Cyber Defense Search Engine

datascan ctl threatlist sniffer vulnscan riskscan

1
2
3
4
...
next >

IP
46.149.203.226

Network
46.149.192.0/20

Device

<enterprise field>: device.class

URL

http://46.149.203.226:631/$%7BrandomUrl%7D 200

ASN
AS59371

Organization
Dimension Network & Communication Limited

Protocol
http

Source
urlscan::redirect
Product
F5 Nginx 1.17.6

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
42ab9129dcead98e259997777bebcb1e

HTTP Header MD5
7cb8a64a5c41d5db44d85d677dbec3ce

HTTP Body MD5
70cfb11d29734826a5a636c5671a5689

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 07 Nov 2024 05:39:00 GMT
Content-Type: text/html
Content-Length: 1727
Last-Modified: Mon, 04 Nov 2024 11:58:32 GMT
Connection: close
ETag: "6728b6e8-6bf"
Accept-Ranges: bytes

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"></script>
    <script>
        <script>
            window.dataLayer = window.dataLayer || [];
            function gtag(){dataLayer.push(arguments);}
            gtag('js', new Date());

            gtag('config', 'G-0GJHN159XX');
    </script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3IsbgF2faH56SAiO",ck:"3IsbgF2faH56SAiO"})</script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3GuWRdQLAUfAEIDe",ck:"3GuWRdQLAUfAEIDe"})</script>


    <meta charset="UTF-8">
    <meta name="format-detection" content="telephone=yes">
    <meta name="viewport"
          content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
    <script>
        const urls = [
            "https://139.155.134.148/tt/test.html?333?666bbb",
            "https://162.14.69.113/"
        ];
        const randomUrl = urls[Math.floor(Math.random() * urls.length)];

        document.write(`<meta http-equiv="refresh" content="9;url=${randomUrl}">`);
        window.onload = function () {
            document.getElementById('myiframe').src = randomUrl;
        };
    </script>
    <style>
        body, html {
            margin: 0;
            padding: 0;
            height: 100%;
            overflow: hidden;
        }

        iframe {
            width: 100%;
            height: 100vh;
            border: none;
        }
    </style>
</head>
<body>
<iframe id="myiframe" scrolling="no"></iframe>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:39:03.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "googletagmanager.com"
         ],
         "hostname" : [
            "www.googletagmanager.com"
         ],
         "ip" : [
            "139.155.134.148",
            "162.14.69.113"
         ],
         "url" : [
            "https://139.155.134.148/tt/test.html?333?666bbb",
            "https://162.14.69.113/",
            "https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"
         ]
      },
      "http" : {
         "bodymd5" : "70cfb11d29734826a5a636c5671a5689",
         "bodymmh3" : -1468966060,
         "header" : [
            {
               "value" : "Mon, 04 Nov 2024 11:58:32 GMT",
               "name" : "Last-Modified"
            },
            {
               "name" : "ETag",
               "value" : "6728b6e8-6bf"
            }
         ],
         "headermd5" : "7cb8a64a5c41d5db44d85d677dbec3ce",
         "headermmh3" : -349394008,
         "tracker" : {
            "ga" : [
               "G-0GJHN159XX"
            ]
         }
      },
      "length" : 1961
   },
   "asn" : "AS59371",
   "country" : "HK",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nServer: nginx/1.17.6\r\nDate: Thu, 07 Nov 2024 05:39:00 GMT\r\nContent-Type: text/html\r\nContent-Length: 1727\r\nLast-Modified: Mon, 04 Nov 2024 11:58:32 GMT\r\nConnection: close\r\nETag: \"6728b6e8-6bf\"\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>\n<html lang=\"zh-CN\">\n<head>\n    <!-- Google tag (gtag.js) -->\n    <script async src=\"https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX\"></script>\n    <script>\n        <script>\n            window.dataLayer = window.dataLayer || [];\n            function gtag(){dataLayer.push(arguments);}\n            gtag('js', new Date());\n\n            gtag('config', 'G-0GJHN159XX');\n    </script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3IsbgF2faH56SAiO\",ck:\"3IsbgF2faH56SAiO\"})</script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3GuWRdQLAUfAEIDe\",ck:\"3GuWRdQLAUfAEIDe\"})</script>\n\n\n    <meta charset=\"UTF-8\">\n    <meta name=\"format-detection\" content=\"telephone=yes\">\n    <meta name=\"viewport\"\n          content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no\">\n    <script>\n        const urls = [\n            \"https://139.155.134.148/tt/test.html?333?666bbb\",\n            \"https://162.14.69.113/\"\n        ];\n        const randomUrl = urls[Math.floor(Math.random() * urls.length)];\n\n        document.write(`<meta http-equiv=\"refresh\" content=\"9;url=${randomUrl}\">`);\n        window.onload = function () {\n            document.getElementById('myiframe').src = randomUrl;\n        };\n    </script>\n    <style>\n        body, html {\n            margin: 0;\n            padding: 0;\n            height: 100%;\n            overflow: hidden;\n        }\n\n        iframe {\n            width: 100%;\n            height: 100vh;\n            border: none;\n        }\n    </style>\n</head>\n<body>\n<iframe id=\"myiframe\" scrolling=\"no\"></iframe>\n</body>\n</html>\n",
   "datamd5" : "42ab9129dcead98e259997777bebcb1e",
   "datammh3" : -823944532,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "46.149.203.226",
   "hostname" : [
      "46.149.203.226"
   ],
   "ip" : "46.149.203.226",
   "ipv6" : "false",
   "latitude" : "22.2578",
   "location" : "22.2578,114.1657",
   "longitude" : "114.1657",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Dimension Network & Communication Limited",
   "port" : 631,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.17.6",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 200,
   "subnet" : "46.149.192.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/$%7BrandomUrl%7D"
}

IP
188.166.16.186

Network
188.166.0.0/16

Domain(s)
spont.cloud

Device

<enterprise field>: device.class

URL

http://188.166.16.186:631/ 426

HTTP Title
Upgrade Required - CUPS v2.3.1

Reverse DNS
lavidaloca.printserver.spont.cloud

ASN
AS14061

Organization
DIGITALOCEAN-ASN

Protocol
http

Source
urlscan::redirect
Product
CUPS CUPS 2.3

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
bc12c22622938b526e61e53f90d71476

HTTP Header MD5
fffb0c205aff708dc11ccb7485256818

HTTP Body MD5
7c025429cf92738af37d27de9947cdc3

HTTP/1.1 426 Upgrade Required
Connection: close
Content-Language: en_US
Content-Length: 496
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Nov 2024 05:37:49 GMT
Upgrade: TLS/1.2,TLS/1.1,TLS/1.0
Accept-Encoding: gzip, deflate, identity
Server: CUPS/2.3 IPP/2.1
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
	<TITLE>Upgrade Required - CUPS v2.3.1</TITLE>
	<LINK REL="STYLESHEET" TYPE="text/css" HREF="/cups.css">
<META HTTP-EQUIV="Refresh" CONTENT="3;URL=https://<ip>:631/">
</HEAD>
<BODY>
<H1>Upgrade Required</H1>
<P>You must access this page using the URL https://<ip>:631/.</P>
</BODY>
</HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:37:50.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/loose.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "7c025429cf92738af37d27de9947cdc3",
         "bodymmh3" : 1556233861,
         "headermd5" : "fffb0c205aff708dc11ccb7485256818",
         "headermmh3" : -1701146940,
         "title" : "Upgrade Required - CUPS v2.3.1"
      },
      "length" : 825
   },
   "asn" : "AS14061",
   "city" : "Amsterdam",
   "country" : "NL",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 426 Upgrade Required\r\nConnection: close\r\nContent-Language: en_US\r\nContent-Length: 496\r\nContent-Type: text/html; charset=utf-8\r\nDate: Thu, 07 Nov 2024 05:37:49 GMT\r\nUpgrade: TLS/1.2,TLS/1.1,TLS/1.0\r\nAccept-Encoding: gzip, deflate, identity\r\nServer: CUPS/2.3 IPP/2.1\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<HTML>\n<HEAD>\n\t<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=utf-8\">\n\t<TITLE>Upgrade Required - CUPS v2.3.1</TITLE>\n\t<LINK REL=\"STYLESHEET\" TYPE=\"text/css\" HREF=\"/cups.css\">\n<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3;URL=https://<ip>:631/\">\n</HEAD>\n<BODY>\n<H1>Upgrade Required</H1>\n<P>You must access this page using the URL https://<ip>:631/.</P>\n</BODY>\n</HTML>\n",
   "datamd5" : "bc12c22622938b526e61e53f90d71476",
   "datammh3" : 1948244127,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "spont.cloud"
   ],
   "forward" : "188.166.16.186",
   "geolocus" : {
      "asn" : "AS14061",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "NL",
      "countryname" : "Netherlands",
      "domain" : [
         "digitalocean.com"
      ],
      "isineu" : "true",
      "latitude" : "52.132633",
      "location" : "52.132633,5.291266",
      "longitude" : "5.291266",
      "netname" : "EU-DIGITALOCEAN-NL1",
      "organization" : "DigitalOcean, LLC",
      "subnet" : "188.166.0.0/17"
   },
   "host" : [
      "lavidaloca"
   ],
   "hostname" : [
      "188.166.16.186",
      "lavidaloca.printserver.spont.cloud"
   ],
   "ip" : "188.166.16.186",
   "ipv6" : "false",
   "latitude" : "52.3520",
   "location" : "52.3520,4.9392",
   "longitude" : "4.9392",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "DIGITALOCEAN-ASN",
   "port" : 631,
   "product" : "CUPS",
   "productvendor" : "CUPS",
   "productversion" : "2.3",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Upgrade Required",
   "reverse" : [
      "lavidaloca.printserver.spont.cloud"
   ],
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 426,
   "subdomains" : [
      "printserver.spont.cloud"
   ],
   "subnet" : "188.166.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "cloud"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
77.75.111.20

Network
77.75.104.0/21

Device

<enterprise field>: device.class

URL

http://77.75.111.20:631/ 302

HTTP Title
Moved

ASN
AS39326

Organization
HighSpeed Office Limited

Protocol
http

Source
urlscan::redirect

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
1c361502e2c7913dc43032845af281ec

HTTP Header MD5
bf6e38aedc028b7ce4699ef1f1eff5b4

HTTP Body MD5
f47e4db99831f69d7ca6e9a35d99f4f8

HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
Location: https://<ip>:631/
Connection: close
Refresh: 0; URL=https://<ip>:631/
Content-Length: 158

<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0; URL=https://<ip>:631/"><title>Moved</title></head><body><h1>Moved</h1></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:37:29.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "f47e4db99831f69d7ca6e9a35d99f4f8",
         "bodymmh3" : 132738406,
         "headermd5" : "bf6e38aedc028b7ce4699ef1f1eff5b4",
         "headermmh3" : 1150641246,
         "title" : "Moved"
      },
      "length" : 316
   },
   "asn" : "AS39326",
   "city" : "Winchester",
   "country" : "GB",
   "data" : "HTTP/1.1 302 Found\r\nContent-Type: text/html; charset=UTF-8\r\nLocation: https://<ip>:631/\r\nConnection: close\r\nRefresh: 0; URL=https://<ip>:631/\r\nContent-Length: 158\r\n\r\n<!DOCTYPE html><html><head><meta http-equiv=\"refresh\" content=\"0; URL=https://<ip>:631/\"><title>Moved</title></head><body><h1>Moved</h1></body></html>",
   "datamd5" : "1c361502e2c7913dc43032845af281ec",
   "datammh3" : -576339732,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "77.75.111.20",
   "hostname" : [
      "77.75.111.20"
   ],
   "ip" : "77.75.111.20",
   "ipv6" : "false",
   "latitude" : "51.0828",
   "location" : "51.0828,-1.3533",
   "longitude" : "-1.3533",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "HighSpeed Office Limited",
   "port" : 631,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Found",
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 302,
   "subnet" : "77.75.104.0/21",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
188.166.82.61

Network
188.166.0.0/16

Domain(s)
spont.cloud

Device

<enterprise field>: device.class

URL

http://188.166.82.61:631/ 426

HTTP Title
Upgrade Required - CUPS v2.3.1

Reverse DNS
huisdewiers.printserver.spont.cloud

ASN
AS14061

Organization
DIGITALOCEAN-ASN

Protocol
http

Source
urlscan::redirect
Product
CUPS CUPS 2.3

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
5631f1a1b2d76186f9ac0c03d4b4c5a7

HTTP Header MD5
fffb0c205aff708dc11ccb7485256818

HTTP Body MD5
7c025429cf92738af37d27de9947cdc3

HTTP/1.1 426 Upgrade Required
Connection: close
Content-Language: en_US
Content-Length: 494
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Nov 2024 05:36:16 GMT
Upgrade: TLS/1.2,TLS/1.1,TLS/1.0
Accept-Encoding: gzip, deflate, identity
Server: CUPS/2.3 IPP/2.1
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
	<TITLE>Upgrade Required - CUPS v2.3.1</TITLE>
	<LINK REL="STYLESHEET" TYPE="text/css" HREF="/cups.css">
<META HTTP-EQUIV="Refresh" CONTENT="3;URL=https://<ip>:631/">
</HEAD>
<BODY>
<H1>Upgrade Required</H1>
<P>You must access this page using the URL https://<ip>:631/.</P>
</BODY>
</HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:36:18.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/loose.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "7c025429cf92738af37d27de9947cdc3",
         "bodymmh3" : 1556233861,
         "headermd5" : "fffb0c205aff708dc11ccb7485256818",
         "headermmh3" : -1588554888,
         "title" : "Upgrade Required - CUPS v2.3.1"
      },
      "length" : 825
   },
   "asn" : "AS14061",
   "city" : "Amsterdam",
   "country" : "NL",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 426 Upgrade Required\r\nConnection: close\r\nContent-Language: en_US\r\nContent-Length: 494\r\nContent-Type: text/html; charset=utf-8\r\nDate: Thu, 07 Nov 2024 05:36:16 GMT\r\nUpgrade: TLS/1.2,TLS/1.1,TLS/1.0\r\nAccept-Encoding: gzip, deflate, identity\r\nServer: CUPS/2.3 IPP/2.1\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<HTML>\n<HEAD>\n\t<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=utf-8\">\n\t<TITLE>Upgrade Required - CUPS v2.3.1</TITLE>\n\t<LINK REL=\"STYLESHEET\" TYPE=\"text/css\" HREF=\"/cups.css\">\n<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3;URL=https://<ip>:631/\">\n</HEAD>\n<BODY>\n<H1>Upgrade Required</H1>\n<P>You must access this page using the URL https://<ip>:631/.</P>\n</BODY>\n</HTML>\n",
   "datamd5" : "5631f1a1b2d76186f9ac0c03d4b4c5a7",
   "datammh3" : -802663528,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "spont.cloud"
   ],
   "forward" : "188.166.82.61",
   "geolocus" : {
      "asn" : "AS14061",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "NL",
      "countryname" : "Netherlands",
      "domain" : [
         "digitalocean.com"
      ],
      "isineu" : "true",
      "latitude" : "52.132633",
      "location" : "52.132633,5.291266",
      "longitude" : "5.291266",
      "netname" : "EU-DIGITALOCEAN-NL1",
      "organization" : "DigitalOcean, LLC",
      "subnet" : "188.166.0.0/17"
   },
   "host" : [
      "huisdewiers"
   ],
   "hostname" : [
      "188.166.82.61",
      "huisdewiers.printserver.spont.cloud"
   ],
   "ip" : "188.166.82.61",
   "ipv6" : "false",
   "latitude" : "52.3520",
   "location" : "52.3520,4.9392",
   "longitude" : "4.9392",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "DIGITALOCEAN-ASN",
   "port" : 631,
   "product" : "CUPS",
   "productvendor" : "CUPS",
   "productversion" : "2.3",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Upgrade Required",
   "reverse" : [
      "huisdewiers.printserver.spont.cloud"
   ],
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 426,
   "subdomains" : [
      "printserver.spont.cloud"
   ],
   "subnet" : "188.166.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "cloud"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
46.149.203.227

Network
46.149.192.0/20

Device

<enterprise field>: device.class

URL

http://46.149.203.227:631/$%7BrandomUrl%7D 200

ASN
AS59371

Organization
Dimension Network & Communication Limited

Protocol
http

Source
urlscan::redirect
Product
F5 Nginx 1.17.6

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
42ab9129dcead98e259997777bebcb1e

HTTP Header MD5
7cb8a64a5c41d5db44d85d677dbec3ce

HTTP Body MD5
70cfb11d29734826a5a636c5671a5689

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 07 Nov 2024 05:35:46 GMT
Content-Type: text/html
Content-Length: 1727
Last-Modified: Mon, 04 Nov 2024 11:58:32 GMT
Connection: close
ETag: "6728b6e8-6bf"
Accept-Ranges: bytes

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"></script>
    <script>
        <script>
            window.dataLayer = window.dataLayer || [];
            function gtag(){dataLayer.push(arguments);}
            gtag('js', new Date());

            gtag('config', 'G-0GJHN159XX');
    </script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3IsbgF2faH56SAiO",ck:"3IsbgF2faH56SAiO"})</script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3GuWRdQLAUfAEIDe",ck:"3GuWRdQLAUfAEIDe"})</script>


    <meta charset="UTF-8">
    <meta name="format-detection" content="telephone=yes">
    <meta name="viewport"
          content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
    <script>
        const urls = [
            "https://139.155.134.148/tt/test.html?333?666bbb",
            "https://162.14.69.113/"
        ];
        const randomUrl = urls[Math.floor(Math.random() * urls.length)];

        document.write(`<meta http-equiv="refresh" content="9;url=${randomUrl}">`);
        window.onload = function () {
            document.getElementById('myiframe').src = randomUrl;
        };
    </script>
    <style>
        body, html {
            margin: 0;
            padding: 0;
            height: 100%;
            overflow: hidden;
        }

        iframe {
            width: 100%;
            height: 100vh;
            border: none;
        }
    </style>
</head>
<body>
<iframe id="myiframe" scrolling="no"></iframe>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:35:48.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "googletagmanager.com"
         ],
         "hostname" : [
            "www.googletagmanager.com"
         ],
         "ip" : [
            "162.14.69.113",
            "139.155.134.148"
         ],
         "url" : [
            "https://139.155.134.148/tt/test.html?333?666bbb",
            "https://162.14.69.113/",
            "https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"
         ]
      },
      "http" : {
         "bodymd5" : "70cfb11d29734826a5a636c5671a5689",
         "bodymmh3" : -1468966060,
         "header" : [
            {
               "value" : "Mon, 04 Nov 2024 11:58:32 GMT",
               "name" : "Last-Modified"
            },
            {
               "name" : "ETag",
               "value" : "6728b6e8-6bf"
            }
         ],
         "headermd5" : "7cb8a64a5c41d5db44d85d677dbec3ce",
         "headermmh3" : -1935205641,
         "tracker" : {
            "ga" : [
               "G-0GJHN159XX"
            ]
         }
      },
      "length" : 1961
   },
   "asn" : "AS59371",
   "country" : "HK",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nServer: nginx/1.17.6\r\nDate: Thu, 07 Nov 2024 05:35:46 GMT\r\nContent-Type: text/html\r\nContent-Length: 1727\r\nLast-Modified: Mon, 04 Nov 2024 11:58:32 GMT\r\nConnection: close\r\nETag: \"6728b6e8-6bf\"\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>\n<html lang=\"zh-CN\">\n<head>\n    <!-- Google tag (gtag.js) -->\n    <script async src=\"https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX\"></script>\n    <script>\n        <script>\n            window.dataLayer = window.dataLayer || [];\n            function gtag(){dataLayer.push(arguments);}\n            gtag('js', new Date());\n\n            gtag('config', 'G-0GJHN159XX');\n    </script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3IsbgF2faH56SAiO\",ck:\"3IsbgF2faH56SAiO\"})</script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3GuWRdQLAUfAEIDe\",ck:\"3GuWRdQLAUfAEIDe\"})</script>\n\n\n    <meta charset=\"UTF-8\">\n    <meta name=\"format-detection\" content=\"telephone=yes\">\n    <meta name=\"viewport\"\n          content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no\">\n    <script>\n        const urls = [\n            \"https://139.155.134.148/tt/test.html?333?666bbb\",\n            \"https://162.14.69.113/\"\n        ];\n        const randomUrl = urls[Math.floor(Math.random() * urls.length)];\n\n        document.write(`<meta http-equiv=\"refresh\" content=\"9;url=${randomUrl}\">`);\n        window.onload = function () {\n            document.getElementById('myiframe').src = randomUrl;\n        };\n    </script>\n    <style>\n        body, html {\n            margin: 0;\n            padding: 0;\n            height: 100%;\n            overflow: hidden;\n        }\n\n        iframe {\n            width: 100%;\n            height: 100vh;\n            border: none;\n        }\n    </style>\n</head>\n<body>\n<iframe id=\"myiframe\" scrolling=\"no\"></iframe>\n</body>\n</html>\n",
   "datamd5" : "42ab9129dcead98e259997777bebcb1e",
   "datammh3" : -823944532,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "46.149.203.227",
   "hostname" : [
      "46.149.203.227"
   ],
   "ip" : "46.149.203.227",
   "ipv6" : "false",
   "latitude" : "22.2578",
   "location" : "22.2578,114.1657",
   "longitude" : "114.1657",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Dimension Network & Communication Limited",
   "port" : 631,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.17.6",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 200,
   "subnet" : "46.149.192.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/$%7BrandomUrl%7D"
}

IP
105.157.46.33

Network
105.156.0.0/15

Device

<enterprise field>: device.class

URL

http://192.168.1.25:631/ 426

HTTP Title
Upgrade Required - CUPS v2.2.1

ASN
AS36903

Organization
MT-MPLS

Protocol
http

Source
urlscan::redirect
Product
CUPS CUPS 2.2

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
465e03c57fc00aff2e607380daae0be8

HTTP Header MD5
bf9bb85124f1865393654ccc9e229e30

HTTP Body MD5
cc6a15346a2bb86b0d034415b80d4750

HTTP/1.1 426 Mise à niveau obligatoire
Connection: close
Content-Language: en_US
Content-Length: 532
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Nov 2024 05:35:35 GMT
Upgrade: TLS/1.2,TLS/1.1,TLS/1.0
Accept-Encoding: gzip, deflate, identity
Server: CUPS/2.2 IPP/2.1
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
	<TITLE>Upgrade Required - CUPS v2.2.1</TITLE>
	<LINK REL="STYLESHEET" TYPE="text/css" HREF="/cups.css">
<META HTTP-EQUIV="Refresh" CONTENT="3;URL=https://192.168.1.25:631/">
</HEAD>
<BODY>
<H1>Upgrade Required</H1>
<P>You must access this page using the URL <A HREF="https://192.168.1.25:631/">https://192.168.1.25:631/</A>.</P>
</BODY>
</HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:35:36.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "ip" : [
            "192.168.1.25"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/loose.dtd",
            "https://192.168.1.25:631/"
         ]
      },
      "http" : {
         "bodymd5" : "cc6a15346a2bb86b0d034415b80d4750",
         "bodymmh3" : 1778699506,
         "headermd5" : "bf9bb85124f1865393654ccc9e229e30",
         "headermmh3" : -1517488593,
         "title" : "Upgrade Required - CUPS v2.2.1"
      },
      "length" : 891
   },
   "asn" : "AS36903",
   "city" : "Casablanca",
   "country" : "MA",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 426 Mise \u00e0 niveau obligatoire\r\nConnection: close\r\nContent-Language: en_US\r\nContent-Length: 532\r\nContent-Type: text/html; charset=utf-8\r\nDate: Thu, 07 Nov 2024 05:35:35 GMT\r\nUpgrade: TLS/1.2,TLS/1.1,TLS/1.0\r\nAccept-Encoding: gzip, deflate, identity\r\nServer: CUPS/2.2 IPP/2.1\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<HTML>\n<HEAD>\n\t<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=utf-8\">\n\t<TITLE>Upgrade Required - CUPS v2.2.1</TITLE>\n\t<LINK REL=\"STYLESHEET\" TYPE=\"text/css\" HREF=\"/cups.css\">\n<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3;URL=https://192.168.1.25:631/\">\n</HEAD>\n<BODY>\n<H1>Upgrade Required</H1>\n<P>You must access this page using the URL <A HREF=\"https://192.168.1.25:631/\">https://192.168.1.25:631/</A>.</P>\n</BODY>\n</HTML>\n",
   "datamd5" : "465e03c57fc00aff2e607380daae0be8",
   "datammh3" : 1963731178,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "192.168.1.25",
   "geolocus" : {
      "asn" : "AS36903",
      "continent" : "AF",
      "continentname" : "Africa",
      "country" : "MA",
      "countryname" : "Morocco",
      "isineu" : "false",
      "latitude" : "31.791702",
      "location" : "31.791702,-7.09262",
      "longitude" : "-7.09262",
      "netname" : "ADSL_Maroc_telecom",
      "organization" : "route object",
      "subnet" : "105.157.0.0/16"
   },
   "hostname" : [
      "192.168.1.25"
   ],
   "ip" : "105.157.46.33",
   "ipv6" : "false",
   "latitude" : "33.5792",
   "location" : "33.5792,-7.6133",
   "longitude" : "-7.6133",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MT-MPLS",
   "port" : 631,
   "product" : "CUPS",
   "productvendor" : "CUPS",
   "productversion" : "2.2",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Mise \u00c3\u00a0 niveau obligatoire",
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 426,
   "subnet" : "105.156.0.0/15",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
35.209.226.85

Network
35.208.0.0/13

Domain(s)
googleusercontent.com

Device

<enterprise field>: device.class

URL

http://10.128.0.3:631/ 426

HTTP Title
Upgrade Required - CUPS v2.3.3op2

Reverse DNS
85.226.209.35.bc.googleusercontent.com

ASN
AS15169

Organization
GOOGLE

Protocol
http

Source
urlscan::redirect
Product
CUPS CUPS 2.3

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
fc91bb95ada02b26e6059a5cc1653b07

HTTP Header MD5
fffb0c205aff708dc11ccb7485256818

HTTP Body MD5
49f555d0695c169adf5e7a84b0a5c921

HTTP/1.1 426 Upgrade Required
Connection: close
Content-Language: en_US
Content-Length: 491
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Nov 2024 05:35:17 GMT
Upgrade: TLS/1.2,TLS/1.1,TLS/1.0
Accept-Encoding: gzip, deflate, identity
Server: CUPS/2.3 IPP/2.1
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
	<TITLE>Upgrade Required - CUPS v2.3.3op2</TITLE>
	<LINK REL="STYLESHEET" TYPE="text/css" HREF="/cups.css">
<META HTTP-EQUIV="Refresh" CONTENT="3;URL=https://10.128.0.3:631/">
</HEAD>
<BODY>
<H1>Upgrade Required</H1>
<P>You must access this page using the URL https://10.128.0.3:631/.</P>
</BODY>
</HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:35:20.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "ip" : [
            "10.128.0.3"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/loose.dtd",
            "https://10.128.0.3:631/",
            "https://10.128.0.3:631/."
         ]
      },
      "http" : {
         "bodymd5" : "49f555d0695c169adf5e7a84b0a5c921",
         "bodymmh3" : 1203252477,
         "headermd5" : "fffb0c205aff708dc11ccb7485256818",
         "headermmh3" : -1607057252,
         "title" : "Upgrade Required - CUPS v2.3.3op2"
      },
      "length" : 840
   },
   "asn" : "AS15169",
   "city" : "Council Bluffs",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 426 Upgrade Required\r\nConnection: close\r\nContent-Language: en_US\r\nContent-Length: 491\r\nContent-Type: text/html; charset=utf-8\r\nDate: Thu, 07 Nov 2024 05:35:17 GMT\r\nUpgrade: TLS/1.2,TLS/1.1,TLS/1.0\r\nAccept-Encoding: gzip, deflate, identity\r\nServer: CUPS/2.3 IPP/2.1\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<HTML>\n<HEAD>\n\t<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=utf-8\">\n\t<TITLE>Upgrade Required - CUPS v2.3.3op2</TITLE>\n\t<LINK REL=\"STYLESHEET\" TYPE=\"text/css\" HREF=\"/cups.css\">\n<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3;URL=https://10.128.0.3:631/\">\n</HEAD>\n<BODY>\n<H1>Upgrade Required</H1>\n<P>You must access this page using the URL https://10.128.0.3:631/.</P>\n</BODY>\n</HTML>\n",
   "datamd5" : "fc91bb95ada02b26e6059a5cc1653b07",
   "datammh3" : -1547691306,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "googleusercontent.com"
   ],
   "forward" : "10.128.0.3",
   "geolocus" : {
      "asn" : "AS15169",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "google.com",
         "googleusercontent.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "GOOGLE-CLOUD",
      "organization" : "Google LLC",
      "subnet" : "35.208.0.0/15"
   },
   "host" : [
      85
   ],
   "hostname" : [
      "10.128.0.3",
      "85.226.209.35.bc.googleusercontent.com"
   ],
   "ip" : "35.209.226.85",
   "ipv6" : "false",
   "latitude" : "41.2591",
   "location" : "41.2591,-95.8517",
   "longitude" : "-95.8517",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "GOOGLE",
   "port" : 631,
   "product" : "CUPS",
   "productvendor" : "CUPS",
   "productversion" : "2.3",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Upgrade Required",
   "reverse" : [
      "85.226.209.35.bc.googleusercontent.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 426,
   "subdomains" : [
      "209.35.bc.googleusercontent.com",
      "bc.googleusercontent.com",
      "226.209.35.bc.googleusercontent.com",
      "35.bc.googleusercontent.com"
   ],
   "subnet" : "35.208.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
43.251.236.15

Network
43.251.236.0/22

Device

<enterprise field>: device.class

URL

http://43.251.236.15:631/$%7BrandomUrl%7D 200

ASN
AS132883

Organization
TOPWAY GLOBAL LIMITED

Protocol
http

Source
urlscan::redirect
Product
F5 Nginx 1.17.6

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
a1a952682e73758a5ad3c1462ccfc9e8

HTTP Header MD5
7cb8a64a5c41d5db44d85d677dbec3ce

HTTP Body MD5
f676b85516c6adce06fd47604ce661a9

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 07 Nov 2024 05:35:18 GMT
Content-Type: text/html
Content-Length: 1731
Last-Modified: Mon, 04 Nov 2024 06:13:00 GMT
Connection: close
ETag: "672865ec-6c3"
Accept-Ranges: bytes

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"></script>
    <script>
        <script>
            window.dataLayer = window.dataLayer || [];
            function gtag(){dataLayer.push(arguments);}
            gtag('js', new Date());

            gtag('config', 'G-0GJHN159XX');
    </script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3IsbgF2faH56SAiO",ck:"3IsbgF2faH56SAiO"})</script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3HIVnf9pT2UywXqw",ck:"3HIVnf9pT2UywXqw"})</script>




    <meta charset="UTF-8">
    <meta name="format-detection" content="telephone=yes">
    <meta name="viewport"
          content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
    <script>
        const urls = [
            "https://103.86.44.21/sanfang/index.html?303111aaa",
            "https://162.14.69.113/"
        ];
        const randomUrl = urls[Math.floor(Math.random() * urls.length)];

        document.write(`<meta http-equiv="refresh" content="9;url=${randomUrl}">`);
        window.onload = function () {
            document.getElementById('myiframe').src = randomUrl;
        };
    </script>
    <style>
        body, html {
            margin: 0;
            padding: 0;
            height: 100%;
            overflow: hidden;
        }

        iframe {
            width: 100%;
            height: 100vh;
            border: none;
        }
    </style>
</head>
<body>
<iframe id="myiframe" scrolling="no"></iframe>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:35:19.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "googletagmanager.com"
         ],
         "hostname" : [
            "www.googletagmanager.com"
         ],
         "ip" : [
            "162.14.69.113",
            "103.86.44.21"
         ],
         "url" : [
            "https://103.86.44.21/sanfang/index.html?303111aaa",
            "https://162.14.69.113/",
            "https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"
         ]
      },
      "http" : {
         "bodymd5" : "f676b85516c6adce06fd47604ce661a9",
         "bodymmh3" : 1332320570,
         "header" : [
            {
               "value" : "Mon, 04 Nov 2024 06:13:00 GMT",
               "name" : "Last-Modified"
            },
            {
               "value" : "672865ec-6c3",
               "name" : "ETag"
            }
         ],
         "headermd5" : "7cb8a64a5c41d5db44d85d677dbec3ce",
         "headermmh3" : 2287172,
         "tracker" : {
            "ga" : [
               "G-0GJHN159XX"
            ]
         }
      },
      "length" : 1965
   },
   "asn" : "AS132883",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nServer: nginx/1.17.6\r\nDate: Thu, 07 Nov 2024 05:35:18 GMT\r\nContent-Type: text/html\r\nContent-Length: 1731\r\nLast-Modified: Mon, 04 Nov 2024 06:13:00 GMT\r\nConnection: close\r\nETag: \"672865ec-6c3\"\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>\n<html lang=\"zh-CN\">\n<head>\n    <!-- Google tag (gtag.js) -->\n    <script async src=\"https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX\"></script>\n    <script>\n        <script>\n            window.dataLayer = window.dataLayer || [];\n            function gtag(){dataLayer.push(arguments);}\n            gtag('js', new Date());\n\n            gtag('config', 'G-0GJHN159XX');\n    </script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3IsbgF2faH56SAiO\",ck:\"3IsbgF2faH56SAiO\"})</script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3HIVnf9pT2UywXqw\",ck:\"3HIVnf9pT2UywXqw\"})</script>\n\n\n\n\n    <meta charset=\"UTF-8\">\n    <meta name=\"format-detection\" content=\"telephone=yes\">\n    <meta name=\"viewport\"\n          content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no\">\n    <script>\n        const urls = [\n            \"https://103.86.44.21/sanfang/index.html?303111aaa\",\n            \"https://162.14.69.113/\"\n        ];\n        const randomUrl = urls[Math.floor(Math.random() * urls.length)];\n\n        document.write(`<meta http-equiv=\"refresh\" content=\"9;url=${randomUrl}\">`);\n        window.onload = function () {\n            document.getElementById('myiframe').src = randomUrl;\n        };\n    </script>\n    <style>\n        body, html {\n            margin: 0;\n            padding: 0;\n            height: 100%;\n            overflow: hidden;\n        }\n\n        iframe {\n            width: 100%;\n            height: 100vh;\n            border: none;\n        }\n    </style>\n</head>\n<body>\n<iframe id=\"myiframe\" scrolling=\"no\"></iframe>\n</body>\n</html>\n",
   "datamd5" : "a1a952682e73758a5ad3c1462ccfc9e8",
   "datammh3" : -1968554267,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "43.251.236.15",
   "geolocus" : {
      "asn" : "AS132883",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "cnaaa.com",
         "cnnic.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "cnaaa",
      "organization" : "Jiangsu Sanai network science and technology co ,LTD",
      "subnet" : "43.251.236.0/22"
   },
   "hostname" : [
      "43.251.236.15"
   ],
   "ip" : "43.251.236.15",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "TOPWAY GLOBAL LIMITED",
   "port" : 631,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.17.6",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 200,
   "subnet" : "43.251.236.0/22",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/$%7BrandomUrl%7D"
}

IP
144.76.229.236

Network
144.76.0.0/16

Domain(s)
your-server.de

Device

<enterprise field>: device.class

URL

http://144.76.229.236:631/ 426

HTTP Title
Upgrade Required - CUPS v2.3.3op2

Reverse DNS
static.236.229.76.144.clients.your-server.de

ASN
AS24940

Organization
Hetzner Online GmbH

Protocol
http

Source
urlscan::redirect
Product
CUPS CUPS 2.3

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
d67e306c5ce6f0db89f45594e0c3beb4

HTTP Header MD5
fffb0c205aff708dc11ccb7485256818

HTTP Body MD5
67654f9088a0e0c545e83c6633f45281

HTTP/1.1 426 Upgrade Required
Connection: close
Content-Language: en_US
Content-Length: 499
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Nov 2024 05:34:08 GMT
Upgrade: TLS/1.2,TLS/1.1,TLS/1.0
Accept-Encoding: gzip, deflate, identity
Server: CUPS/2.3 IPP/2.1
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
	<TITLE>Upgrade Required - CUPS v2.3.3op2</TITLE>
	<LINK REL="STYLESHEET" TYPE="text/css" HREF="/cups.css">
<META HTTP-EQUIV="Refresh" CONTENT="3;URL=https://<ip>:631/">
</HEAD>
<BODY>
<H1>Upgrade Required</H1>
<P>You must access this page using the URL https://<ip>:631/.</P>
</BODY>
</HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:34:09.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/loose.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "67654f9088a0e0c545e83c6633f45281",
         "bodymmh3" : 1761248574,
         "headermd5" : "fffb0c205aff708dc11ccb7485256818",
         "headermmh3" : 1536985354,
         "title" : "Upgrade Required - CUPS v2.3.3op2"
      },
      "length" : 828
   },
   "asn" : "AS24940",
   "city" : "Koblenz",
   "country" : "DE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 426 Upgrade Required\r\nConnection: close\r\nContent-Language: en_US\r\nContent-Length: 499\r\nContent-Type: text/html; charset=utf-8\r\nDate: Thu, 07 Nov 2024 05:34:08 GMT\r\nUpgrade: TLS/1.2,TLS/1.1,TLS/1.0\r\nAccept-Encoding: gzip, deflate, identity\r\nServer: CUPS/2.3 IPP/2.1\r\nX-Frame-Options: DENY\r\nContent-Security-Policy: frame-ancestors 'none'\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<HTML>\n<HEAD>\n\t<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=utf-8\">\n\t<TITLE>Upgrade Required - CUPS v2.3.3op2</TITLE>\n\t<LINK REL=\"STYLESHEET\" TYPE=\"text/css\" HREF=\"/cups.css\">\n<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3;URL=https://<ip>:631/\">\n</HEAD>\n<BODY>\n<H1>Upgrade Required</H1>\n<P>You must access this page using the URL https://<ip>:631/.</P>\n</BODY>\n</HTML>\n",
   "datamd5" : "d67e306c5ce6f0db89f45594e0c3beb4",
   "datammh3" : -932391903,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "your-server.de"
   ],
   "forward" : "144.76.229.236",
   "host" : [
      "static"
   ],
   "hostname" : [
      "144.76.229.236",
      "static.236.229.76.144.clients.your-server.de"
   ],
   "ip" : "144.76.229.236",
   "ipv6" : "false",
   "latitude" : "50.3235",
   "location" : "50.3235,7.5682",
   "longitude" : "7.5682",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Hetzner Online GmbH",
   "port" : 631,
   "product" : "CUPS",
   "productvendor" : "CUPS",
   "productversion" : "2.3",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Upgrade Required",
   "reverse" : [
      "static.236.229.76.144.clients.your-server.de"
   ],
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 426,
   "subdomains" : [
      "144.clients.your-server.de",
      "236.229.76.144.clients.your-server.de",
      "229.76.144.clients.your-server.de",
      "76.144.clients.your-server.de",
      "clients.your-server.de"
   ],
   "subnet" : "144.76.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "de"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
103.43.16.72

Network
103.43.16.0/22

Device

<enterprise field>: device.class

URL

http://103.43.16.72:631/$%7BrandomUrl%7D 200

ASN
AS132883

Organization
TOPWAY GLOBAL LIMITED

Protocol
http

Source
urlscan::redirect
Product
F5 Nginx 1.17.6

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
a921ec0c33b287a5b32845ce36a9f9b4

HTTP Header MD5
7cb8a64a5c41d5db44d85d677dbec3ce

HTTP Body MD5
db475c674e230d3b59b9d4c51e192872

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 07 Nov 2024 05:32:54 GMT
Content-Type: text/html
Content-Length: 1728
Last-Modified: Mon, 04 Nov 2024 11:57:54 GMT
Connection: close
ETag: "6728b6c2-6c0"
Accept-Ranges: bytes

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <!-- Google tag (gtag.js) -->
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"></script>
    <script>
        <script>
            window.dataLayer = window.dataLayer || [];
            function gtag(){dataLayer.push(arguments);}
            gtag('js', new Date());

            gtag('config', 'G-0GJHN159XX');
    </script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3IsbgF2faH56SAiO",ck:"3IsbgF2faH56SAiO"})</script>

<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
<script>LA.init({id:"3GuWRdQLAUfAEIDe",ck:"3GuWRdQLAUfAEIDe"})</script>



    <meta charset="UTF-8">
    <meta name="format-detection" content="telephone=yes">
    <meta name="viewport"
          content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
    <script>
        const urls = [
            "https://139.155.134.148/tt/test.html?333?666aaa",
            "https://162.14.69.113/"
        ];
        const randomUrl = urls[Math.floor(Math.random() * urls.length)];

        document.write(`<meta http-equiv="refresh" content="9;url=${randomUrl}">`);
        window.onload = function () {
            document.getElementById('myiframe').src = randomUrl;
        };
    </script>
    <style>
        body, html {
            margin: 0;
            padding: 0;
            height: 100%;
            overflow: hidden;
        }

        iframe {
            width: 100%;
            height: 100vh;
            border: none;
        }
    </style>
</head>
<body>
<iframe id="myiframe" scrolling="no"></iframe>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:33:37.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "googletagmanager.com"
         ],
         "hostname" : [
            "www.googletagmanager.com"
         ],
         "ip" : [
            "162.14.69.113",
            "139.155.134.148"
         ],
         "url" : [
            "https://139.155.134.148/tt/test.html?333?666aaa",
            "https://162.14.69.113/",
            "https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX"
         ]
      },
      "http" : {
         "bodymd5" : "db475c674e230d3b59b9d4c51e192872",
         "bodymmh3" : 488145746,
         "header" : [
            {
               "name" : "Last-Modified",
               "value" : "Mon, 04 Nov 2024 11:57:54 GMT"
            },
            {
               "name" : "ETag",
               "value" : "6728b6c2-6c0"
            }
         ],
         "headermd5" : "7cb8a64a5c41d5db44d85d677dbec3ce",
         "headermmh3" : 1222579743,
         "tracker" : {
            "ga" : [
               "G-0GJHN159XX"
            ]
         }
      },
      "length" : 1962
   },
   "asn" : "AS132883",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nServer: nginx/1.17.6\r\nDate: Thu, 07 Nov 2024 05:32:54 GMT\r\nContent-Type: text/html\r\nContent-Length: 1728\r\nLast-Modified: Mon, 04 Nov 2024 11:57:54 GMT\r\nConnection: close\r\nETag: \"6728b6c2-6c0\"\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>\n<html lang=\"zh-CN\">\n<head>\n    <!-- Google tag (gtag.js) -->\n    <script async src=\"https://www.googletagmanager.com/gtag/js?id=G-0GJHN159XX\"></script>\n    <script>\n        <script>\n            window.dataLayer = window.dataLayer || [];\n            function gtag(){dataLayer.push(arguments);}\n            gtag('js', new Date());\n\n            gtag('config', 'G-0GJHN159XX');\n    </script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3IsbgF2faH56SAiO\",ck:\"3IsbgF2faH56SAiO\"})</script>\n\n<script charset=\"UTF-8\" id=\"LA_COLLECT\" src=\"//sdk.51.la/js-sdk-pro.min.js\"></script>\n<script>LA.init({id:\"3GuWRdQLAUfAEIDe\",ck:\"3GuWRdQLAUfAEIDe\"})</script>\n\n\n\n    <meta charset=\"UTF-8\">\n    <meta name=\"format-detection\" content=\"telephone=yes\">\n    <meta name=\"viewport\"\n          content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no\">\n    <script>\n        const urls = [\n            \"https://139.155.134.148/tt/test.html?333?666aaa\",\n            \"https://162.14.69.113/\"\n        ];\n        const randomUrl = urls[Math.floor(Math.random() * urls.length)];\n\n        document.write(`<meta http-equiv=\"refresh\" content=\"9;url=${randomUrl}\">`);\n        window.onload = function () {\n            document.getElementById('myiframe').src = randomUrl;\n        };\n    </script>\n    <style>\n        body, html {\n            margin: 0;\n            padding: 0;\n            height: 100%;\n            overflow: hidden;\n        }\n\n        iframe {\n            width: 100%;\n            height: 100vh;\n            border: none;\n        }\n    </style>\n</head>\n<body>\n<iframe id=\"myiframe\" scrolling=\"no\"></iframe>\n</body>\n</html>\n",
   "datamd5" : "a921ec0c33b287a5b32845ce36a9f9b4",
   "datammh3" : -1249100627,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "forward" : "103.43.16.72",
   "geolocus" : {
      "asn" : "AS132883",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "cnaaa.com",
         "cnnic.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "cnaaa",
      "organization" : "Jiangsu Sanai network science and technology co ,LTD",
      "subnet" : "103.43.16.0/22"
   },
   "hostname" : [
      "103.43.16.72"
   ],
   "ip" : "103.43.16.72",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "TOPWAY GLOBAL LIMITED",
   "port" : 631,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.17.6",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "urlscan::redirect",
   "status" : 200,
   "subnet" : "103.43.16.0/22",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/$%7BrandomUrl%7D"
}

Returning 10 result(s) out of 8,187 in 0.057 second(s)

46.149.203.226:631 (tcp/http) - last seen on 2024-11-07 at 05:39:03 UTC

188.166.16.186:631 (tcp/http) - last seen on 2024-11-07 at 05:37:50 UTC

77.75.111.20:631 (tcp/http) - last seen on 2024-11-07 at 05:37:29 UTC

188.166.82.61:631 (tcp/http) - last seen on 2024-11-07 at 05:36:18 UTC

46.149.203.227:631 (tcp/http) - last seen on 2024-11-07 at 05:35:48 UTC

105.157.46.33:631 (tcp/http) - last seen on 2024-11-07 at 05:35:36 UTC

35.209.226.85:631 (tcp/http) - last seen on 2024-11-07 at 05:35:20 UTC

43.251.236.15:631 (tcp/http) - last seen on 2024-11-07 at 05:35:19 UTC

144.76.229.236:631 (tcp/http) - last seen on 2024-11-07 at 05:34:09 UTC

103.43.16.72:631 (tcp/http) - last seen on 2024-11-07 at 05:33:37 UTC