urlscan.io logo urlscan.io
SecurityTrails logo

downloads.steammm.com Open in urlscan Pro
39.101.198.63  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://downloads.steammm.com/
Effective URL: https://downloads.steammm.com/install.php
Submission: On March 01 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 39.101.198.63, located in Beijing, China and belongs to ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is downloads.steammm.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on March 1st 2023. Valid for: a year.
This is the only time downloads.steammm.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 39.101.198.63 37963 (ALIBABA-C...)
1 163.181.56.175 24429 (TAOBAO Zh...)
2 2
Apex Domain
Subdomains		 Transfer
2 steammm.com
downloads.steammm.com
4 KB
1 staticfile.org
cdn.staticfile.org — Cisco Umbrella Rank: 52245
30 KB
2 2
Domain Requested by
2 downloads.steammm.com 1 redirects
1 cdn.staticfile.org downloads.steammm.com
2 2

This site contains no links.

Subject Issuer Validity Valid
downloads.steammm.com
Encryption Everywhere DV TLS CA - G1		 2023-03-01 -
2024-02-29		 a year crt.sh
*.staticfile.org
GeoTrust RSA CN CA G2		 2022-09-05 -
2023-10-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://downloads.steammm.com/install.php
Frame ID: 17C3ECE3EB25526F62016C3BC1F909D3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

安装FastAdmin

Page URL History Show full URLs

  1. https://downloads.steammm.com/ HTTP 302
    https://downloads.steammm.com/install.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

34 kB
Transfer

93 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://downloads.steammm.com/ HTTP 302
    https://downloads.steammm.com/install.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request install.php
downloads.steammm.com/
Redirect Chain
  • https://downloads.steammm.com/
  • https://downloads.steammm.com/install.php
11 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://downloads.steammm.com/install.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
39.101.198.63 Beijing, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
f277fd4b8e1aeb4e060a2d0fa28e1f201de266a71947eeefc04edbc167864a42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 01 Mar 2023 09:03:24 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-type
text/html; charset=UTF-8
date
Wed, 01 Mar 2023 09:03:23 GMT
location
./install.php
server
nginx
strict-transport-security
max-age=31536000
jquery.min.js
cdn.staticfile.org/jquery/2.1.4/ 		82 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.staticfile.org/jquery/2.1.4/jquery.min.js
Requested by
Host: downloads.steammm.com
URL: https://downloads.steammm.com/install.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
163.181.56.175 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://downloads.steammm.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

X-Log
X-Log
Date
Wed, 01 Mar 2023 04:58:58 GMT
Via
cache1.l2de2[0,0,304-0,H], cache20.l2de2[1,0], ens-cache4.de4[0,0,200-0,H], ens-cache8.de4[1,0]
Content-Encoding
gzip
X-Svr
IO
X-Reqid
PdgAAADilPHRMkgX
Age
14666
X-Swift-CacheTime
86327
X-Cache
HIT TCP_MEM_HIT dirn:8:93629809
Content-Transfer-Encoding
binary
Content-Disposition
inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js
Connection
keep-alive
X-Swift-SaveTime
Wed, 01 Mar 2023 05:00:11 GMT
Content-Length
29764
X-M-Reqid
jlUAAO2enjJKya0W
X-M-Log
QNM:xs1183;QNM3:24/304
Last-Modified
Tue, 16 Feb 2016 04:22:56 GMT
Server
Tengine
Etag
"FoJY0EbxfdPBWl05hOGGi3tdHbMp.gz"
Access-Control-Max-Age
2592000
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Ali-Swift-Global-Savetime
1677646738
Access-Control-Expose-Headers
X-Log, X-Reqid
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
X-Qiniu-Zone
0
Timing-Allow-Origin
*
X-Qnm-Cache
Hit
EagleId
2ff62b2016776614042654914e

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.staticfile.org
downloads.steammm.com
163.181.56.175
39.101.198.63
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
f277fd4b8e1aeb4e060a2d0fa28e1f201de266a71947eeefc04edbc167864a42