urlscan.io logo urlscan.io
SecurityTrails logo

103.82.242.104 Open in urlscan Pro
103.82.242.104  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://dnsteen.net/
Effective URL: http://103.82.242.104/
Submission: On April 27 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 103.82.242.104, located in Indonesia and belongs to EXBCOID-AS-AP PT. EXABYTES NETWORK INDONESIA, ID. The main domain is 103.82.242.104.
This is the only time 103.82.242.104 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.202.122.77 14618 (AMAZON-AES)
1 103.82.242.104 136170 (EXBCOID-A...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2
Apex Domain
Subdomains		 Transfer
1 aos789.xyz
aos789.xyz
1 dnsteen.net
dnsteen.net
240 B
2 2
Domain Requested by
1 aos789.xyz 103.82.242.104
1 dnsteen.net 1 redirects
2 2

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-04-13 -
2020-10-09		 6 months crt.sh

This page contains 2 frames:

Primary Page: http://103.82.242.104/
Frame ID: F1D8C55A0A13D6AA1157EAA80F424C87
Requests: 1 HTTP requests in this frame

Frame: https://aos789.xyz/
Frame ID: 0DE839EECBE75514AB9F0CC45B6A3520
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://dnsteen.net/ HTTP 301
    http://103.82.242.104/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

2
Requests

50 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

3 kB
Transfer

3 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dnsteen.net/ HTTP 301
    http://103.82.242.104/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
103.82.242.104/
Redirect Chain
  • http://dnsteen.net/
  • http://103.82.242.104/
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://103.82.242.104/
Protocol
HTTP/1.1
Server
103.82.242.104 , Indonesia, ASN136170 (EXBCOID-AS-AP PT. EXABYTES NETWORK INDONESIA, ID),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
ed94a91ec19f410cd5b587275f21ddf95a8ea0319fd1ab52c007ed238da13bc5

Request headers

Host
103.82.242.104
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/html
Last-Modified
Mon, 13 Apr 2020 12:34:37 GMT
Accept-Ranges
bytes
ETag
"b5fdc7e48f11d61:0"
Server
Microsoft-IIS/8.5
Date
Mon, 27 Apr 2020 01:08:32 GMT
Content-Length
3248

Redirect headers

Date
Mon, 27 Apr 2020 1:08:27 GMT
Connection
Keep-Alive
Content-Length
0
Cache-Control
private, no-cache, no-store, max-age=0
Expires
Mon, 01 Jan 1990 0:00:00 GMT
Location
http://103.82.242.104/
/
aos789.xyz/ Frame 0DE8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://aos789.xyz/
Requested by
Host: 103.82.242.104
URL: http://103.82.242.104/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681b:8c79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
aos789.xyz
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
object
referer
http://103.82.242.104/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://103.82.242.104/

Response headers

status
200
date
Mon, 27 Apr 2020 01:08:33 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d1619dad996d096e33a4e4e51cef174011587949712; expires=Wed, 27-May-20 01:08:32 GMT; path=/; domain=.aos789.xyz; HttpOnly; SameSite=Lax; Secure
vary
Accept-Encoding
x-trace
2BA572C5A014BFD5DFE1FC84756FC791C563E810A7066CEAC977BB7DFA00
cache-control
max-age=86400, public
x-cacheable
1
age
505
x-cache
HIT
x-cache-hits
2
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
58a4a729383d16e6-FRA
content-encoding
br
cf-request-id
025ac6cdc5000016e6c23be200000001

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

5 Cookies

Domain/Path Name / Value
.aos789.xyz/ Name: _gat_gtag_UA_142081014_2
Value: 1
.aos789.xyz/ Name: _gat_gtag_UA_142151467_1
Value: 1
.aos789.xyz/ Name: _gid
Value: GA1.2.1883540238.1587949715
.livechatinc.com/licence/9086390 Name: __livechat
Value: lc_all_invitation%3D0%26lc_auto_invites_shown%3D%26lc_chat_number%3D0%26lc_client_version%3D%26lc_goals_achieved%3D%26lc_integration_params%3D%26lc_lang%3Did%26lc_last_chat_start_time%3D0%26lc_last_conference_id%3D%26lc_last_operator_id%3D%26lc_last_operator_key%3D%26lc_last_operator_key_per_skill%3D%26lc_last_operator_per_skill%3D%26lc_last_visit%3D1587949715%26lc_nick%3D%26lc_ok_invitation%3D0%26lc_page_view%3D0%26lc_session%3DS1587949715.5248d3c152%26lc_visit_number%3D0%26mcid%3D%26mcid_done%3D0
.aos789.xyz/ Name: _ga
Value: GA1.2.1540937478.1587949715

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aos789.xyz
dnsteen.net
103.82.242.104
2606:4700:3035::681b:8c79
34.202.122.77
ed94a91ec19f410cd5b587275f21ddf95a8ea0319fd1ab52c007ed238da13bc5