f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Length
2249
Content-Type
text/html; charset=UTF-8
Date
Fri, 22 Dec 2023 13:17:19 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
X-Powered-By
PHP/8.2.4
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/ 		58 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css
Requested by
Host: 134.122.197.80
URL: http://134.122.197.80/Bunny/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://134.122.197.80/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 13:17:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2021582
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
10482
last-modified
Tue, 01 Aug 2023 16:35:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"64c93458-28f2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EuNfW65FwfgD3pS3nGoYZNAJXyjsUqafuXWoFKS2Xddd0Rpi4xXJN%2Barcc47a5tKeZpK4PXxeFzhmnGc5BDchGC8fTGAQGE7WDds0f8H%2FzDOZoflIvtcaTSNlWfU%2BaWk1%2FACKd7grpY%2B3dzT4%2BG7%2FG8O"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8398a4f86ce73558-WAW
expires
Wed, 11 Dec 2024 13:17:20 GMT
Capture.PNG
134.122.197.80/Bunny/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://134.122.197.80/Bunny/Capture.PNG
Requested by
Host: 134.122.197.80
URL: http://134.122.197.80/Bunny/login.php
Protocol
HTTP/1.1
Server
134.122.197.80 , Singapore, ASN64050 (BCPL-SG BGPNET Global ASN, SG),
Reverse DNS
Software
Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 /
Resource Hash
2f92e26a0f0fa24ebc7eedffa2cbafe9194fb49ec84fbb75a3577c9660170654

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://134.122.197.80/Bunny/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Fri, 22 Dec 2023 13:17:19 GMT
Last-Modified
Sun, 17 Sep 2023 14:16:53 GMT
Server
Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
ETag
"4693-6058ead68d778"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
18067
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/webfonts/ 		76 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2699316cb83af2502422d101e81564b0492785cab2fdfbdc256f90e1c4ad5606
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css
Origin
http://134.122.197.80
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 22 Dec 2023 13:17:20 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
148887
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
78196
last-modified
Tue, 01 Aug 2023 16:35:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"64c93458-13174"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=frG6lQCz3C2BfpWxZm9Pw1SjB94WSc96BuBUwfKvamOOzX9QhDVFSWclrrnGBhGW8Fa0kb0Uaj0Eh6rpyV9UaBYJ%2FK7d1Hz23P%2FtrsnlZmprirUer8LV%2FtVxvBriv2YaChCR1JYKlLjkSCY2SXtfQpJk"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8398a4f8ef5a34b2-WAW
expires
Wed, 11 Dec 2024 13:17:20 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

0 Cookies