urlscan.io logo urlscan.io
SecurityTrails logo

104.168.170.196 Open in urlscan Pro
104.168.170.196  Public Scan

Go To Rescan Add Verdict Report
URL: http://104.168.170.196/
Submission: On January 21 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 9 HTTP transactions. The main IP is 104.168.170.196, located in Seattle, United States and belongs to HOSTWINDS, US. The main domain is 104.168.170.196.
This is the only time 104.168.170.196 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.168.170.196 54290 (HOSTWINDS)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 174.138.186.50 19318 (IS-AS-1)
2 159.65.242.95 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
9 7
1    104.168.170.196 (Seattle, United States)

ASN54290 (HOSTWINDS, US)
PTR: hwvps158567.hostwindsdns.com
104.168.170.196
1    2606:4700:10::6814:448f (United States)

ASN13335 (CLOUDFLARENET, US)
pastebin.com
1    174.138.186.50 (The Bronx, United States)

ASN19318 (IS-AS-1, US)
PTR: plesk3300.is.cc
bootstrapplugins.com
2    159.65.242.95 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
159.65.242.95
1    2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
2.bp.blogspot.com
1    2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
Domain Requested by
1 www.youtube.com 104.168.170.196
1 2.bp.blogspot.com 104.168.170.196
1 bootstrapplugins.com 104.168.170.196
1 pastebin.com 104.168.170.196
0 cookie.iimgur.us Failed 104.168.170.196
0 sync.security.pp.regruhosting.ru Failed 104.168.170.196
9 6

This site contains links to these domains. Also see Links.

Domain
ghostsecurityteam.com
Subject Issuer Validity Valid
bootstrapplugins.com
Let's Encrypt Authority X3		 2019-11-17 -
2020-02-15		 3 months crt.sh
*.google.com
GTS CA 1O1		 2019-12-20 -
2020-03-13		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://104.168.170.196/
Frame ID: 143D9D4DB7D4B9F695C6CBBE75A7B137
Requests: 8 HTTP requests in this frame

Frame: https://www.youtube.com/watch?v=vca35gXgvZE&list=RDvca35gXgvZE
Frame ID: B850EF2534A5CF93E6EFC58D96E82D7E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /react.*\.js/i

Page Statistics

9
Requests

22 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

2
Countries

69 kB
Transfer

68 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://cookie.iimgur.us/insert.php?cookie= HTTP 302
  • https://cookie.iimgur.us/badb.jpg

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
104.168.170.196/ 		10 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://104.168.170.196/
Protocol
HTTP/1.1
Server
104.168.170.196 Seattle, United States, ASN54290 (HOSTWINDS, US),
Reverse DNS
hwvps158567.hostwindsdns.com
Software
Apache/2.2.15 (CentOS) / PHP/5.6.40
Resource Hash
c7e082d10bbff43b46421c3db1450ec2eaa9c4b8cb83f80b352f9540aed1f3bb

Request headers

Host
104.168.170.196
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Tue, 21 Jan 2020 22:24:36 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.6.40
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Qf8Vvua3
pastebin.com/raw/ 		159 B
647 B 		Script
General
Check archive.org
Download Go to
Full URL
http://pastebin.com/raw/Qf8Vvua3
Requested by
Host: 104.168.170.196
URL: http://104.168.170.196/
Protocol
HTTP/1.1
Server
2606:4700:10::6814:448f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72324c3ffb72b96726e36bc7e1fe48007bacda83b56afada99047f8993862104
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://104.168.170.196/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Tue, 21 Jan 2020 22:24:36 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
Server
cloudflare
Vary
Accept-Encoding
Content-Type
text/plain; charset=utf-8
Cache-Control
max-age=1801
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
558cb305788c97cc-FRA
X-XSS-Protection
1; mode=block
style.asp
bootstrapplugins.com/jquery/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://bootstrapplugins.com/jquery/style.asp
Requested by
Host: 104.168.170.196
URL: http://104.168.170.196/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
174.138.186.50 The Bronx, United States, ASN19318 (IS-AS-1, US),
Reverse DNS
plesk3300.is.cc
Software
/
Resource Hash

Request headers

Referer
http://104.168.170.196/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers
hook.js
159.65.242.95/whoof-react/public/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://159.65.242.95/whoof-react/public/hook.js
Requested by
Host: 104.168.170.196
URL: http://104.168.170.196/
Protocol
HTTP/1.1
Server
159.65.242.95 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://104.168.170.196/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers
hacked.png
2.bp.blogspot.com/-43d0Q9p_jNE/UBzkEQrphRI/AAAAAAAAAtQ/QZCXuz29SmE/s1600/ 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://2.bp.blogspot.com/-43d0Q9p_jNE/UBzkEQrphRI/AAAAAAAAAtQ/QZCXuz29SmE/s1600/hacked.png
Requested by
Host: 104.168.170.196
URL: http://104.168.170.196/
Protocol
HTTP/1.1
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
250b8d2dffd183fc1bda974754b12023e051fcd95379d11bc83ff25e627d0752
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://104.168.170.196/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Tue, 21 Jan 2020 22:24:37 GMT
X-Content-Type-Options
nosniff
Server
fife
ETag
"v2d4"
Vary
Origin
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length
Cache-Control
public, max-age=86400, no-transform
Content-Disposition
inline;filename="hacked.png"
Timing-Allow-Origin
*
Content-Length
59239
X-XSS-Protection
0
Expires
Wed, 22 Jan 2020 22:24:37 GMT
topick
sync.security.pp.regruhosting.ru/ 		0
0
badb.jpg
cookie.iimgur.us/
Redirect Chain
  • https://cookie.iimgur.us/insert.php?cookie=
  • https://cookie.iimgur.us/badb.jpg
0
0
hook.js
159.65.242.95/whoof-react/public/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://159.65.242.95/whoof-react/public/hook.js
Requested by
Host: 104.168.170.196
URL: http://104.168.170.196/
Protocol
HTTP/1.1
Server
159.65.242.95 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://104.168.170.196/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers
watch
www.youtube.com/ Frame B850 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/watch?v=vca35gXgvZE&list=RDvca35gXgvZE
Requested by
Host: 104.168.170.196
URL: http://104.168.170.196/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/watch?v=vca35gXgvZE&list=RDvca35gXgvZE
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
http://104.168.170.196/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
http://104.168.170.196/

Response headers

status
200
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
expires
Tue, 27 Apr 1971 19:44:06 GMT
cache-control
no-cache
date
Tue, 21 Jan 2020 22:24:37 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
set-cookie
VISITOR_INFO1_LIVE=uCo17MCcFu0; path=/; domain=.youtube.com; secure; expires=Sun, 19-Jul-2020 22:24:37 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Tue, 21-Jan-2020 22:54:37 GMT YSC=tndmWaoH-eQ; path=/; domain=.youtube.com; httponly CONSENT=WP.282c26; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync.security.pp.regruhosting.ru
URL
http://sync.security.pp.regruhosting.ru/topick?uid_zxcv=bc5dd4a254e5c8f855104de7037bca02
Domain
cookie.iimgur.us
URL
https://cookie.iimgur.us/badb.jpg

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| xhr object| NREUM object| newrelic function| __nr_require function| TypingText

0 Cookies