Cyber Defense Search Engine

IP
51.141.113.26

Network
51.140.0.0/14

Domain(s)
cloudapp.net

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

HTTP Title
Bad Request

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
http Cert not expired http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Microsoft Azure RSA TLS Issuing CA 04

Issuer Organization
Microsoft Corporation

Subject Organization
Microsoft Corporation

Subject Common Name
wavnet.prod.cloudapp.net

Subject Alt Name
wavnet.prod.cloudapp.net

SHA256 Fingerprint
24f66e237c00f7daf482c8e340a9d554223edc554d63b5c99ea016330114a601

Validity Not Before
2024-08-18T17:06:46Z

Validity Not After
2025-08-13T17:06:46Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
ab7ec59c257a6ef4d994483c583b818c

HTTP Header MD5
5f8987fc4ee9770a3292cd04557b2dbf

HTTP Body MD5
779df2c90c98bc5e3cb4127ecf04909e

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 07 Nov 2024 03:21:11 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:21:12.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -1604327368,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS8075",
   "basicconstraints" : "critical",
   "ca" : "false",
   "city" : "Cardiff",
   "country" : "GB",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 07 Nov 2024 03:21:11 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cloudapp.net"
   ],
   "extkeyusage" : [
      "clientAuth",
      "serverAuth"
   ],
   "fingerprint" : {
      "md5" : "60c565eb7b1152a11b8ae61be8a75a03",
      "sha1" : "321da2fc526c8e40d36b9e18bf4b25e13e6020de",
      "sha256" : "24f66e237c00f7daf482c8e340a9d554223edc554d63b5c99ea016330114a601"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "GB",
      "countryname" : "United Kingdom",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "55.378051",
      "location" : "55.378051,-3.435973",
      "longitude" : "-3.435973",
      "netname" : "MICROSOFT",
      "organization" : "Microsoft Limited",
      "subnet" : "51.140.0.0/14"
   },
   "host" : [
      "wavnet"
   ],
   "hostname" : [
      "wavnet.prod.cloudapp.net"
   ],
   "ip" : "51.141.113.26",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Microsoft Azure RSA TLS Issuing CA 04",
      "country" : "US",
      "organization" : "Microsoft Corporation"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "51.4866",
   "location" : "51.4866,-3.1549",
   "longitude" : "-3.1549",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 10001,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "serial" : "33:00:97:7a:83:8a:87:42:eb:03:94:4e:ee:00:00:00:97:7a:83",
   "signature" : {
      "algorithm" : "sha384WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "prod.cloudapp.net"
   ],
   "subject" : {
      "altname" : [
         "wavnet.prod.cloudapp.net"
      ],
      "city" : "Redmond",
      "commonname" : "wavnet.prod.cloudapp.net",
      "country" : "US",
      "organization" : "Microsoft Corporation"
   },
   "subnet" : "51.140.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-08-13T17:06:46Z",
      "notbefore" : "2024-08-18T17:06:46Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
45.223.1.140

Alternative IP(s)
107.154.102.9 107.154.111.9 107.154.115.156 107.154.75.82 107.154.76.82 149.126.72.140 185.11.125.140 192.230.67.140 199.83.129.94 199.83.131.140 199.83.131.94 45.60.108.212 45.60.109.225 45.60.136.141 45.60.242.153 45.60.63.212 45.60.64.114 45.60.65.212 45.60.73.225 45.60.76.130 45.60.77.141 45.60.80.141

Network
45.223.1.0/24

Domain(s)
aerocrs.com ca.gov fabricguru.com herouxdevtek.com imperva.com mckesson.com mooremedical.com psychicsource.com troplaughlin.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

ASN
AS19551

Organization
INCAPSULA

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
GlobalSign Atlas R3 DV TLS CA 2024 Q3

Issuer Organization
GlobalSign nv-sa

Subject Common Name
imperva.com

Subject Alt Name
www.dtsc.ca.gov ext.aerocrs.com static.fabricguru.com dev.mms.mckesson.com dtsc.ca.gov psychicsource.com *.psychicsource.com aerocrs.com resnet.troplaughlin.com tqr.dtsc.ca.gov rccdn.psychicsource.com www.fabricguru.com *.herouxdevtek.com herouxdevtek.com mooremedical.com www.aerocrs.com *.mooremedical.com www.herouxdevtek.com collaboration.herouxdevtek.com fabricguru.com secureqa.mooremedical.com imperva.com webservices.dtsc.ca.gov

SHA256 Fingerprint
2fc9161d2245bb5b82ef2f65d87f7d8a54907537114378dbf7c65a04d90d7558

Validity Not Before
2024-09-10T12:30:04Z

Validity Not After
2025-03-09T12:30:04Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
644ed70ba3e4b366420603a77e9c968d

HTTP Header MD5
f5786e368801883720a7b98609b45805

HTTP Body MD5
100fff6fee9e57a84a709880ff4487dd

HTTP/1.1 400 Bad Request
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
Content-Length: 704
X-Iinfo: 14-164654330-0 0NNN RT(1730949667651 2139) q(-1 -1 -1 -1) r(0 -1) b1

<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=24&xinfo=14-164654330-0%200NNN%20RT%281730949667651%202139%29%20q%28-1%20-1%20-1%20-1%29%20r%280%20-1%29%20b1&incident_id=0-863845204665959566&edet=3&cinfo=ffffffff&pe=544&rpinfo=0&mth=NA" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-863845204665959566</iframe></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:21:10.000Z",
   "alternativeip" : [
      "107.154.102.9",
      "107.154.111.9",
      "107.154.115.156",
      "107.154.75.82",
      "107.154.76.82",
      "149.126.72.140",
      "185.11.125.140",
      "192.230.67.140",
      "199.83.129.94",
      "199.83.131.140",
      "199.83.131.94",
      "45.60.108.212",
      "45.60.109.225",
      "45.60.136.141",
      "45.60.242.153",
      "45.60.63.212",
      "45.60.64.114",
      "45.60.65.212",
      "45.60.73.225",
      "45.60.76.130",
      "45.60.77.141",
      "45.60.80.141"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "100fff6fee9e57a84a709880ff4487dd",
         "bodymmh3" : 463320200,
         "headermd5" : "f5786e368801883720a7b98609b45805",
         "headermmh3" : -889983746
      },
      "length" : 911
   },
   "asn" : "AS19551",
   "basicconstraints" : "critical",
   "ca" : "false",
   "company" : {
      "country" : "<enterprise field>: company.country",
      "globalrank" : "<enterprise field>: company.globalrank",
      "industry" : "<enterprise field>: company.industry",
      "name" : "<enterprise field>: company.name",
      "sector" : "<enterprise field>: company.sector"
   },
   "country" : "US",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store\r\nConnection: close\r\nContent-Length: 704\r\nX-Iinfo: 14-164654330-0 0NNN RT(1730949667651 2139) q(-1 -1 -1 -1) r(0 -1) b1\r\n\r\n<html style=\"height:100%\"><head><META NAME=\"ROBOTS\" CONTENT=\"NOINDEX, NOFOLLOW\"><meta name=\"format-detection\" content=\"telephone=no\"><meta name=\"viewport\" content=\"initial-scale=1.0\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"></head><body style=\"margin:0px;height:100%\"><iframe id=\"main-iframe\" src=\"/_Incapsula_Resource?CWUDNSAI=24&xinfo=14-164654330-0%200NNN%20RT%281730949667651%202139%29%20q%28-1%20-1%20-1%20-1%29%20r%280%20-1%29%20b1&incident_id=0-863845204665959566&edet=3&cinfo=ffffffff&pe=544&rpinfo=0&mth=NA\" frameborder=0 width=\"100%\" height=\"100%\" marginheight=\"0px\" marginwidth=\"0px\">Request unsuccessful. Incapsula incident ID: 0-863845204665959566</iframe></body></html>",
   "datamd5" : "644ed70ba3e4b366420603a77e9c968d",
   "datammh3" : -1879989194,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "aerocrs.com",
      "ca.gov",
      "fabricguru.com",
      "herouxdevtek.com",
      "imperva.com",
      "mckesson.com",
      "mooremedical.com",
      "psychicsource.com",
      "troplaughlin.com"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "b9ad77bdf7f439adf18a4bf09f6c9e79",
      "sha1" : "312b7d4f1ccba2b52948fa814026f1e2dff0f594",
      "sha256" : "2fc9161d2245bb5b82ef2f65d87f7d8a54907537114378dbf7c65a04d90d7558"
   },
   "geolocus" : {
      "asn" : "AS19551",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "imperva.com",
         "incapsula.com",
         "thalesgroup.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "INCAPSULA-NET",
      "organization" : "Incapsula Inc",
      "subnet" : "45.223.1.0/24"
   },
   "host" : [
      "collaboration",
      "dev",
      "dtsc",
      "ext",
      "rccdn",
      "resnet",
      "secureqa",
      "static",
      "tqr",
      "webservices",
      "www"
   ],
   "hostname" : [
      "aerocrs.com",
      "collaboration.herouxdevtek.com",
      "dev.mms.mckesson.com",
      "dtsc.ca.gov",
      "ext.aerocrs.com",
      "fabricguru.com",
      "herouxdevtek.com",
      "imperva.com",
      "mooremedical.com",
      "psychicsource.com",
      "rccdn.psychicsource.com",
      "resnet.troplaughlin.com",
      "secureqa.mooremedical.com",
      "static.fabricguru.com",
      "tqr.dtsc.ca.gov",
      "webservices.dtsc.ca.gov",
      "www.aerocrs.com",
      "www.dtsc.ca.gov",
      "www.fabricguru.com",
      "www.herouxdevtek.com"
   ],
   "ip" : "45.223.1.140",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign Atlas R3 DV TLS CA 2024 Q3",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "INCAPSULA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 10001,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "serial" : "01:8d:6f:9d:ff:5e:22:3e:f1:b8:a1:4e:21:d7:67:80",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "dtsc.ca.gov",
      "mms.mckesson.com"
   ],
   "subject" : {
      "altname" : [
         "www.dtsc.ca.gov",
         "ext.aerocrs.com",
         "static.fabricguru.com",
         "dev.mms.mckesson.com",
         "dtsc.ca.gov",
         "psychicsource.com",
         "*.psychicsource.com",
         "aerocrs.com",
         "resnet.troplaughlin.com",
         "tqr.dtsc.ca.gov",
         "rccdn.psychicsource.com",
         "www.fabricguru.com",
         "*.herouxdevtek.com",
         "herouxdevtek.com",
         "mooremedical.com",
         "www.aerocrs.com",
         "*.mooremedical.com",
         "www.herouxdevtek.com",
         "collaboration.herouxdevtek.com",
         "fabricguru.com",
         "secureqa.mooremedical.com",
         "imperva.com",
         "webservices.dtsc.ca.gov"
      ],
      "commonname" : "imperva.com"
   },
   "subnet" : "45.223.1.0/24",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "gov"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-03-09T12:30:04Z",
      "notbefore" : "2024-09-10T12:30:04Z"
   },
   "version" : "v3",
   "wildcard" : "true"
}

IP
40.122.78.46

Network
40.120.0.0/14

Operating System
Linux Linux Kernel

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
undefined Cert not expired undefined

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
station=1398507

Subject Common Name
station=1398507

SHA256 Fingerprint
485c0505110cbf8267ec9f590f78b7862f1fd5a790e8f18d8217808f9c588b21

Validity Not Before
2019-10-23T20:24:16Z

Validity Not After
2029-10-20T20:24:16Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
3c768c4828bc7cf16f444a4228eaa0b3
```
<nodata>
```

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:59.000Z",
   "app" : {
      "length" : 8
   },
   "asn" : "AS8075",
   "basicconstraints" : "critical",
   "ca" : "true",
   "city" : "Des Moines",
   "country" : "US",
   "data" : "<nodata>",
   "datamd5" : "3c768c4828bc7cf16f444a4228eaa0b3",
   "datammh3" : -969888823,
   "fingerprint" : {
      "md5" : "1d182c91b3fffaeac5f84b5ec52c9c38",
      "sha1" : "c553d47b1d008e4daa17ddc6353d18207b4f6c07",
      "sha256" : "485c0505110cbf8267ec9f590f78b7862f1fd5a790e8f18d8217808f9c588b21"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "MSFT",
      "organization" : "Microsoft Corporation",
      "subnet" : "40.122.0.0/16"
   },
   "ip" : "40.122.78.46",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "station=1398507"
   },
   "latitude" : "41.6021",
   "location" : "41.6021,-93.6124",
   "longitude" : "-93.6124",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 10001,
   "protocol" : "undefined",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "seen_date" : "2024-11-07",
   "serial" : "a7:e7:0b:11:6e:63:53:10:6b:40:6a:b2:da:51:78:ae",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "subject" : {
      "commonname" : "station=1398507"
   },
   "subnet" : "40.120.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2029-10-20T20:24:16Z",
      "notbefore" : "2019-10-23T20:24:16Z"
   },
   "version" : "v1",
   "wildcard" : "false"
}

IP
4.152.216.247

Network
4.144.0.0/12

Domain(s)
cloudapp.net

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

HTTP Title
Bad Request

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
http Cert not expired http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Microsoft Azure RSA TLS Issuing CA 03

Issuer Organization
Microsoft Corporation

Subject Organization
Microsoft Corporation

Subject Common Name
wavnet.prod.cloudapp.net

Subject Alt Name
wavnet.prod.cloudapp.net

SHA256 Fingerprint
6a7264dc2f336a0675719cc93653b3728b1b7cc7a26d87a71f25ba53441a72bd

Validity Not Before
2024-08-29T05:35:14Z

Validity Not After
2025-08-24T05:35:14Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
ab7ec59c257a6ef4d994483c583b818c

HTTP Header MD5
5f8987fc4ee9770a3292cd04557b2dbf

HTTP Body MD5
779df2c90c98bc5e3cb4127ecf04909e

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 07 Nov 2024 03:20:39 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:40.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -706362983,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS8075",
   "basicconstraints" : "critical",
   "ca" : "false",
   "city" : "Boydton",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 07 Nov 2024 03:20:39 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cloudapp.net"
   ],
   "extkeyusage" : [
      "clientAuth",
      "serverAuth"
   ],
   "fingerprint" : {
      "md5" : "33fb15996f51329681128ec45ae84499",
      "sha1" : "0abfe4c4982a8c1e6f730764aa7fdd7ac9ea67cc",
      "sha256" : "6a7264dc2f336a0675719cc93653b3728b1b7cc7a26d87a71f25ba53441a72bd"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "MSFT",
      "organization" : "Microsoft Corporation",
      "subnet" : "4.152.0.0/14"
   },
   "host" : [
      "wavnet"
   ],
   "hostname" : [
      "wavnet.prod.cloudapp.net"
   ],
   "ip" : "4.152.216.247",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Microsoft Azure RSA TLS Issuing CA 03",
      "country" : "US",
      "organization" : "Microsoft Corporation"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "36.6676",
   "location" : "36.6676,-78.3875",
   "longitude" : "-78.3875",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 10001,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "serial" : "33:00:a2:91:aa:3e:cd:73:05:5d:0f:f4:f9:00:00:00:a2:91:aa",
   "signature" : {
      "algorithm" : "sha384WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "prod.cloudapp.net"
   ],
   "subject" : {
      "altname" : [
         "wavnet.prod.cloudapp.net"
      ],
      "city" : "Redmond",
      "commonname" : "wavnet.prod.cloudapp.net",
      "country" : "US",
      "organization" : "Microsoft Corporation"
   },
   "subnet" : "4.144.0.0/12",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-08-24T05:35:14Z",
      "notbefore" : "2024-08-29T05:35:14Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
20.123.11.140

Network
20.64.0.0/10

Domain(s)
cloudapp.net

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

HTTP Title
Bad Request

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
http Cert not expired http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Microsoft Azure RSA TLS Issuing CA 07

Issuer Organization
Microsoft Corporation

Subject Organization
Microsoft Corporation

Subject Common Name
wavnet.prod.cloudapp.net

Subject Alt Name
wavnet.prod.cloudapp.net

SHA256 Fingerprint
c0b17e976e88798d64d77824a2de14f20ed70d3c2c76b776615996165599b252

Validity Not Before
2024-09-04T19:55:12Z

Validity Not After
2025-08-30T19:55:12Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
ab7ec59c257a6ef4d994483c583b818c

HTTP Header MD5
5f8987fc4ee9770a3292cd04557b2dbf

HTTP Body MD5
779df2c90c98bc5e3cb4127ecf04909e

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 07 Nov 2024 03:20:39 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:40.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -706362983,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS8075",
   "basicconstraints" : "critical",
   "ca" : "false",
   "city" : "Dublin",
   "country" : "IE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 07 Nov 2024 03:20:39 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cloudapp.net"
   ],
   "extkeyusage" : [
      "clientAuth",
      "serverAuth"
   ],
   "fingerprint" : {
      "md5" : "b5924770d61f42f73a4451c6f87cd6c7",
      "sha1" : "30b4512a58fdb86cbc10c232a69548bf9d61e2bf",
      "sha256" : "c0b17e976e88798d64d77824a2de14f20ed70d3c2c76b776615996165599b252"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "MSFT",
      "organization" : "Microsoft Corporation",
      "subnet" : "20.123.0.0/17"
   },
   "host" : [
      "wavnet"
   ],
   "hostname" : [
      "wavnet.prod.cloudapp.net"
   ],
   "ip" : "20.123.11.140",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Microsoft Azure RSA TLS Issuing CA 07",
      "country" : "US",
      "organization" : "Microsoft Corporation"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "53.3379",
   "location" : "53.3379,-6.2591",
   "longitude" : "-6.2591",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 10001,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "serial" : "33:00:75:37:0e:9e:56:21:62:48:7a:30:2b:00:00:00:75:37:0e",
   "signature" : {
      "algorithm" : "sha384WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "prod.cloudapp.net"
   ],
   "subject" : {
      "altname" : [
         "wavnet.prod.cloudapp.net"
      ],
      "city" : "Redmond",
      "commonname" : "wavnet.prod.cloudapp.net",
      "country" : "US",
      "organization" : "Microsoft Corporation"
   },
   "subnet" : "20.64.0.0/10",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-08-30T19:55:12Z",
      "notbefore" : "2024-09-04T19:55:12Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
65.181.140.179

Network
65.181.128.0/19

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

HTTP Title
400 Bad Request

ASN
AS134729

Organization
JOINT POWER TECHNOLOGY LIMITED

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
Waf defaut certificate(Attack Behavior reported to the police)

Issuer Organization
Waf

Subject Organization
Waf

Subject Common Name
Waf defaut certificate(Attack Behavior reported to the police)

SHA256 Fingerprint
185cefdaa1341ded7efcdf724d2e9581fe1d7b4ad3eb1ad6dd3a47c31013de27

Validity Not Before
2020-08-26T09:48:09Z

Validity Not After
2030-08-24T09:48:09Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
f6434d75c18561f6689ba0cc7f7de967

HTTP Header MD5
7de09592d0cc3062011d73fa292680b0

HTTP Body MD5
5ef00e5d557dc45a4cf3efc331e1bdc4

HTTP/1.1 400 Bad Request
Server: WAF
Date: Thu, 07 Nov 2024 03:20:38 GMT
Content-Type: text/html
Content-Length: 164
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>WAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:40.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "5ef00e5d557dc45a4cf3efc331e1bdc4",
         "bodymmh3" : -1126698889,
         "headermd5" : "7de09592d0cc3062011d73fa292680b0",
         "headermmh3" : 987582173,
         "title" : "400 Bad Request"
      },
      "length" : 307
   },
   "asn" : "AS134729",
   "country" : "US",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: WAF\r\nDate: Thu, 07 Nov 2024 03:20:38 GMT\r\nContent-Type: text/html\r\nContent-Length: 164\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>WAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "f6434d75c18561f6689ba0cc7f7de967",
   "datammh3" : -1855578114,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "fingerprint" : {
      "md5" : "a01ba69ec230a73409884c2b344b5917",
      "sha1" : "c3820866b442e20cc8e4893132a4b0a9d20022f8",
      "sha256" : "185cefdaa1341ded7efcdf724d2e9581fe1d7b4ad3eb1ad6dd3a47c31013de27"
   },
   "geolocus" : {
      "asn" : "AS134729",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "ipxo.com",
         "pair.com",
         "pair.net",
         "pairnetworks.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "IXPO-65-181-128-0-19-REALLOCATION",
      "organization" : "IPXO LLC",
      "subnet" : "65.181.128.0/20"
   },
   "ip" : "65.181.140.179",
   "ipv6" : "false",
   "issuer" : {
      "city" : "Shanghai",
      "commonname" : "Waf defaut certificate(Attack Behavior reported to the police)",
      "country" : "CN",
      "organization" : "Waf",
      "organizationalunit" : "WAF"
   },
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "JOINT POWER TECHNOLOGY LIMITED",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 10001,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "serial" : "d4:7c:19:ad:8a:0c:45:e7",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subject" : {
      "city" : "Shanghai",
      "commonname" : "Waf defaut certificate(Attack Behavior reported to the police)",
      "country" : "CN",
      "organization" : "Waf",
      "organizationalunit" : "WAF"
   },
   "subnet" : "65.181.128.0/19",
   "tag" : "<enterprise field>: tag",
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2030-08-24T09:48:09Z",
      "notbefore" : "2020-08-26T09:48:09Z"
   },
   "version" : "v1",
   "wildcard" : "false"
}

IP
192.230.67.13

Alternative IP(s)
45.60.109.225 45.60.73.225

Network
192.230.64.0/21

Domain(s)
imperva.com incapdns.net

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

Reverse DNS
192.230.67.13.ip.incapdns.net

ASN
AS19551

Organization
INCAPSULA

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
GlobalSign Atlas R3 DV TLS CA 2024 Q3

Issuer Organization
GlobalSign nv-sa

Subject Common Name
imperva.com

Subject Alt Name
imperva.com

SHA256 Fingerprint
d93aefd6d0a555ad589d7de257e85722d9351f70e3e4fa3d07e139ee4b176a53

Validity Not Before
2024-09-09T14:40:44Z

Validity Not After
2025-03-08T14:40:44Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
158025a3fa11d5f4d509021850f1432e

HTTP Header MD5
59aa2d6cf2310c6e06cdf52f872f2c40

HTTP Body MD5
6a2a758ffffc0cfb6e661a6a44cc1c33

HTTP/1.1 400 Bad Request
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
Content-Length: 703
X-Iinfo: 13-59592421-0 0NNN RT(1730949636349 2754) q(-1 -1 -1 -1) r(0 -1) b1

<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=24&xinfo=13-59592421-0%200NNN%20RT%281730949636349%202754%29%20q%28-1%20-1%20-1%20-1%29%20r%280%20-1%29%20b1&incident_id=0-306619557903795661&edet=3&cinfo=ffffffff&pe=544&rpinfo=0&mth=NA" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-306619557903795661</iframe></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:40.000Z",
   "alternativeip" : [
      "45.60.109.225",
      "45.60.73.225"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "6a2a758ffffc0cfb6e661a6a44cc1c33",
         "bodymmh3" : -1448467917,
         "headermd5" : "59aa2d6cf2310c6e06cdf52f872f2c40",
         "headermmh3" : 1741787089
      },
      "length" : 909
   },
   "asn" : "AS19551",
   "basicconstraints" : "critical",
   "ca" : "false",
   "country" : "US",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store\r\nConnection: close\r\nContent-Length: 703\r\nX-Iinfo: 13-59592421-0 0NNN RT(1730949636349 2754) q(-1 -1 -1 -1) r(0 -1) b1\r\n\r\n<html style=\"height:100%\"><head><META NAME=\"ROBOTS\" CONTENT=\"NOINDEX, NOFOLLOW\"><meta name=\"format-detection\" content=\"telephone=no\"><meta name=\"viewport\" content=\"initial-scale=1.0\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"></head><body style=\"margin:0px;height:100%\"><iframe id=\"main-iframe\" src=\"/_Incapsula_Resource?CWUDNSAI=24&xinfo=13-59592421-0%200NNN%20RT%281730949636349%202754%29%20q%28-1%20-1%20-1%20-1%29%20r%280%20-1%29%20b1&incident_id=0-306619557903795661&edet=3&cinfo=ffffffff&pe=544&rpinfo=0&mth=NA\" frameborder=0 width=\"100%\" height=\"100%\" marginheight=\"0px\" marginwidth=\"0px\">Request unsuccessful. Incapsula incident ID: 0-306619557903795661</iframe></body></html>",
   "datamd5" : "158025a3fa11d5f4d509021850f1432e",
   "datammh3" : 379719564,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "imperva.com",
      "incapdns.net"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "7caa214da1735391d57b60ec723d0a2d",
      "sha1" : "510cdfbdf42282080dc861e09c9dfd5d689b869a",
      "sha256" : "d93aefd6d0a555ad589d7de257e85722d9351f70e3e4fa3d07e139ee4b176a53"
   },
   "geolocus" : {
      "asn" : "AS19551",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "imperva.com",
         "incapdns.net",
         "incapsula.com",
         "thalesgroup.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "INCAPSULA-NETWORK",
      "organization" : "Incapsula Inc",
      "subnet" : "192.230.64.0/22"
   },
   "host" : [
      192
   ],
   "hostname" : [
      "192.230.67.13.ip.incapdns.net",
      "imperva.com"
   ],
   "ip" : "192.230.67.13",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign Atlas R3 DV TLS CA 2024 Q3",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "INCAPSULA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 10001,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "reverse" : [
      "192.230.67.13.ip.incapdns.net"
   ],
   "seen_date" : "2024-11-07",
   "serial" : "01:27:6d:1d:ee:b0:c7:18:e5:8d:bc:47:aa:f0:e1:bb",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "13.ip.incapdns.net",
      "230.67.13.ip.incapdns.net",
      "67.13.ip.incapdns.net",
      "ip.incapdns.net"
   ],
   "subject" : {
      "altname" : [
         "imperva.com"
      ],
      "commonname" : "imperva.com"
   },
   "subnet" : "192.230.64.0/21",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-03-08T14:40:44Z",
      "notbefore" : "2024-09-09T14:40:44Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
45.223.118.153

Alternative IP(s)
45.60.109.225 45.60.73.225

Network
45.223.96.0/19

Domain(s)
imperva.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

ASN
AS19551

Organization
INCAPSULA

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
GlobalSign Atlas R3 DV TLS CA 2024 Q3

Issuer Organization
GlobalSign nv-sa

Subject Common Name
imperva.com

Subject Alt Name
imperva.com

SHA256 Fingerprint
a8e1c40ea38d053353924fc94857a8603eaccb229452d306e43258c34ecefa85

Validity Not Before
2024-08-05T11:21:54Z

Validity Not After
2025-02-01T11:21:54Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
a008108868acf282d892d91801de8a59

HTTP Header MD5
b3c4e6aa0ec6d1c444e3fcf7dc85c166

HTTP Body MD5
3618860d6cbf1a202a4ca0a64ab04eaf

HTTP/1.1 400 Bad Request
Content-Type: text/html
Cache-Control: no-cache, no-store
Connection: close
Content-Length: 704
X-Iinfo: 14-119469099-0 0NNN RT(1730949634762 1967) q(-1 -1 -1 -1) r(0 -1) b1

<html style="height:100%"><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"></head><body style="margin:0px;height:100%"><iframe id="main-iframe" src="/_Incapsula_Resource?CWUDNSAI=24&xinfo=14-119469099-0%200NNN%20RT%281730949634762%201967%29%20q%28-1%20-1%20-1%20-1%29%20r%280%20-1%29%20b1&incident_id=0-488059098317128334&edet=3&cinfo=ffffffff&pe=544&rpinfo=0&mth=NA" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 0-488059098317128334</iframe></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:38.000Z",
   "alternativeip" : [
      "45.60.109.225",
      "45.60.73.225"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "3618860d6cbf1a202a4ca0a64ab04eaf",
         "bodymmh3" : -1146317254,
         "headermd5" : "b3c4e6aa0ec6d1c444e3fcf7dc85c166",
         "headermmh3" : -1188065780
      },
      "length" : 911
   },
   "asn" : "AS19551",
   "basicconstraints" : "critical",
   "ca" : "false",
   "country" : "US",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nCache-Control: no-cache, no-store\r\nConnection: close\r\nContent-Length: 704\r\nX-Iinfo: 14-119469099-0 0NNN RT(1730949634762 1967) q(-1 -1 -1 -1) r(0 -1) b1\r\n\r\n<html style=\"height:100%\"><head><META NAME=\"ROBOTS\" CONTENT=\"NOINDEX, NOFOLLOW\"><meta name=\"format-detection\" content=\"telephone=no\"><meta name=\"viewport\" content=\"initial-scale=1.0\"><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"></head><body style=\"margin:0px;height:100%\"><iframe id=\"main-iframe\" src=\"/_Incapsula_Resource?CWUDNSAI=24&xinfo=14-119469099-0%200NNN%20RT%281730949634762%201967%29%20q%28-1%20-1%20-1%20-1%29%20r%280%20-1%29%20b1&incident_id=0-488059098317128334&edet=3&cinfo=ffffffff&pe=544&rpinfo=0&mth=NA\" frameborder=0 width=\"100%\" height=\"100%\" marginheight=\"0px\" marginwidth=\"0px\">Request unsuccessful. Incapsula incident ID: 0-488059098317128334</iframe></body></html>",
   "datamd5" : "a008108868acf282d892d91801de8a59",
   "datammh3" : -434643210,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "imperva.com"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "d0e8cb11058f96eaf3bedb250170f712",
      "sha1" : "06f6e8a48ba28814937f7eeb4ebfcc39f43bb2b0",
      "sha256" : "a8e1c40ea38d053353924fc94857a8603eaccb229452d306e43258c34ecefa85"
   },
   "geolocus" : {
      "asn" : "AS19551",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "imperva.com",
         "incapsula.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "INCAPSULA-NET",
      "organization" : "Incapsula Inc",
      "subnet" : "45.223.118.128/26"
   },
   "hostname" : [
      "imperva.com"
   ],
   "ip" : "45.223.118.153",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign Atlas R3 DV TLS CA 2024 Q3",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "37.7510",
   "location" : "37.7510,-97.8220",
   "longitude" : "-97.8220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "INCAPSULA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 10001,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "serial" : "01:51:1f:9a:b4:d4:da:60:95:c9:f6:02:b2:52:b5:2d",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subject" : {
      "altname" : [
         "imperva.com"
      ],
      "commonname" : "imperva.com"
   },
   "subnet" : "45.223.96.0/19",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-02-01T11:21:54Z",
      "notbefore" : "2024-08-05T11:21:54Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
13.92.98.120

Network
13.64.0.0/11

Domain(s)
cloudapp.net

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

HTTP Title
Bad Request

ASN
AS8075

Organization
MICROSOFT-CORP-MSN-AS-BLOCK

Protocol
http Cert not expired http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe
Issuer Common Name
Microsoft Azure RSA TLS Issuing CA 03

Issuer Organization
Microsoft Corporation

Subject Organization
Microsoft Corporation

Subject Common Name
wavnet.prod.cloudapp.net

Subject Alt Name
wavnet.prod.cloudapp.net

SHA256 Fingerprint
a8b5cf10391ae2dc6fcd34c5f47a2b8fdedde45e2b827ec8f450c4b207d2198c

Validity Not Before
2024-08-22T06:44:27Z

Validity Not After
2025-08-17T06:44:27Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
ab7ec59c257a6ef4d994483c583b818c

HTTP Header MD5
5f8987fc4ee9770a3292cd04557b2dbf

HTTP Body MD5
779df2c90c98bc5e3cb4127ecf04909e

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 07 Nov 2024 03:20:33 GMT
Connection: close
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:35.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "779df2c90c98bc5e3cb4127ecf04909e",
         "bodymmh3" : -640633908,
         "headermd5" : "5f8987fc4ee9770a3292cd04557b2dbf",
         "headermmh3" : -1083002291,
         "title" : "Bad Request"
      },
      "length" : 505
   },
   "asn" : "AS8075",
   "basicconstraints" : "critical",
   "ca" : "false",
   "city" : "Washington",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 07 Nov 2024 03:20:33 GMT\r\nConnection: close\r\nContent-Length: 326\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Bad Request</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Bad Request - Invalid Verb</h2>\r\n<hr><p>HTTP Error 400. The request verb is invalid.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "ab7ec59c257a6ef4d994483c583b818c",
   "datammh3" : 1596030123,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "cloudapp.net"
   ],
   "extkeyusage" : [
      "clientAuth",
      "serverAuth"
   ],
   "fingerprint" : {
      "md5" : "983fab0a8946e736e9a047abcdd6259d",
      "sha1" : "d6f20fe14ad63c681ba6ce74eba3cf174f0c781c",
      "sha256" : "a8b5cf10391ae2dc6fcd34c5f47a2b8fdedde45e2b827ec8f450c4b207d2198c"
   },
   "geolocus" : {
      "asn" : "AS8075",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "microsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "MSFT",
      "organization" : "Microsoft Corporation",
      "subnet" : "13.92.0.0/16"
   },
   "host" : [
      "wavnet"
   ],
   "hostname" : [
      "wavnet.prod.cloudapp.net"
   ],
   "ip" : "13.92.98.120",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Microsoft Azure RSA TLS Issuing CA 03",
      "country" : "US",
      "organization" : "Microsoft Corporation"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "38.7095",
   "location" : "38.7095,-78.1539",
   "longitude" : "-78.1539",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MICROSOFT-CORP-MSN-AS-BLOCK",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 10001,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "serial" : "33:00:9a:5a:5c:8c:df:b3:04:1f:e4:b3:f2:00:00:00:9a:5a:5c",
   "signature" : {
      "algorithm" : "sha384WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subdomains" : [
      "prod.cloudapp.net"
   ],
   "subject" : {
      "altname" : [
         "wavnet.prod.cloudapp.net"
      ],
      "city" : "Redmond",
      "commonname" : "wavnet.prod.cloudapp.net",
      "country" : "US",
      "organization" : "Microsoft Corporation"
   },
   "subnet" : "13.64.0.0/11",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2025-08-17T06:44:27Z",
      "notbefore" : "2024-08-22T06:44:27Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP
213.176.49.202

Network
213.176.32.0/19

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

HTTP Title
400 Bad Request

ASN
AS142578

Organization
E-Large HongKong

Protocol
http Cert not expired http

Source
datascan
Operating System
Linux Linux Kernel
Issuer Common Name
Waf defaut certificate(Attack Behavior reported to the police)

Issuer Organization
Waf

Subject Organization
Waf

Subject Common Name
Waf defaut certificate(Attack Behavior reported to the police)

SHA256 Fingerprint
185cefdaa1341ded7efcdf724d2e9581fe1d7b4ad3eb1ad6dd3a47c31013de27

Validity Not Before
2020-08-26T09:48:09Z

Validity Not After
2030-08-24T09:48:09Z

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
f6434d75c18561f6689ba0cc7f7de967

HTTP Header MD5
7de09592d0cc3062011d73fa292680b0

HTTP Body MD5
5ef00e5d557dc45a4cf3efc331e1bdc4

HTTP/1.1 400 Bad Request
Server: WAF
Date: Thu, 07 Nov 2024 03:20:34 GMT
Content-Type: text/html
Content-Length: 164
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>WAF</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:35.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "5ef00e5d557dc45a4cf3efc331e1bdc4",
         "bodymmh3" : -1126698889,
         "headermd5" : "7de09592d0cc3062011d73fa292680b0",
         "headermmh3" : -1431291395,
         "title" : "400 Bad Request"
      },
      "length" : 307
   },
   "asn" : "AS142578",
   "country" : "US",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: WAF\r\nDate: Thu, 07 Nov 2024 03:20:34 GMT\r\nContent-Type: text/html\r\nContent-Length: 164\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 Bad Request</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 Bad Request</h1></center>\r\n<hr><center>WAF</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "f6434d75c18561f6689ba0cc7f7de967",
   "datammh3" : -1855578114,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "fingerprint" : {
      "md5" : "a01ba69ec230a73409884c2b344b5917",
      "sha1" : "c3820866b442e20cc8e4893132a4b0a9d20022f8",
      "sha256" : "185cefdaa1341ded7efcdf724d2e9581fe1d7b4ad3eb1ad6dd3a47c31013de27"
   },
   "geolocus" : {
      "asn" : "AS35372",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "IR",
      "countryname" : "Iran",
      "domain" : [
         "irost.org"
      ],
      "isineu" : "false",
      "latitude" : "32.427908",
      "location" : "32.427908,53.688046",
      "longitude" : "53.688046",
      "netname" : "IR-IROST-19991208",
      "organization" : "Iranian Research Organization for Science & Technology",
      "subnet" : "213.176.0.0/17"
   },
   "ip" : "213.176.49.202",
   "ipv6" : "false",
   "issuer" : {
      "city" : "Shanghai",
      "commonname" : "Waf defaut certificate(Attack Behavior reported to the police)",
      "country" : "CN",
      "organization" : "Waf",
      "organizationalunit" : "WAF"
   },
   "latitude" : "34.0544",
   "location" : "34.0544,-118.2440",
   "longitude" : "-118.2440",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "E-Large HongKong",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 10001,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "serial" : "d4:7c:19:ad:8a:0c:45:e7",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 400,
   "subject" : {
      "city" : "Shanghai",
      "commonname" : "Waf defaut certificate(Attack Behavior reported to the police)",
      "country" : "CN",
      "organization" : "Waf",
      "organizationalunit" : "WAF"
   },
   "subnet" : "213.176.32.0/19",
   "tag" : "<enterprise field>: tag",
   "tls" : "true",
   "transport" : "tcp",
   "validity" : {
      "notafter" : "2030-08-24T09:48:09Z",
      "notbefore" : "2020-08-26T09:48:09Z"
   },
   "version" : "v1",
   "wildcard" : "false"
}

Returning 10 result(s) out of 908,840 in 0.081 second(s)

51.141.113.26:10001 (tcp/http/tls) - last seen on 2024-11-07 at 03:21:12 UTC

45.223.1.140:10001 (tcp/http/tls) - last seen on 2024-11-07 at 03:21:10 UTC

40.122.78.46:10001 (tcp/undefined/tls) - last seen on 2024-11-07 at 03:20:59 UTC

4.152.216.247:10001 (tcp/http/tls) - last seen on 2024-11-07 at 03:20:40 UTC

20.123.11.140:10001 (tcp/http/tls) - last seen on 2024-11-07 at 03:20:40 UTC

65.181.140.179:10001 (tcp/http/tls) - last seen on 2024-11-07 at 03:20:40 UTC

192.230.67.13:10001 (tcp/http/tls) - last seen on 2024-11-07 at 03:20:40 UTC

45.223.118.153:10001 (tcp/http/tls) - last seen on 2024-11-07 at 03:20:38 UTC

13.92.98.120:10001 (tcp/http/tls) - last seen on 2024-11-07 at 03:20:35 UTC

213.176.49.202:10001 (tcp/http/tls) - last seen on 2024-11-07 at 03:20:35 UTC