user.200399.xyz Open in urlscan Pro
142.171.21.29 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://user.200399.xyz/
Effective URL:
https://user.200399.xyz/media
Submission: On December 28 via automatic, source certstream-suspicious (December 28th 2024, 11:30:52 am UTC) — Scanned from SE

Summary HTTP 8 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 142.171.21.29, located in Los Angeles, United States and belongs to MULTA-ASN1, US. The main domain is user.200399.xyz.
TLS certificate: Issued by E6 on December 28th 2024. Valid for: 3 months.

This is the only time user.200399.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 7	142.171.21.29 142.171.21.29	35916 (MULTA-ASN1) (MULTA-ASN1)
1 2	104.22.21.144 104.22.21.144	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.69.128 172.67.69.128	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	3

7 142.171.21.29 (Los Angeles, United States) 1 redirects

ASN35916 (MULTA-ASN1, US)
PTR: 26z653.glancingwilderness.com

user.200399.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.22.21.144 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.tailwindcss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.69.128 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.gpteng.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	200399.xyz 1 redirects user.200399.xyz	808 KB
2	tailwindcss.com 1 redirects cdn.tailwindcss.com — Cisco Umbrella Rank: 29761	125 KB
1	gpteng.co cdn.gpteng.co	6 KB
8	3

	Domain	Requested by
7	user.200399.xyz	1 redirects user.200399.xyz
2	cdn.tailwindcss.com	1 redirects user.200399.xyz
1	cdn.gpteng.co	user.200399.xyz
8	3

This site contains links to these domains. Also see Links.

Domain
github.com
t.me

Subject Issuer	Validity	Valid
user.200399.xyz E6	`2024-12-28` - `2025-03-28`	3 months	crt.sh
cdn.gpteng.co WE1	`2024-12-27` - `2025-03-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://user.200399.xyz/media
Frame ID: 29DE2ACDC55375CA66B32748E14E5286
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

影视管理站-算艺轩

Page URL History Show full URLs

https://user.200399.xyz/ HTTP 302
https://user.200399.xyz/media Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

939 kB
Transfer

1259 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/RandallAnjie/EmbyController
Title: GitHub

Search URL Search Domain Scan URL

URL: https://t.me/randall_home
Title: Telegram群组

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://user.200399.xyz/ HTTP 302
https://user.200399.xyz/media Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://cdn.tailwindcss.com/ HTTP 302
https://cdn.tailwindcss.com/3.4.16

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request media Show response
user.200399.xyz/
Redirect Chain

https://user.200399.xyz/
https://user.200399.xyz/media

48 KB
11 KB

300ms
300ms

Document
text/html

142.171.21.29
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://user.200399.xyz/media
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.171.21.29 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),
Reverse DNS: 26z653.glancingwilderness.com
Software: Caddy nginx/1.22.1 / PHP/8.2.26
Resource Hash: 8f3947ed03f7c5caa7b056d2977634964135e4d8a181746cab4e89897a00a8b1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 28 Dec 2024 11:30:47 GMT
server: Caddy nginx/1.22.1
x-powered-by: PHP/8.2.26

Redirect headers

alt-svc: h3=":443"; ma=2592000
cache-control: no-cache,must-revalidate
content-type: text/html; charset=utf-8
date: Sat, 28 Dec 2024 11:30:47 GMT
location: /media
server: Caddy nginx/1.22.1
x-powered-by: PHP/8.2.26

GET
H3 200 jquery-3.7.1.min.js Show response
user.200399.xyz/assets/index/js/ 85 KB
86 KB 154ms
153ms Script
application/javascript 142.171.21.29
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://user.200399.xyz/assets/index/js/jquery-3.7.1.min.js
Requested by: Host: user.200399.xyz
URL: https://user.200399.xyz/media
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.171.21.29 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),
Reverse DNS: 26z653.glancingwilderness.com
Software: Caddy, nginx/1.22.1 /
Resource Hash: 3e7501d15c3630e791c8b20392eb9dee31a9f65ce3efdde76cef5c710141ab24

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://user.200399.xyz/media

Response headers

accept-ranges: bytes
content-length: 87532
etag: "67638919-155ec"
date: Sat, 28 Dec 2024 11:30:47 GMT
content-type: application/javascript
last-modified: Thu, 19 Dec 2024 02:46:49 GMT
server: Caddy, nginx/1.22.1

GET
H2

200

3.4.16 Show response
cdn.tailwindcss.com/
Redirect Chain

https://cdn.tailwindcss.com/
https://cdn.tailwindcss.com/3.4.16

398 KB
125 KB

35ms
34ms

Script
text/javascript

104.22.21.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tailwindcss.com/3.4.16

Requested by

Host: user.200399.xyz
URL: https://user.200399.xyz/media

Protocol

Server

104.22.21.144 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb798bb21731986940cf3a9950fbca386e03633e9a45497701e71f9b87d132ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://user.200399.xyz/

Response headers

server: cloudflare
strict-transport-security: max-age=63072000
cache-control: max-age=31536000
content-encoding: br
x-vercel-cache: MISS
cf-cache-status: HIT
age: 287966
cf-ray: 8f913867aad34da4-FRA
date: Sat, 28 Dec 2024 11:30:47 GMT
content-type: text/javascript
last-modified: Fri, 06 Dec 2024 21:30:37 GMT
vary: Accept-Encoding
x-vercel-id: cle1::iad1::rv4dn-1733520637303-9c55b126e284

Redirect headers

strict-transport-security: max-age=63072000
cache-control: max-age=14400
location: /3.4.16
x-vercel-cache: MISS
cf-cache-status: HIT
age: 314
cf-ray: 8f9138676a9f4da4-FRA
date: Sat, 28 Dec 2024 11:30:47 GMT
vary: Accept-Encoding
server: cloudflare
x-vercel-id: cle1::iad1::5k6fq-1735384994100-88744f85f8b9

GET
H2 200 gptengineer.js Show response
cdn.gpteng.co/ 17 KB
6 KB 166ms
79ms Script
application/javascript 172.67.69.128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.gpteng.co/gptengineer.js
Requested by: Host: user.200399.xyz
URL: https://user.200399.xyz/media
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98a0fd0d2e414985813338b7621f2b2c4377e5b1ebf2a304d5379801b45b9ab0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://user.200399.xyz
Referer: https://user.200399.xyz/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: MISS
etag: W/"1fef30887fe4022781ef220051b15699"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGzFRyA76npVPzMOYuXCkIo9vJPuJn521qYyW8vvTOkAO0SyBEIsOomvfl5b3I6vr%2FBW1uLLZh7tgOIugWUxGDarzCoZGLdNQ8jnxRMzvKLD0DFqOY%2B%2Bjtnu81H6XZ8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f9138678854d3bc-FRA
access-control-allow-origin: *
server-timing: cfL4;desc="?proto=TCP&rtt=27458&min_rtt=27341&rtt_var=4442&sent=7&recv=12&lost=0&retrans=0&sent_bytes=4025&recv_bytes=2297&delivery_rate=151787&cwnd=254&unsent_bytes=0&cid=1bd83fe520cf2236&ts=93&x=0"
date: Sat, 28 Dec 2024 11:30:47 GMT
content-type: application/javascript
last-modified: Sun, 08 Dec 2024 13:28:18 GMT
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 media-background.jpeg
user.200399.xyz/static/media/img/ 698 KB
698 KB 158ms
157ms Image
image/jpeg 142.171.21.29
MULTA-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://user.200399.xyz/static/media/img/media-background.jpeg
Requested by: Host: user.200399.xyz
URL: https://user.200399.xyz/media
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.171.21.29 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),
Reverse DNS: 26z653.glancingwilderness.com
Software: Caddy, nginx/1.22.1 /
Resource Hash: 6595fb8713ba2a02dd9fde1afd01e22514faf4701418457a05c644390370f3c7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://user.200399.xyz/media

Response headers

accept-ranges: bytes
content-length: 715017
date: Sat, 28 Dec 2024 11:30:47 GMT
etag: "67638919-ae909"
content-type: image/jpeg
last-modified: Thu, 19 Dec 2024 02:46:49 GMT
server: Caddy, nginx/1.22.1

POST
H3 200 getLatestMedia Show response
user.200399.xyz/media/index/ 31 B
234 B 470ms
469ms XHR
application/json 142.171.21.29
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://user.200399.xyz/media/index/getLatestMedia
Requested by: Host: user.200399.xyz
URL: https://user.200399.xyz/assets/index/js/jquery-3.7.1.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.171.21.29 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),
Reverse DNS: 26z653.glancingwilderness.com
Software: Caddy, nginx/1.22.1 / PHP/8.2.26
Resource Hash: 4c5e8fbe87c136ed551389c7262b0faacc1b2a335b3d12427817b1e439aeab5e

Request headers

Referer: https://user.200399.xyz/media
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*

Response headers

date: Sat, 28 Dec 2024 11:30:48 GMT
content-type: application/json; charset=utf-8
x-powered-by: PHP/8.2.26
server: Caddy, nginx/1.22.1

POST
H3 200 getLineStatus Show response
user.200399.xyz/media/index/ 28 B
231 B 544ms
543ms XHR
application/json 142.171.21.29
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://user.200399.xyz/media/index/getLineStatus
Requested by: Host: user.200399.xyz
URL: https://user.200399.xyz/assets/index/js/jquery-3.7.1.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.171.21.29 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),
Reverse DNS: 26z653.glancingwilderness.com
Software: Caddy, nginx/1.22.1 / PHP/8.2.26
Resource Hash: d645632f828e60c3ee7d20bf8accd3be8f41bf74b2fb1981c5b11fae0f0771c1

Request headers

Referer: https://user.200399.xyz/media
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*

Response headers

date: Sat, 28 Dec 2024 11:30:48 GMT
content-type: application/json; charset=utf-8
x-powered-by: PHP/8.2.26
server: Caddy, nginx/1.22.1

GET
H3 200 favicon.ico
user.200399.xyz/ 12 KB
12 KB 159ms
159ms Other
image/x-icon 142.171.21.29
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://user.200399.xyz/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.171.21.29 Los Angeles, United States, ASN35916 (MULTA-ASN1, US),
Reverse DNS: 26z653.glancingwilderness.com
Software: Caddy, nginx/1.22.1 /
Resource Hash: c1d0edb9f0d48c228402d8e5c22980f347b3031315d2848488915084ea7a3ff7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://user.200399.xyz/media

Response headers

accept-ranges: bytes
content-length: 12633
etag: "67638919-3159"
date: Sat, 28 Dec 2024 11:30:48 GMT
content-type: image/x-icon
last-modified: Thu, 19 Dec 2024 02:46:49 GMT
server: Caddy, nginx/1.22.1

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			user.200399.xyz/	1969-12-31 23:59:59	Name: think_lang Value: se-se
			user.200399.xyz/	1970-01-21 02:03:06	Name: RANDALLANJIESESSID Value: ef0308814286841b6c5949bf26574482

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://cdn.gpteng.co/gptengineer.js(Line 3) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://gptengineer.app') does not match the recipient window's origin ('https://user.200399.xyz').
security	warning	URL: https://cdn.gpteng.co/gptengineer.js(Line 3) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('http://localhost:3000') does not match the recipient window's origin ('https://user.200399.xyz').
security	warning	URL: https://cdn.gpteng.co/gptengineer.js(Line 3) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://lovable.dev') does not match the recipient window's origin ('https://user.200399.xyz').
security	warning	URL: https://cdn.gpteng.co/gptengineer.js(Line 3) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://gptengineer.app') does not match the recipient window's origin ('https://user.200399.xyz').
security	warning	URL: https://cdn.gpteng.co/gptengineer.js(Line 3) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('http://localhost:3000') does not match the recipient window's origin ('https://user.200399.xyz').
security	warning	URL: https://cdn.gpteng.co/gptengineer.js(Line 3) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://lovable.dev') does not match the recipient window's origin ('https://user.200399.xyz').
security	warning	URL: https://cdn.gpteng.co/gptengineer.js(Line 3) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://gptengineer.app') does not match the recipient window's origin ('https://user.200399.xyz').
security	warning	URL: https://cdn.gpteng.co/gptengineer.js(Line 3) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('http://localhost:3000') does not match the recipient window's origin ('https://user.200399.xyz').
security	warning	URL: https://cdn.gpteng.co/gptengineer.js(Line 3) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://lovable.dev') does not match the recipient window's origin ('https://user.200399.xyz').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.gpteng.co
cdn.tailwindcss.com
user.200399.xyz
104.22.21.144
142.171.21.29
172.67.69.128
3e7501d15c3630e791c8b20392eb9dee31a9f65ce3efdde76cef5c710141ab24
4c5e8fbe87c136ed551389c7262b0faacc1b2a335b3d12427817b1e439aeab5e
6595fb8713ba2a02dd9fde1afd01e22514faf4701418457a05c644390370f3c7
8f3947ed03f7c5caa7b056d2977634964135e4d8a181746cab4e89897a00a8b1
98a0fd0d2e414985813338b7621f2b2c4377e5b1ebf2a304d5379801b45b9ab0
c1d0edb9f0d48c228402d8e5c22980f347b3031315d2848488915084ea7a3ff7
d645632f828e60c3ee7d20bf8accd3be8f41bf74b2fb1981c5b11fae0f0771c1
fb798bb21731986940cf3a9950fbca386e03633e9a45497701e71f9b87d132ea

user.200399.xyz Open in urlscan Pro 142.171.21.29 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

88 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

939 kBTransfer

1259 kBSize

2 Cookies

2 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

2 Cookies

9 Console Messages

Indicators

user.200399.xyz Open in urlscan Pro
142.171.21.29 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

939 kB
Transfer

1259 kB
Size

2
Cookies

8 HTTP transactions
0 data transactions