IP

131.221.8.124

Network

131.221.8.0/22

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://131.221.8.124:4000/ 401

ASN

AS7727

Organization

Hondutel

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Data MD5

16234ea1da40e03f1317c21396981c69

HTTP Header MD5

8f4a29b9be97398ee40f9827947fcbaf

HTTP Body MD5

9c13653d29a59fbb245670a68c158d4c

HTTP/1.1 401 Unauthorized
Date: Thu, 07 Nov 2024 04:51:57 UTC
Content-Type: text/plain;charset=UTF-8
Connection: keep-alive
TeamCity-Node-Id: MAIN_SERVER
WWW-Authenticate: Basic realm="TeamCity"
WWW-Authenticate: Bearer realm="TeamCity"
Cache-Control: no-store

Authentication required
To login manually go to "/login.html" page

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T04:51:57.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "9c13653d29a59fbb245670a68c158d4c",
         "bodymmh3" : 866407170,
         "headermd5" : "8f4a29b9be97398ee40f9827947fcbaf",
         "headermmh3" : -187127801,
         "realm" : "TeamCity"
      },
      "length" : 337
   },
   "asn" : "AS7727",
   "city" : "Chiqueros",
   "country" : "HN",
   "data" : "HTTP/1.1 401 Unauthorized\r\nDate: Thu, 07 Nov 2024 04:51:57 UTC\r\nContent-Type: text/plain;charset=UTF-8\r\nConnection: keep-alive\r\nTeamCity-Node-Id: MAIN_SERVER\r\nWWW-Authenticate: Basic realm=\"TeamCity\"\r\nWWW-Authenticate: Bearer realm=\"TeamCity\"\r\nCache-Control: no-store\r\n\r\nAuthentication required\nTo login manually go to \"/login.html\" page",
   "datamd5" : "16234ea1da40e03f1317c21396981c69",
   "datammh3" : 1096304710,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS263690",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "HN",
      "countryname" : "Honduras",
      "domain" : [
         "unah.edu.hn"
      ],
      "isineu" : "false",
      "latitude" : "15.199999",
      "location" : "15.199999,-86.241905",
      "longitude" : "-86.241905",
      "netname" : "HN-UNAH1-LACNIC",
      "organization" : "HN-UNAH1-LACNIC",
      "subnet" : "131.221.8.0/24"
   },
   "ip" : "131.221.8.124",
   "ipv6" : "false",
   "latitude" : "15.1667",
   "location" : "15.1667,-88.5333",
   "longitude" : "-88.5333",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Hondutel",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "131.221.8.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

200.112.174.238

Network

200.112.174.0/23

Domain(s)

238.in-addr.arpa

Device

<enterprise field>: device.class

Operating System

Linux Linux CentOS

URL

http://200.112.174.238:4000/ 401

HTTP Title

401 Unauthorized

Reverse DNS

200.112.174.238.in-addr.arpa

ASN

AS22080

Organization

Broadbandtech S. A.

Protocol

http

Source

datascan

Operating System

Linux Linux CentOS

Product

Apache HTTP Server 2.4.6

HTTP Component(s)

PHP PHP 7.2.34

CPE(s)

<enterprise field>: cpe

Data MD5

6b376b45b73a02a0f707c7a860a33694

HTTP Header MD5

7c63426c7960c11595fd365adc2155cf

HTTP Body MD5

118a489422be0c5ca0cecf3bb7903c7e

HTTP/1.1 401 Unauthorized
Date: Thu, 07 Nov 2024 04:50:01 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.34
WWW-Authenticate: Basic realm="Nagios Access"
Content-Length: 381
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T04:50:02.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "118a489422be0c5ca0cecf3bb7903c7e",
         "bodymmh3" : -392200610,
         "component" : [
            {
               "productvendor" : "PHP",
               "productversion" : "7.2.34",
               "product" : "PHP"
            }
         ],
         "headermd5" : "7c63426c7960c11595fd365adc2155cf",
         "headermmh3" : -1893584323,
         "realm" : "Nagios Access",
         "title" : "401 Unauthorized"
      },
      "length" : 621
   },
   "asn" : "AS22080",
   "city" : "Los Cardales",
   "country" : "AR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 Unauthorized\r\nDate: Thu, 07 Nov 2024 04:50:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/7.2.34\r\nWWW-Authenticate: Basic realm=\"Nagios Access\"\r\nContent-Length: 381\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>401 Unauthorized</title>\n</head><body>\n<h1>Unauthorized</h1>\n<p>This server could not verify that you\nare authorized to access the document\nrequested.  Either you supplied the wrong\ncredentials (e.g., bad password), or your\nbrowser doesn't understand how to supply\nthe credentials required.</p>\n</body></html>\n",
   "datamd5" : "6b376b45b73a02a0f707c7a860a33694",
   "datammh3" : -1116676940,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "238.in-addr.arpa"
   ],
   "geolocus" : {
      "asn" : "AS22080",
      "continent" : "SA",
      "continentname" : "South America",
      "country" : "AR",
      "countryname" : "Argentina",
      "domain" : [
         "1.in-addr.arpa",
         "bbt.com.ar"
      ],
      "isineu" : "false",
      "latitude" : "-38.416097",
      "location" : "-38.416097,-63.616672",
      "longitude" : "-63.616672",
      "netname" : "AR-BSAB-LACNIC",
      "organization" : "Broadbandtech S. A.",
      "subnet" : "200.112.174.0/23"
   },
   "host" : [
      200
   ],
   "hostname" : [
      "200.112.174.238.in-addr.arpa"
   ],
   "ip" : "200.112.174.238",
   "ipv6" : "false",
   "latitude" : "-34.3396",
   "location" : "-34.3396,-59.0112",
   "longitude" : "-59.0112",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Broadbandtech S. A.",
   "os" : "Linux",
   "osdistribution" : "CentOS",
   "osvendor" : "Linux",
   "port" : 4000,
   "product" : "HTTP Server",
   "productvendor" : "Apache",
   "productversion" : "2.4.6",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "reverse" : [
      "200.112.174.238.in-addr.arpa"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subdomains" : [
      "112.174.238.in-addr.arpa",
      "174.238.in-addr.arpa"
   ],
   "subnet" : "200.112.174.0/23",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "in-addr.arpa"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

115.29.148.215

Network

115.28.0.0/15

Domain(s)

tehaofa.com

Device

<enterprise field>: device.class <enterprise field>: device.productvendor <enterprise field>: device.product

Operating System

Cisco IOS sUse

URL

http://115.29.148.215:4000/ 401

HTTP Title

Wireless-AC Web Server

HTTP Keyword(s)

voip vos3000

HTTP Copyright

www.linknat.com, 昆石网络

Reverse DNS

smtpbg46.tehaofa.com

ASN

AS37963

Organization

Hangzhou Alibaba Advertising Co.,Ltd.

Protocol

http

Source

datascan

Operating System

Cisco IOS sUse

Product

Cisco WebVPN

HTTP Component(s)

Gitlab Gitlab Drupal Drupal 8 Jenkins Jenkins 2.121.3 SPIP SPIP 4.1.11 Roundcube Webmail Metabase Metabase Atlassian Confluence Cacti Cacti

CPE(s)

<enterprise field>: cpe

Data MD5

289f1405bf66255dc8917ebd31c45306

HTTP Header MD5

45924a693a3de5ff95d665fff67551fd

HTTP Body MD5

4e974e0a994be1f104189ac405723307

HTTP/1.1 401 Unauthorized
Composed-By: SPIP 4.1.11 @ www.spip.net
Content-Length: 105463
Content-Type: text/html;charset=utf-8
Last-Modified: Fri, 29 Jul 2022 16:53:01 GMT
Loginip: <srcip>
P3p: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Pragma: private
Server: mORMot (Windows) Microsoft-HTTPAPI/2.0
Set-Cookie: SDPSESSIONID=AE7F18F5CE887FC885E5A1AE449D9AC1; Path=/; Secure; HttpOnly; SameSite=None;
Set-Cookie: webvpn=A9790AFEACDEFA01FAAEAFEWFF390AE; path=/; secure;
Set-Cookie: DSSignInURL=/; path=/; secure;
Set-Cookie: SOLONID=n91i168jps8rd856bcrln2isqe; path=/
Set-Cookie: csrf=8t9ADqIogbjKRK6; Path=/; HttpOnly;
Set-Cookie: session=eyJsb2NhbGUiOiJlbiJ9.ZZ4C4A.Yts__-iv6tJYDJFDwkciSG_z7M4; HttpOnly; Path=/;
Set-Cookie: Cacti=o6vomb0hujscvd9qh7icd0b6m6; path=/
Set-Cookie: metabase.DEVICE=657aec21-0f2d-4aa8-9973-172d408c3ebf;HttpOnly;Path=/;Expires=Mon, 25 Apr 2044 03:55:44 +0200;SameSite=None;Secure
Set-Cookie: CLIENT_ID=7214
Set-Cookie: sesskey=21263a2bf; path=/;
Set-Cookie: XXL_JOB_LOGIN_IDENTITY=7b226964223a312c227; Max-Age=2147483647; Expires=Fri, 14-Mar-2092 22:32:26 GMT; Path=/; HttpOnly;
Set-Cookie: UICSESSION=qqhhk66ogtvugchmqfov0j4l96; path=/;
Set-Cookie: rememberMe=deleteMe; path=/;
Set-Cookie: DSIVS=; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure;
Set-Cookie: acSamlv2Error=; path=/; secure;
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095
Set-Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c; path=/
Set-Cookie: zbx_session=eyJzZXNzaW9uaWQiOiI1MDU2ZTlkYTFmZjkxZDAyMGEwMGEwMzhjNTliY2I2OCIsInNpZ24iOiJiMDVjNDJjNzQ4Y2IzZGRkNjExMWE4NDVhMDJhOWMxMWE5ODVjYTZmNDRhY2QxY2I3MjA5ZjIxZmExMDg3YjQ5In0%3D; secure; HttpOnly
Www-Authenticate: Basic realm="MSNswitch"
X-Cache: MISS from Hello
X-Cache-Group: normal
X-Cache-Lookup: MISS from Hello:8080
X-Cache-Miss-From: parking-74c5b8d946-dhmw5
X-Check: 3112dc4d54f8e22d666785b733b0052100c53444
X-Content-Powered-By: K2 v2.8.0 (by JoomlaWor
X-Content-Type-Options: nosniff
X-Drupal-Cache: xHIT
X-Drupal-Dynamic-Cache: MISS
X-Frame-Options: SAMEORIGIN
X-Generator: Drupal 8 (https://www.drupal.org)
X-Jenkins: 2.121.3
X-Jenkins-Session: f72d6619
X-Language: english
X-Powered-By: BoidCMS
X-Powered-Cms: Bitrix Site Manager (31ebf3fe2d1251fbd7f82a700bcc1f66)
X-Runtime: 0.00985
X-T-Location: /iam
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Turbo-Charged-By: LiteSpeed
X-Xss-Protection: 1; mode=block
Date: Thu, 07 Nov 2024 04:49:40 GMT
Connection: close

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="Pragma" content="no-cache" />
<meta charset="utf-8">
<meta content="IE=edge" http-equiv="X-UA-Compatible">
<meta content="object" property="og:type">
<meta content="GitLab" property="og:site_name">
<meta content="Help" property="og:title">
<meta content="GitLab Community Edition" property="og:description">
<meta content="summary" property="twitter:card">
<meta content="Help" property="twitter:title">
<meta content="GitLab Community Edition" property="twitter:description">
<meta content="GitLab Community Edition" name="description">
<meta content="#474D57" name="theme-color">
<meta content="#30353E" name="msapplication-TileColor">
<meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="8dcb74a64dc984fb9abe3e7c201f810d9ec90ed8e4cd78c639bf9be7f9dc240d2b==" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-equiv="expires" content="-1"/>
<meta name="keywords" content="VOS3000, VoIP, VoIP运营支撑系统, 软交换"/>
<meta name="author" content="www.linknat.com, 昆石网络"/>
<meta name="copyright" content="www.linknat.com, 昆石网络"/>
<meta name="generator" content="SPIP 4.1.11" />
<script src="/jquery.min.js"></script> 
<title>Wireless-AC Web Server</title>
</head>
<body>
<div style="display: none;">
<script>SC.util.mergeIntoContext({"focusedControlID":null,"userName":"","userDisplayName":"","isUserAuthenticated":false,"antiForgeryToken":"THtoAUxH4sS9","isUserAdministrator":false,"canManageSharedToolbox":false,"pageBaseFileName":"Guest","notifyActivityFrequencyMilliseconds":600000,"loginAfterInactivityMilliseconds":36000000,"canChangePassword":false,"controlPanelUrl":null,"pageType":"GuestPage","processType":2,"userAgentOverride":null,"sessionTypeInfos":[]});</script>
<SessionInfo><SID>a29d421feecf680a</SID><Challenge>680a</Challenge><BlockTime>0</BlockTime><Rights></Rights><Users><User last="1">fritzr</User></Users></SessionInfo>
<Account>
<Entry0 Active="Yes" username="CMCCAdmin" web_passwd="CmcC4dm1n5591" display_mask="FF FF D7 DD FF 1D FF FF FF" Logged="1" LoginIp="192.168.1.10"/>
<Entry1 Active="Yes" username="useradmin" web_passwd="Gu4ngx1pd5591" display_mask="FF FF D7 DD FF 1D FF FF FF" Logged="1" LoginIp="192.168.1.10"/>
<Entry2 Active="Yes" username="CUAdmin"   web_passwd="CUAdmin5591" display_mask="FF FF D7 DD FF 1D FF FF FF" Logged="1" LoginIp="192.168.1.10"/>
<TelnetEntry Active="Yes" telnet_username="Admin" telnet_passwd="cxx4dm1n5591" telnet_port="23"/>
<FtpEntry Active="Yes" ftp_right="1" ftp_auth="1" ftp_username="Admin" ftp_passwd="cxx4dm1n5591" ftp_port="21" />
<SambaEntry Active="Yes" smb_right="1" smb_auth="1" smb_username="Admin" smb_passwd="cxx4dm1n5591" />
<ConsoleEntry Active="Yes" console_username="Admin" console_passwd="cxx4dm1n5591"/>
<CTDefParaEntry setDefValueFlag="1" />
</Account>
<div>8.5.5 (Build:20200530.307-TEMP)</div>
<span class="greyNote version"><span class="vWord">Version</span> 2023.11.3 (build 147512)</span>
<h1>Logged in as <strong>admin</strong></h1><input type="hidden" name="csrfmiddlewaretoken" value="e9tIOET3iTncMVL4E0ESylCCQupBWlfL9NobFzaQDir2ktC0Wgy5pafsCrkonl5y"><textarea id="3revi" name="revi" rows="4" cols="50">server1 Ubuntu 22.04 LTS</textarea>
<ca status="disabled" href="/+CSCOCA+/login.html" />
<form action="/login/vpnSdef" enctype="multipart/form-data" method="post" name="login">
    <div data-user="root" data-module="package-updates"></div>
    <code>The zip file did not contain an entry exportDescriptor.properties</code>
    <span class="form-hidden"><input name="page" value="login" type="hidden"/><input name="formulaire_action" type="hidden" value="login" /><input name="formulaire_action_args" type="hidden" value="dzdNV0MzUGFDV0NHemR6bWorekNEWHY=" /><input name="formulaire_action_sign" type="hidden" value="" /></span>
    <message>Please enter your username and password.</message>
    <input name="formid" type="hidden" value="012afed" />
    <input name="javax.faces.ViewState" type="hidden" value="012afed" />
    <input name="queryString" type="hidden" value="1406192" />
    <div class="versionInfo">The Cacti Group Version 1.2.25</div>
    <strong>IPFire 2.19 (2017v) - Core Update 110 introduces significant changes</strong>
    <input type="hidden" name="token" value="0feacf5a1cafc9fcea1ce1255e65fd9a7c11ae3f9235eb6038a2c9fe702ec7ec">
    <input type='hidden' name='__csrf_magic' value="key:12eef1d88692f7673fb80ab6ba8d051fdce64ccb,1710777654" />
    <input type="hidden" name="tokenid"  value="1804289383" >
    <input type="hidden" name="name"  value="1804289383" >
    <input type="hidden" name="csrfKey" value="621aec6b886ff81169bed7de5d47b5ed">
    <input type="hidden" name="csrf_token" value="621aec6b886ff81169bed7de5d47b5ed">
	<input type="hidden" name="ref" value="aHR0cHM6Ly9pcHMuY2x1Yi8=">
	<input type="hidden" name="username_fieldname" value="aHR0cHM6Ly9pcHMuY2x1Yi8=">
	<input type="hidden" name="password_fieldname" value="aHR0cHM6Ly9pcHMuY2x1Yi8=">
	<input type="hidden" id="csrf" name="csrf" value="aHR0cHM6Ly9pcHMuY2x1Yi8=">
	<input type="hidden" id="csrf" name="xd_check" value="aHR0cHM6Ly9pcHMuY2x1Yi8=">
	<input type="hidden" id="give-form-id" name="give-form-id" value="621aec6b886ff81169bed7de5d47b5ed">
	<input type="hidden" id="give-form-hash" name="give-form-hash" value="621aec6b886ff81169bed7de5d47b5ed">
    <input type="text" name="username" label="Username:" value="admin" />
    <input type="password" name="password" label="Password:" value="123456" />
    <input type="hidden" name="tgroup" value="DefaultADMINGroup" />
    <input type="submit" name="Login" value="Login" />
    <input type="reset" name="Clear" value="Clear" />
</form>
<input type="hidden" value="Maintain/cloud_index.php" id="cloud_addr">
<li class="lisel" onclick="location.href='index.php'">日志系统</li>
<li class="linormal" onclick="location.href='Maintain/cloud_index.php'" style="margin-left:1px;">云平台</li>
<button type="button" data-price-id=True>sb</button>
<div class="prod_madelName">RT-AC5300</div>
<div class="p1 title_gap">Sign in with your ASUS router account</div>
<tr class="h"><th>PHP Group</th></tr>
<tr><td class="e">upload_tmp_dir</td><td class="v">/etc/httpd/_tmp</td><td class="v">/etc/httpd/_tmp</td></tr>
<tr><td class="e">$_SERVER['DOCUMENT_ROOT']</td><td class="v">/mnt/HDD2/web/</td></tr>
<var name='uuid'><string>7db3eea5-9996-4032-a9cc-3afd06bd11fe</string></var>
<span >Powered by <a href='#'>Gibbon</a> v23.0.01</span>
<div class="text" id="jive-loginVersion"> Openfire, Version: 3.6.0a</div>
<a href='#' title='Community Forum Software by Invision Power Services'>IP.Board</a>
<div id="mcname">LoadMaster</div>
<p><br/><span>出厂IP：192.168.1.1</span><br/><span>用户名、密码：admin admin</span></p>
<td colspan="2">Please enter your Cacti user name and password below:</td>
<meta id="confluence-context-path" name="confluence-context-path" content="">
<meta id="confluence-base-url" name="confluence-base-url" content="https://192.168.1.4">
<meta id="atlassian-token" name="atlassian-token" content="d78e2b977d28428e411e31b958c9c502c2425083">
<script id="frontend-js-extra">var hashform_vars = {"ajaxurl":"\/wp-admin\/admin-ajax.php","ajax_nounce":"d78e2b97","preview_img":""};</script>
<div class='content-messages errorMessage'><p>java.lang.Exception: y9pcHMuY</p></div>
<B>SonicWall Universal Management Suite v9.3</B>
<br>OK<br>
<script type="text/javascript">var csrfMagicToken = "sid:ed04c4a1c86fe99a92cbe3441e2b1e2989d5deec,1725277646";var csrfMagicName = "__vtrftk";</script>
<select id="cars" name="name">
<option value="olvo">olvo</option>
</select>
<a href="/VICIdial/phone">MODIFY</a>
<input type="hidden" name="extension"  value="1804289383" >
<input type="hidden" name="pass"  value="1804289383" >
<input type="hidden" name="recording_exten"  value="1804289383" >
<script var session_name = '621aec6b886ff81'; var session_id = '1804289383';</script>
<input type='hidden' name='LDCSA_CSRF' value="sid:7830302ba478216ecf2cf24b53afe6f385998104,1726156985" />
<script type='text/javascript'>
	var cactiVersion='1.2.27';
	var cactiServerOS='unix';
	var cactiAction='';
	var theme='modern';
	var refreshIsLogout=true;
	var refreshPage='/logout.php?action=timeout';
	var refreshMSeconds=1440000;
	var urlPath='/';
	var previousPage='';
	var sessionMessage=[];
	var csrfMagicToken='sid:4024e82870233374a2255351fb45057c8f7f9aa6,1728459021;ip:bee133099404bd4ddc2dd5f43c6b86dc3618b300,1728459021';
</script>

<!--
<Username Level="40/40" Dispatch="account">admin</Username><User1><Password Level="40/40" Dispatch="account">admin</Password></User1>
/var/pinglog
<TITLE>Login</TITLE>
<a href="jpg.html">LIVE JPEG</a><br>
<a href="liveie.html">Internet Monitor (Microsoft Internet Explorer 8, 9, 10, 11) </a><br>
<a href="DVRRemoteAP.exe">Download 32 bits DVR Client (Windows 7, Windows 8, Windows 10)</a><br>
<a href="DVRRemoteAP_X64.exe">Download 64 bits DVR Client (Windows 7, Windows 8, Windows 10)</a><br>
<a href="DVFPlayer.zip">Download 32/64 bits File Player (Windows 7, Windows 8, Windows 10)</a><br>
<\?xml version="1.0" encoding="utf-8"?><base64Binary xmlns="http://micros-hosting.com/EGateway/">
Location: /admin
<meta name="generator" content="vBulletin 5.5.4" />
Location: http://<ip>:80/relogin.htm?_t=3541144909
Location: http://<ip>:80/syscmd.htm" Location: /ui/login
/cgi-bin/webctrl.cgi?action=index_page
PDR-M800
function btnPing()
<HTML><HEAD><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>.The document has moved<A HREF="http://<ip>:80/relogin.htm?_t=179439949">here</A></BODY></HTML>
<link type="image/x-icon" rel="shortcut icon" href="/themes/img/icon/cisco_shortcut.png">
<link type="image/x-icon" rel="shortcut icon" href="/themes/img/icon/cisco_logo.png">
<td class="Copyright" colspan="2" style="text-align:justify" height="20" valign="bottom">© 2017 Cisco Systems, Inc. All Rights Reserved.
<br>Cisco, Cisco Systems, and the Cisco Systems logo are registered
trademarks or trademarks of Cisco Systems, Inc. and/or it's affiliates
in the United States and certain other countries.
</td>
:
#
>
$
SSH key is good
is not a valid ref and may not be archived
pcPassword2
'&sessionKey=790148060;'
name="sessionKey" value="790148060"
Set-Cookie: loginName=admin
var fgt_lang = /dev/cmdb/sslvpn_websession
php 8.1.0-dev exit
springframework
Tomcat
DEVICE.ACCOUNT=admin
AUTHORIZED_GROUP=1
<uid></uid>
<name>Admin</name>
<usrid></usrid>
<password>admin</password>
<group></group>
cpto /tmp/"root"
Model=AC1450
Firmware=V1.0.0.36_10.0.17
"exceptionMessageValue":"javax.servlet.ServletException: No valid forensics analysis solrDocIds parameter found."
BIG-IP release 15.0.0
user:root
12345admin123'
Failed to process image

Location: http://192.168.0.1:52869/picsdesc.xml
You don't have permission to access /vpns/ on this server.
[global]
    workgroup = intranet
    encrypt passwords = Yes
    update encrypted = Yes

funcionando
system_sofia
name resolve order
InfoOS:Linux node01 uid=0(root) gid=0(root) groups=0(root)OSInfo
<b>File Uploaded !!!</b><br>
ant=951d11e51392117311602d0c25435d7f
38ee63071a04dc5e04ed22624c38e648
6f3249aa304055d63828af3bfab778f6
<h1> c80fc6428eb4fe4a3b77898ebf9f3945 </h1>
[local]
 tid = OGRjYjc0YTY0ZGM5ODRmYjlhYmUzZTdjMjAxZjgxMGQ5ZWM5MGVkOGU0Y2Q3OGM2MzliZjliZTdmOWRjMjQwZDJiPT0=
 addr = <ip>
"Powered by vBulletin Version 5.5.4"
789551
Linear eMerge
SuperSign
ubiq
Yacht
Zeroshell
FastWeb
AuthInfo:
loadingIndicator_bk
Zyxel
skyrouter
WAP54
org.apache.spark.ui



ID: "00af", version: "7.7.31.1", AddItem: function (a, item, c) {}
<insert implant configuration content here>
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' ws://<ip> ws://<ip>:443 wss://<ip> wss://<ip>:8443 http://<ip>/api
Copyright (c) 2015-2020 by Cisco Systems, Inc.
All rights reserved.
SSL VPN Service
wsConvertPptResponse
<input id="txtUserName" class="txt-input" type="text" name="userName" value="" />
<input id="txtPassword" class="txt-input" type="password" name="password" value="" />
<button id="btnLogin" lc="html" lk="IDCS_LOGIN_NBSP">
<span lc="html" lk="IDCS_BS_PLUGIN_DOWNLOAD" style="line-height: 30px; vertical-align: top;"></span>
<script src="../Scripts/login.htm.js?v={JS_CSS_V}" type="text/javascript"></script>
<LegacyDN>eD2bxe4</LegacyDN>
<title class="_ctxstxt_NetscalerGateway">
SAML Assertion verification failed; Please contact your administrator
v=2b46554c087d2d5516559e9b8bc1875d
/vpn/images/AccessGateway.ico
frame-busting
/vpn/js/logout_view.js?v=
_ctxstxt_NetscalerAAA
lib.min20200813.js
401 Unauthorized Basic realm=
sName='1';onTest(this);
var passadm = "admin";
OPMODE_BRIDGE
document.all.cmd_result
<input id="key" type="text" style="width: 200px" value="02108CB9-2200D5A4">
<input id="date" type="text" style="width: 200px" value="12/25/2023">
main page cgi-bin/login.cgi
var sessionKey='030ff030ff88';
loc += '&sessionKey=19dec20030ff8dcb2';
}

var code = 'location="' + loc + '"';

Password change successful
J2100N GPON ONT
/cgi-bin/webui/admin
sesskey
name=admin pass=123 priv=ppp
service=www.dlinkddns.com
sysCmdType
Content-Type: auth/request


Content-Type: command/reply

Reply-Text: +OK accepted


X-Content-Powered-By: K2 v2.8.0 (by JoomlaWorks)
007b2000-007c1000 rw-p 00000000 00:00 0
Size:                 60 kB
Rss:                  52 kB
Pss:                  52 kB
Shared_

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T04:49:41.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "micros-hosting.com",
            "drupal.org"
         ],
         "file" : [
            "cloud_index.php",
            "dvrremoteap_x64.exe",
            "dvfplayer.zip",
            "index.php",
            "dvrremoteap.exe",
            "p3p.xml",
            "admin-ajax.php"
         ],
         "hostname" : [
            "micros-hosting.com",
            "www.drupal.org"
         ],
         "ip" : [
            "192.168.0.1",
            "1.0.0.36",
            "7.7.31.1",
            "192.168.1.10",
            "192.168.1.4",
            "192.168.1.1"
         ],
         "url" : [
            "http://192.168.0.1:52869/picsdesc.xml",
            "http://micros-hosting.com/EGateway/",
            "https://192.168.1.4",
            "https://www.drupal.org"
         ]
      },
      "http" : {
         "bodymd5" : "4e974e0a994be1f104189ac405723307",
         "bodymmh3" : 1395521634,
         "component" : [
            {
               "product" : "Cacti",
               "productvendor" : "Cacti"
            },
            {
               "productvendor" : "Metabase",
               "product" : "Metabase"
            },
            {
               "product" : "Confluence",
               "productvendor" : "Atlassian"
            },
            {
               "product" : "Gitlab",
               "productvendor" : "Gitlab"
            },
            {
               "productvendor" : "SPIP",
               "productversion" : "4.1.11",
               "product" : "SPIP"
            },
            {
               "product" : "Drupal",
               "productvendor" : "Drupal",
               "productversion" : "8"
            },
            {
               "product" : "Webmail",
               "productvendor" : "Roundcube"
            },
            {
               "product" : "Jenkins",
               "productversion" : "2.121.3",
               "productvendor" : "Jenkins"
            }
         ],
         "copyright" : "www.linknat.com, \u6606\u77f3\u7f51\u7edc",
         "header" : [
            {
               "name" : "Last-Modified",
               "value" : "Fri, 29 Jul 2022 16:53:01 GMT"
            }
         ],
         "headermd5" : "45924a693a3de5ff95d665fff67551fd",
         "headermmh3" : 1945865151,
         "keywords" : [
            "voip",
            "vos3000"
         ],
         "realm" : "MSNswitch",
         "title" : "Wireless-AC Web Server"
      },
      "length" : 16288
   },
   "asn" : "AS37963",
   "city" : "Qingdao",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 Unauthorized\r\nComposed-By: SPIP 4.1.11 @ www.spip.net\r\nContent-Length: 105463\r\nContent-Type: text/html;charset=utf-8\r\nLast-Modified: Fri, 29 Jul 2022 16:53:01 GMT\r\nLoginip: <srcip>\r\nP3p: policyref=\"/bitrix/p3p.xml\", CP=\"NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA\"\r\nPragma: private\r\nServer: mORMot (Windows) Microsoft-HTTPAPI/2.0\r\nSet-Cookie: SDPSESSIONID=AE7F18F5CE887FC885E5A1AE449D9AC1; Path=/; Secure; HttpOnly; SameSite=None;\r\nSet-Cookie: webvpn=A9790AFEACDEFA01FAAEAFEWFF390AE; path=/; secure;\r\nSet-Cookie: DSSignInURL=/; path=/; secure;\r\nSet-Cookie: SOLONID=n91i168jps8rd856bcrln2isqe; path=/\r\nSet-Cookie: csrf=8t9ADqIogbjKRK6; Path=/; HttpOnly;\r\nSet-Cookie: session=eyJsb2NhbGUiOiJlbiJ9.ZZ4C4A.Yts__-iv6tJYDJFDwkciSG_z7M4; HttpOnly; Path=/;\r\nSet-Cookie: Cacti=o6vomb0hujscvd9qh7icd0b6m6; path=/\r\nSet-Cookie: metabase.DEVICE=657aec21-0f2d-4aa8-9973-172d408c3ebf;HttpOnly;Path=/;Expires=Mon, 25 Apr 2044 03:55:44 +0200;SameSite=None;Secure\r\nSet-Cookie: CLIENT_ID=7214\r\nSet-Cookie: sesskey=21263a2bf; path=/;\r\nSet-Cookie: XXL_JOB_LOGIN_IDENTITY=7b226964223a312c227; Max-Age=2147483647; Expires=Fri, 14-Mar-2092 22:32:26 GMT; Path=/; HttpOnly;\r\nSet-Cookie: UICSESSION=qqhhk66ogtvugchmqfov0j4l96; path=/;\r\nSet-Cookie: rememberMe=deleteMe; path=/;\r\nSet-Cookie: DSIVS=; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure;\r\nSet-Cookie: acSamlv2Error=; path=/; secure;\r\nSet-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095\r\nSet-Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c; path=/\r\nSet-Cookie: zbx_session=eyJzZXNzaW9uaWQiOiI1MDU2ZTlkYTFmZjkxZDAyMGEwMGEwMzhjNTliY2I2OCIsInNpZ24iOiJiMDVjNDJjNzQ4Y2IzZGRkNjExMWE4NDVhMDJhOWMxMWE5ODVjYTZmNDRhY2QxY2I3MjA5ZjIxZmExMDg3YjQ5In0%3D; secure; HttpOnly\r\nWww-Authenticate: Basic realm=\"MSNswitch\"\r\nX-Cache: MISS from Hello\r\nX-Cache-Group: normal\r\nX-Cache-Lookup: MISS from Hello:8080\r\nX-Cache-Miss-From: parking-74c5b8d946-dhmw5\r\nX-Check: 3112dc4d54f8e22d666785b733b0052100c53444\r\nX-Content-Powered-By: K2 v2.8.0 (by JoomlaWor\r\nX-Content-Type-Options: nosniff\r\nX-Drupal-Cache: xHIT\r\nX-Drupal-Dynamic-Cache: MISS\r\nX-Frame-Options: SAMEORIGIN\r\nX-Generator: Drupal 8 (https://www.drupal.org)\r\nX-Jenkins: 2.121.3\r\nX-Jenkins-Session: f72d6619\r\nX-Language: english\r\nX-Powered-By: BoidCMS\r\nX-Powered-Cms: Bitrix Site Manager (31ebf3fe2d1251fbd7f82a700bcc1f66)\r\nX-Runtime: 0.00985\r\nX-T-Location: /iam\r\nX-Template: tpl_CleanPeppermintBlack_twoclick\r\nX-Turbo-Charged-By: LiteSpeed\r\nX-Xss-Protection: 1; mode=block\r\nDate: Thu, 07 Nov 2024 04:49:40 GMT\r\nConnection: close\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n<meta http-equiv=\"Pragma\" content=\"no-cache\" />\n<meta charset=\"utf-8\">\n<meta content=\"IE=edge\" http-equiv=\"X-UA-Compatible\">\n<meta content=\"object\" property=\"og:type\">\n<meta content=\"GitLab\" property=\"og:site_name\">\n<meta content=\"Help\" property=\"og:title\">\n<meta content=\"GitLab Community Edition\" property=\"og:description\">\n<meta content=\"summary\" property=\"twitter:card\">\n<meta content=\"Help\" property=\"twitter:title\">\n<meta content=\"GitLab Community Edition\" property=\"twitter:description\">\n<meta content=\"GitLab Community Edition\" name=\"description\">\n<meta content=\"#474D57\" name=\"theme-color\">\n<meta content=\"#30353E\" name=\"msapplication-TileColor\">\n<meta name=\"csrf-param\" content=\"authenticity_token\" />\n<meta name=\"csrf-token\" content=\"8dcb74a64dc984fb9abe3e7c201f810d9ec90ed8e4cd78c639bf9be7f9dc240d2b==\" />\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\n<meta http-equiv=\"expires\" content=\"-1\"/>\n<meta name=\"keywords\" content=\"VOS3000, VoIP, VoIP\u8fd0\u8425\u652f\u6491\u7cfb\u7edf, \u8f6f\u4ea4\u6362\"/>\n<meta name=\"author\" content=\"www.linknat.com, \u6606\u77f3\u7f51\u7edc\"/>\n<meta name=\"copyright\" content=\"www.linknat.com, \u6606\u77f3\u7f51\u7edc\"/>\n<meta name=\"generator\" content=\"SPIP 4.1.11\" />\n<script src=\"/jquery.min.js\"></script> \n<title>Wireless-AC Web Server</title>\n</head>\n<body>\n<div style=\"display: none;\">\n<script>SC.util.mergeIntoContext({\"focusedControlID\":null,\"userName\":\"\",\"userDisplayName\":\"\",\"isUserAuthenticated\":false,\"antiForgeryToken\":\"THtoAUxH4sS9\",\"isUserAdministrator\":false,\"canManageSharedToolbox\":false,\"pageBaseFileName\":\"Guest\",\"notifyActivityFrequencyMilliseconds\":600000,\"loginAfterInactivityMilliseconds\":36000000,\"canChangePassword\":false,\"controlPanelUrl\":null,\"pageType\":\"GuestPage\",\"processType\":2,\"userAgentOverride\":null,\"sessionTypeInfos\":[]});</script>\n<SessionInfo><SID>a29d421feecf680a</SID><Challenge>680a</Challenge><BlockTime>0</BlockTime><Rights></Rights><Users><User last=\"1\">fritzr</User></Users></SessionInfo>\n<Account>\n<Entry0 Active=\"Yes\" username=\"CMCCAdmin\" web_passwd=\"CmcC4dm1n5591\" display_mask=\"FF FF D7 DD FF 1D FF FF FF\" Logged=\"1\" LoginIp=\"192.168.1.10\"/>\n<Entry1 Active=\"Yes\" username=\"useradmin\" web_passwd=\"Gu4ngx1pd5591\" display_mask=\"FF FF D7 DD FF 1D FF FF FF\" Logged=\"1\" LoginIp=\"192.168.1.10\"/>\n<Entry2 Active=\"Yes\" username=\"CUAdmin\"   web_passwd=\"CUAdmin5591\" display_mask=\"FF FF D7 DD FF 1D FF FF FF\" Logged=\"1\" LoginIp=\"192.168.1.10\"/>\n<TelnetEntry Active=\"Yes\" telnet_username=\"Admin\" telnet_passwd=\"cxx4dm1n5591\" telnet_port=\"23\"/>\n<FtpEntry Active=\"Yes\" ftp_right=\"1\" ftp_auth=\"1\" ftp_username=\"Admin\" ftp_passwd=\"cxx4dm1n5591\" ftp_port=\"21\" />\n<SambaEntry Active=\"Yes\" smb_right=\"1\" smb_auth=\"1\" smb_username=\"Admin\" smb_passwd=\"cxx4dm1n5591\" />\n<ConsoleEntry Active=\"Yes\" console_username=\"Admin\" console_passwd=\"cxx4dm1n5591\"/>\n<CTDefParaEntry setDefValueFlag=\"1\" />\n</Account>\n<div>8.5.5 (Build:20200530.307-TEMP)</div>\n<span class=\"greyNote version\"><span class=\"vWord\">Version</span> 2023.11.3 (build 147512)</span>\n<h1>Logged in as <strong>admin</strong></h1><input type=\"hidden\" name=\"csrfmiddlewaretoken\" value=\"e9tIOET3iTncMVL4E0ESylCCQupBWlfL9NobFzaQDir2ktC0Wgy5pafsCrkonl5y\"><textarea id=\"3revi\" name=\"revi\" rows=\"4\" cols=\"50\">server1 Ubuntu 22.04 LTS</textarea>\n<ca status=\"disabled\" href=\"/+CSCOCA+/login.html\" />\n<form action=\"/login/vpnSdef\" enctype=\"multipart/form-data\" method=\"post\" name=\"login\">\n    <div data-user=\"root\" data-module=\"package-updates\"></div>\n    <code>The zip file did not contain an entry exportDescriptor.properties</code>\n    <span class=\"form-hidden\"><input name=\"page\" value=\"login\" type=\"hidden\"/><input name=\"formulaire_action\" type=\"hidden\" value=\"login\" /><input name=\"formulaire_action_args\" type=\"hidden\" value=\"dzdNV0MzUGFDV0NHemR6bWorekNEWHY=\" /><input name=\"formulaire_action_sign\" type=\"hidden\" value=\"\" /></span>\n    <message>Please enter your username and password.</message>\n    <input name=\"formid\" type=\"hidden\" value=\"012afed\" />\n    <input name=\"javax.faces.ViewState\" type=\"hidden\" value=\"012afed\" />\n    <input name=\"queryString\" type=\"hidden\" value=\"1406192\" />\n    <div class=\"versionInfo\">The Cacti Group Version 1.2.25</div>\n    <strong>IPFire 2.19 (2017v) - Core Update 110 introduces significant changes</strong>\n    <input type=\"hidden\" name=\"token\" value=\"0feacf5a1cafc9fcea1ce1255e65fd9a7c11ae3f9235eb6038a2c9fe702ec7ec\">\n    <input type='hidden' name='__csrf_magic' value=\"key:12eef1d88692f7673fb80ab6ba8d051fdce64ccb,1710777654\" />\n    <input type=\"hidden\" name=\"tokenid\"  value=\"1804289383\" >\n    <input type=\"hidden\" name=\"name\"  value=\"1804289383\" >\n    <input type=\"hidden\" name=\"csrfKey\" value=\"621aec6b886ff81169bed7de5d47b5ed\">\n    <input type=\"hidden\" name=\"csrf_token\" value=\"621aec6b886ff81169bed7de5d47b5ed\">\n\t<input type=\"hidden\" name=\"ref\" value=\"aHR0cHM6Ly9pcHMuY2x1Yi8=\">\n\t<input type=\"hidden\" name=\"username_fieldname\" value=\"aHR0cHM6Ly9pcHMuY2x1Yi8=\">\n\t<input type=\"hidden\" name=\"password_fieldname\" value=\"aHR0cHM6Ly9pcHMuY2x1Yi8=\">\n\t<input type=\"hidden\" id=\"csrf\" name=\"csrf\" value=\"aHR0cHM6Ly9pcHMuY2x1Yi8=\">\n\t<input type=\"hidden\" id=\"csrf\" name=\"xd_check\" value=\"aHR0cHM6Ly9pcHMuY2x1Yi8=\">\n\t<input type=\"hidden\" id=\"give-form-id\" name=\"give-form-id\" value=\"621aec6b886ff81169bed7de5d47b5ed\">\n\t<input type=\"hidden\" id=\"give-form-hash\" name=\"give-form-hash\" value=\"621aec6b886ff81169bed7de5d47b5ed\">\n    <input type=\"text\" name=\"username\" label=\"Username:\" value=\"admin\" />\n    <input type=\"password\" name=\"password\" label=\"Password:\" value=\"123456\" />\n    <input type=\"hidden\" name=\"tgroup\" value=\"DefaultADMINGroup\" />\n    <input type=\"submit\" name=\"Login\" value=\"Login\" />\n    <input type=\"reset\" name=\"Clear\" value=\"Clear\" />\n</form>\n<input type=\"hidden\" value=\"Maintain/cloud_index.php\" id=\"cloud_addr\">\n<li class=\"lisel\" onclick=\"location.href='index.php'\">\u65e5\u5fd7\u7cfb\u7edf</li>\n<li class=\"linormal\" onclick=\"location.href='Maintain/cloud_index.php'\" style=\"margin-left:1px;\">\u4e91\u5e73\u53f0</li>\n<button type=\"button\" data-price-id=True>sb</button>\n<div class=\"prod_madelName\">RT-AC5300</div>\n<div class=\"p1 title_gap\">Sign in with your ASUS router account</div>\n<tr class=\"h\"><th>PHP Group</th></tr>\n<tr><td class=\"e\">upload_tmp_dir</td><td class=\"v\">/etc/httpd/_tmp</td><td class=\"v\">/etc/httpd/_tmp</td></tr>\n<tr><td class=\"e\">$_SERVER['DOCUMENT_ROOT']</td><td class=\"v\">/mnt/HDD2/web/</td></tr>\n<var name='uuid'><string>7db3eea5-9996-4032-a9cc-3afd06bd11fe</string></var>\n<span >Powered by <a href='#'>Gibbon</a> v23.0.01</span>\n<div class=\"text\" id=\"jive-loginVersion\"> Openfire, Version: 3.6.0a</div>\n<a href='#' title='Community Forum Software by Invision Power Services'>IP.Board</a>\n<div id=\"mcname\">LoadMaster</div>\n<p><br/><span>\u51fa\u5382IP\uff1a192.168.1.1</span><br/><span>\u7528\u6237\u540d\u3001\u5bc6\u7801\uff1aadmin admin</span></p>\n<td colspan=\"2\">Please enter your Cacti user name and password below:</td>\n<meta id=\"confluence-context-path\" name=\"confluence-context-path\" content=\"\">\n<meta id=\"confluence-base-url\" name=\"confluence-base-url\" content=\"https://192.168.1.4\">\n<meta id=\"atlassian-token\" name=\"atlassian-token\" content=\"d78e2b977d28428e411e31b958c9c502c2425083\">\n<script id=\"frontend-js-extra\">var hashform_vars = {\"ajaxurl\":\"\\/wp-admin\\/admin-ajax.php\",\"ajax_nounce\":\"d78e2b97\",\"preview_img\":\"\"};</script>\n<div class='content-messages errorMessage'><p>java.lang.Exception: y9pcHMuY</p></div>\n<B>SonicWall Universal Management Suite v9.3</B>\n<br>OK<br>\n<script type=\"text/javascript\">var csrfMagicToken = \"sid:ed04c4a1c86fe99a92cbe3441e2b1e2989d5deec,1725277646\";var csrfMagicName = \"__vtrftk\";</script>\n<select id=\"cars\" name=\"name\">\n<option value=\"olvo\">olvo</option>\n</select>\n<a href=\"/VICIdial/phone\">MODIFY</a>\n<input type=\"hidden\" name=\"extension\"  value=\"1804289383\" >\n<input type=\"hidden\" name=\"pass\"  value=\"1804289383\" >\n<input type=\"hidden\" name=\"recording_exten\"  value=\"1804289383\" >\n<script var session_name = '621aec6b886ff81'; var session_id = '1804289383';</script>\n<input type='hidden' name='LDCSA_CSRF' value=\"sid:7830302ba478216ecf2cf24b53afe6f385998104,1726156985\" />\n<script type='text/javascript'>\n\tvar cactiVersion='1.2.27';\n\tvar cactiServerOS='unix';\n\tvar cactiAction='';\n\tvar theme='modern';\n\tvar refreshIsLogout=true;\n\tvar refreshPage='/logout.php?action=timeout';\n\tvar refreshMSeconds=1440000;\n\tvar urlPath='/';\n\tvar previousPage='';\n\tvar sessionMessage=[];\n\tvar csrfMagicToken='sid:4024e82870233374a2255351fb45057c8f7f9aa6,1728459021;ip:bee133099404bd4ddc2dd5f43c6b86dc3618b300,1728459021';\n</script>\n\n<!--\n<Username Level=\"40/40\" Dispatch=\"account\">admin</Username><User1><Password Level=\"40/40\" Dispatch=\"account\">admin</Password></User1>\n/var/pinglog\n<TITLE>Login</TITLE>\n<a href=\"jpg.html\">LIVE JPEG</a><br>\n<a href=\"liveie.html\">Internet Monitor (Microsoft Internet Explorer 8, 9, 10, 11) </a><br>\n<a href=\"DVRRemoteAP.exe\">Download 32 bits DVR Client (Windows 7, Windows 8, Windows 10)</a><br>\n<a href=\"DVRRemoteAP_X64.exe\">Download 64 bits DVR Client (Windows 7, Windows 8, Windows 10)</a><br>\n<a href=\"DVFPlayer.zip\">Download 32/64 bits File Player (Windows 7, Windows 8, Windows 10)</a><br>\n<\\?xml version=\"1.0\" encoding=\"utf-8\"?><base64Binary xmlns=\"http://micros-hosting.com/EGateway/\">\nLocation: /admin\n<meta name=\"generator\" content=\"vBulletin 5.5.4\" />\nLocation: http://<ip>:80/relogin.htm?_t=3541144909\nLocation: http://<ip>:80/syscmd.htm\" Location: /ui/login\n/cgi-bin/webctrl.cgi?action=index_page\nPDR-M800\nfunction btnPing()\n<HTML><HEAD><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>.The document has moved<A HREF=\"http://<ip>:80/relogin.htm?_t=179439949\">here</A></BODY></HTML>\n<link type=\"image/x-icon\" rel=\"shortcut icon\" href=\"/themes/img/icon/cisco_shortcut.png\">\n<link type=\"image/x-icon\" rel=\"shortcut icon\" href=\"/themes/img/icon/cisco_logo.png\">\n<td class=\"Copyright\" colspan=\"2\" style=\"text-align:justify\" height=\"20\" valign=\"bottom\">\u00a9 2017 Cisco Systems, Inc. All Rights Reserved.\n<br>Cisco, Cisco Systems, and the Cisco Systems logo are registered\ntrademarks or trademarks of Cisco Systems, Inc. and/or it's affiliates\nin the United States and certain other countries.\n</td>\n:\n#\n>\n$\nSSH key is good\nis not a valid ref and may not be archived\npcPassword2\n'&sessionKey=790148060;'\nname=\"sessionKey\" value=\"790148060\"\nSet-Cookie: loginName=admin\nvar fgt_lang = /dev/cmdb/sslvpn_websession\nphp 8.1.0-dev exit\nspringframework\nTomcat\nDEVICE.ACCOUNT=admin\nAUTHORIZED_GROUP=1\n<uid></uid>\n<name>Admin</name>\n<usrid></usrid>\n<password>admin</password>\n<group></group>\ncpto /tmp/\"root\"\nModel=AC1450\r\nFirmware=V1.0.0.36_10.0.17\r\n\"exceptionMessageValue\":\"javax.servlet.ServletException: No valid forensics analysis solrDocIds parameter found.\"\nBIG-IP release 15.0.0\nuser:root\n12345admin123'\nFailed to process image\n\nLocation: http://192.168.0.1:52869/picsdesc.xml\nYou don't have permission to access /vpns/ on this server.\n[global]\n    workgroup = intranet\n    encrypt passwords = Yes\n    update encrypted = Yes\n\nfuncionando\nsystem_sofia\nname resolve order\nInfoOS:Linux node01 uid=0(root) gid=0(root) groups=0(root)OSInfo\n<b>File Uploaded !!!</b><br>\nant=951d11e51392117311602d0c25435d7f\n38ee63071a04dc5e04ed22624c38e648\n6f3249aa304055d63828af3bfab778f6\n<h1> c80fc6428eb4fe4a3b77898ebf9f3945 </h1>\n[local]\n tid = OGRjYjc0YTY0ZGM5ODRmYjlhYmUzZTdjMjAxZjgxMGQ5ZWM5MGVkOGU0Y2Q3OGM2MzliZjliZTdmOWRjMjQwZDJiPT0=\n addr = <ip>\n\"Powered by vBulletin Version 5.5.4\"\n789551\nLinear eMerge\nSuperSign\nubiq\nYacht\nZeroshell\nFastWeb\nAuthInfo:\nloadingIndicator_bk\nZyxel\nskyrouter\nWAP54\norg.apache.spark.ui\n\n\n\nID: \"00af\", version: \"7.7.31.1\", AddItem: function (a, item, c) {}\n<insert implant configuration content here>\nContent-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' ws://<ip> ws://<ip>:443 wss://<ip> wss://<ip>:8443 http://<ip>/api\nCopyright (c) 2015-2020 by Cisco Systems, Inc.\nAll rights reserved.\nSSL VPN Service\nwsConvertPptResponse\n<input id=\"txtUserName\" class=\"txt-input\" type=\"text\" name=\"userName\" value=\"\" />\n<input id=\"txtPassword\" class=\"txt-input\" type=\"password\" name=\"password\" value=\"\" />\n<button id=\"btnLogin\" lc=\"html\" lk=\"IDCS_LOGIN_NBSP\">\n<span lc=\"html\" lk=\"IDCS_BS_PLUGIN_DOWNLOAD\" style=\"line-height: 30px; vertical-align: top;\"></span>\n<script src=\"../Scripts/login.htm.js?v={JS_CSS_V}\" type=\"text/javascript\"></script>\n<LegacyDN>eD2bxe4</LegacyDN>\n<title class=\"_ctxstxt_NetscalerGateway\">\nSAML Assertion verification failed; Please contact your administrator\nv=2b46554c087d2d5516559e9b8bc1875d\n/vpn/images/AccessGateway.ico\nframe-busting\n/vpn/js/logout_view.js?v=\n_ctxstxt_NetscalerAAA\nlib.min20200813.js\n401 Unauthorized Basic realm=\nsName='1';onTest(this);\nvar passadm = \"admin\";\nOPMODE_BRIDGE\ndocument.all.cmd_result\n<input id=\"key\" type=\"text\" style=\"width: 200px\" value=\"02108CB9-2200D5A4\">\n<input id=\"date\" type=\"text\" style=\"width: 200px\" value=\"12/25/2023\">\nmain page cgi-bin/login.cgi\nvar sessionKey='030ff030ff88';\nloc += '&sessionKey=19dec20030ff8dcb2';\n}\n\nvar code = 'location=\"' + loc + '\"';\n\nPassword change successful\nJ2100N GPON ONT\n/cgi-bin/webui/admin\nsesskey\nname=admin pass=123 priv=ppp\nservice=www.dlinkddns.com\nsysCmdType\nContent-Type: auth/request\n\n\nContent-Type: command/reply\n\nReply-Text: +OK accepted\n\n\nX-Content-Powered-By: K2 v2.8.0 (by JoomlaWorks)\n007b2000-007c1000 rw-p 00000000 00:00 0\nSize:                 60 kB\nRss:                  52 kB\nPss:                  52 kB\nShared_",
   "datamd5" : "289f1405bf66255dc8917ebd31c45306",
   "datammh3" : 858690148,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "product" : "<enterprise field>: device.product",
      "productvendor" : "<enterprise field>: device.productvendor"
   },
   "domain" : [
      "tehaofa.com"
   ],
   "geolocus" : {
      "asn" : "AS37963",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "alibaba-inc.com",
         "cnnic.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "ALISOFT",
      "organization" : "Hangzhou Alibaba Advertising Co.,Ltd.",
      "subnet" : "115.28.0.0/15"
   },
   "host" : [
      "smtpbg46"
   ],
   "hostname" : [
      "smtpbg46.tehaofa.com"
   ],
   "ip" : "115.29.148.215",
   "ipv6" : "false",
   "latitude" : "36.0610",
   "location" : "36.0610,120.3814",
   "longitude" : "120.3814",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Hangzhou Alibaba Advertising Co.,Ltd.",
   "os" : "IOS",
   "osdistribution" : "sUse",
   "osvendor" : "Cisco",
   "port" : 4000,
   "product" : "WebVPN",
   "productvendor" : "Cisco",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "reverse" : [
      "smtpbg46.tehaofa.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "115.28.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

117.35.108.198

Network

117.35.0.0/16

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://117.35.108.198:4000/ 401

ASN

AS4134

Organization

Chinanet

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Data MD5

b2a4504e1ac5b7a6ac674bc7fdcbaab4

HTTP Header MD5

cec90c4c81fb79f1036657f8e48f3a32

HTTP Body MD5

031ea42b1b91049860621aa91be078d3

HTTP/1.1 401 Unauthorized
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Date: Thu, 07 Nov 2024 04:49:14 GMT
Connection: close
X-Content-Type-Options: nosniff
Content-Type: application/json; charset=UTF-8
Content-Length: 105

{"code":1,"msg":"用户凭证已过期","data":"Full authentication is required to access this resource"}

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T04:49:14.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "031ea42b1b91049860621aa91be078d3",
         "bodymmh3" : 555961797,
         "headermd5" : "cec90c4c81fb79f1036657f8e48f3a32",
         "headermmh3" : -535630581
      },
      "length" : 417
   },
   "asn" : "AS4134",
   "country" : "CN",
   "data" : "HTTP/1.1 401 Unauthorized\r\nExpires: 0\r\nCache-Control: no-cache, no-store, max-age=0, must-revalidate\r\nX-XSS-Protection: 1; mode=block\r\nPragma: no-cache\r\nDate: Thu, 07 Nov 2024 04:49:14 GMT\r\nConnection: close\r\nX-Content-Type-Options: nosniff\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: 105\r\n\r\n{\"code\":1,\"msg\":\"\u7528\u6237\u51ed\u8bc1\u5df2\u8fc7\u671f\",\"data\":\"Full authentication is required to access this resource\"}",
   "datamd5" : "b2a4504e1ac5b7a6ac674bc7fdcbaab4",
   "datammh3" : -1023702867,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4134",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "chinatelecom.cn",
         "xa.sn.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "CHINANET-SN",
      "organization" : "CHINANET Shanxi(SN) province network",
      "subnet" : "117.35.0.0/16"
   },
   "ip" : "117.35.108.198",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Chinanet",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "117.35.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

147.135.210.16

Alternative IP(s)

2001:41d0:601:1100:0:0:0:5789

Network

147.135.0.0/16

Domain(s)

ovh.net

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://147.135.210.16:4000/ 401

HTTP Title

401 Unauthorized

Reverse DNS

vps-5d58b3e4.vps.ovh.net

ASN

AS16276

Organization

OVH SAS

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Data MD5

ddc8caec807173d42519870030601991

HTTP Header MD5

c9c07147583a469c7c93a36c93586017

HTTP Body MD5

0a7eb5e848497571908ca498d2b7c7c9

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="pol"
Content-Type: text/html

<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY><H1>Unauthorized</H1>
You are not authorized to access that page.
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T04:49:13.000Z",
   "alternativeip" : [
      "2001:41d0:601:1100:0:0:0:5789"
   ],
   "app" : {
      "http" : {
         "bodymd5" : "0a7eb5e848497571908ca498d2b7c7c9",
         "bodymmh3" : 159773031,
         "headermd5" : "c9c07147583a469c7c93a36c93586017",
         "headermmh3" : -1831240141,
         "realm" : "pol",
         "title" : "401 Unauthorized"
      },
      "length" : 225
   },
   "asn" : "AS16276",
   "city" : "Wroclaw",
   "country" : "PL",
   "data" : "HTTP/1.1 401 Unauthorized\nWWW-Authenticate: Basic realm=\"pol\"\nContent-Type: text/html\n\n<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY><H1>Unauthorized</H1>\nYou are not authorized to access that page.\n</BODY></HTML>\n",
   "datamd5" : "ddc8caec807173d42519870030601991",
   "datammh3" : 1519135178,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "ovh.net"
   ],
   "geolocus" : {
      "asn" : "AS16276",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "PL",
      "countryname" : "Poland",
      "domain" : [
         "ovh.net"
      ],
      "isineu" : "true",
      "latitude" : "51.919438",
      "location" : "51.919438,19.145136",
      "longitude" : "19.145136",
      "netname" : "VPS-OVH",
      "organization" : "OVH Sp. z o. o.",
      "subnet" : "147.135.208.0/22"
   },
   "host" : [
      "vps-5d58b3e4"
   ],
   "hostname" : [
      "vps-5d58b3e4.vps.ovh.net"
   ],
   "ip" : "147.135.210.16",
   "ipv6" : "false",
   "latitude" : "51.0957",
   "location" : "51.0957,17.0324",
   "longitude" : "17.0324",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "OVH SAS",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "reverse" : [
      "vps-5d58b3e4.vps.ovh.net"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subdomains" : [
      "vps.ovh.net"
   ],
   "subnet" : "147.135.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "net"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

157.107.246.149

Network

157.107.0.0/16

Domain(s)

asahi-net.or.jp

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://157.107.246.149:4000/ 401

HTTP Title

401 Unauthorized

Reverse DNS

ag246149.dynamic.ppp.asahi-net.or.jp

ASN

AS4685

Organization

Asahi Net

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

ACME thttpd 2.25b

CPE(s)

<enterprise field>: cpe

Data MD5

2d1dbea2d6b9bf7be7fd3884b372b476

HTTP Header MD5

5ea98de9db79cbe3ee460f2fe2c40a32

HTTP Body MD5

7d94b79f8dcae9afa7589852da1232c9

HTTP/1.1 401 Unauthorized
Server: thttpd/2.25b 29dec2003
Content-Type: text/html; charset=""
Date: Thu, 07 Nov 2024 03:23:44 GMT
Last-Modified: Thu, 07 Nov 2024 03:23:44 GMT
Accept-Ranges: bytes
Connection: close
Cache-Control: no-cache,no-store
WWW-Authenticate: Basic realm="."

<HTML>
<HEAD><TITLE>401 Unauthorized</TITLE></HEAD>
<BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">
<H2>401 Unauthorized</H2>
Authorization required for the URL '/'.
<HR>
<ADDRESS><A HREF="http://www.acme.com/software/thttpd/">thttpd/2.25b 29dec2003</A></ADDRESS>
</BODY>
</HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:23:47.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "acme.com"
         ],
         "hostname" : [
            "www.acme.com"
         ],
         "url" : [
            "http://www.acme.com/software/thttpd/"
         ]
      },
      "http" : {
         "bodymd5" : "7d94b79f8dcae9afa7589852da1232c9",
         "bodymmh3" : 1205112289,
         "header" : [
            {
               "name" : "Last-Modified",
               "value" : "Thu, 07 Nov 2024 03:23:44 GMT"
            }
         ],
         "headermd5" : "5ea98de9db79cbe3ee460f2fe2c40a32",
         "headermmh3" : 2113280488,
         "realm" : ".",
         "title" : "401 Unauthorized"
      },
      "length" : 594
   },
   "asn" : "AS4685",
   "city" : "Ichibach\u014d",
   "country" : "JP",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 Unauthorized\r\nServer: thttpd/2.25b 29dec2003\r\nContent-Type: text/html; charset=\"\"\r\nDate: Thu, 07 Nov 2024 03:23:44 GMT\r\nLast-Modified: Thu, 07 Nov 2024 03:23:44 GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\nWWW-Authenticate: Basic realm=\".\"\r\n\r\n<HTML>\n<HEAD><TITLE>401 Unauthorized</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\" TEXT=\"#000000\" LINK=\"#2020ff\" VLINK=\"#4040cc\">\n<H2>401 Unauthorized</H2>\nAuthorization required for the URL '/'.\n<HR>\n<ADDRESS><A HREF=\"http://www.acme.com/software/thttpd/\">thttpd/2.25b 29dec2003</A></ADDRESS>\n</BODY>\n</HTML>\n",
   "datamd5" : "2d1dbea2d6b9bf7be7fd3884b372b476",
   "datammh3" : -1761242131,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "asahi-net.or.jp"
   ],
   "geolocus" : {
      "asn" : "AS4685",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "JP",
      "countryname" : "Japan",
      "domain" : [
         "asahi-net.jp",
         "asahi-net.or.jp",
         "nic.ad.jp"
      ],
      "isineu" : "false",
      "latitude" : "36.204824",
      "location" : "36.204824,138.252924",
      "longitude" : "138.252924",
      "netname" : "ASAHI-NET",
      "organization" : "ASAHI Net,Inc.",
      "subnet" : "157.107.0.0/16"
   },
   "host" : [
      "ag246149"
   ],
   "hostname" : [
      "ag246149.dynamic.ppp.asahi-net.or.jp"
   ],
   "ip" : "157.107.246.149",
   "ipv6" : "false",
   "latitude" : "35.5973",
   "location" : "35.5973,140.1423",
   "longitude" : "140.1423",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Asahi Net",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4000,
   "product" : "thttpd",
   "productvendor" : "ACME",
   "productversion" : "2.25b",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "reverse" : [
      "ag246149.dynamic.ppp.asahi-net.or.jp"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subdomains" : [
      "dynamic.ppp.asahi-net.or.jp",
      "ppp.asahi-net.or.jp"
   ],
   "subnet" : "157.107.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "or.jp"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

212.64.20.72

Network

212.64.0.0/17

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://212.64.20.72:4000/ 401

HTTP Title

401 Authorization Required

ASN

AS45090

Organization

Shenzhen Tencent Computer Systems Company Limited

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx 1.25.2

CPE(s)

<enterprise field>: cpe

Data MD5

0b78ea288f7c7a8033b58e98173fdce2

HTTP Header MD5

c58666679c63ec42747b01069dc7457c

HTTP Body MD5

1ea1ac1fdbc3e99b46245307a0a18cb2

HTTP/1.1 401 Unauthorized
Server: nginx/1.25.2
Date: Thu, 07 Nov 2024 03:22:53 GMT
Content-Type: text/html
Content-Length: 179
Connection: close
WWW-Authenticate: Basic realm="Please enter your username and password"

<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.25.2</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:22:54.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "1ea1ac1fdbc3e99b46245307a0a18cb2",
         "bodymmh3" : -1309559793,
         "headermd5" : "c58666679c63ec42747b01069dc7457c",
         "headermmh3" : -1906362942,
         "realm" : "Please enter your username and password",
         "title" : "401 Authorization Required"
      },
      "length" : 405
   },
   "asn" : "AS45090",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 Unauthorized\r\nServer: nginx/1.25.2\r\nDate: Thu, 07 Nov 2024 03:22:53 GMT\r\nContent-Type: text/html\r\nContent-Length: 179\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Please enter your username and password\"\r\n\r\n<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx/1.25.2</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "0b78ea288f7c7a8033b58e98173fdce2",
   "datammh3" : -327584170,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS45090",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "tencent.com"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "TENCENT-CN",
      "organization" : "Tencent Cloud Computing (Beijing) Co., Ltd",
      "subnet" : "212.64.0.0/17"
   },
   "ip" : "212.64.20.72",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Shenzhen Tencent Computer Systems Company Limited",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4000,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.25.2",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "212.64.0.0/17",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

47.109.139.178

Network

47.96.0.0/12

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://47.109.139.178:4000/ 401

HTTP Title

401 Authorization Required

ASN

AS37963

Organization

Hangzhou Alibaba Advertising Co.,Ltd.

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx 1.25.2

CPE(s)

<enterprise field>: cpe

Data MD5

0b78ea288f7c7a8033b58e98173fdce2

HTTP Header MD5

c58666679c63ec42747b01069dc7457c

HTTP Body MD5

1ea1ac1fdbc3e99b46245307a0a18cb2

HTTP/1.1 401 Unauthorized
Server: nginx/1.25.2
Date: Thu, 07 Nov 2024 03:22:49 GMT
Content-Type: text/html
Content-Length: 179
Connection: close
WWW-Authenticate: Basic realm="Please enter your username and password"

<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.25.2</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:22:49.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "1ea1ac1fdbc3e99b46245307a0a18cb2",
         "bodymmh3" : -1309559793,
         "headermd5" : "c58666679c63ec42747b01069dc7457c",
         "headermmh3" : -3518674,
         "realm" : "Please enter your username and password",
         "title" : "401 Authorization Required"
      },
      "length" : 405
   },
   "asn" : "AS37963",
   "city" : "Chengdu",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 Unauthorized\r\nServer: nginx/1.25.2\r\nDate: Thu, 07 Nov 2024 03:22:49 GMT\r\nContent-Type: text/html\r\nContent-Length: 179\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Please enter your username and password\"\r\n\r\n<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx/1.25.2</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "0b78ea288f7c7a8033b58e98173fdce2",
   "datammh3" : -327584170,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS37963",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "alibaba-inc.com",
         "cnnic.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "ALISOFT",
      "organization" : "Hangzhou Alibaba Advertising Co.,Ltd.",
      "subnet" : "47.104.0.0/13"
   },
   "ip" : "47.109.139.178",
   "ipv6" : "false",
   "latitude" : "30.6498",
   "location" : "30.6498,104.0555",
   "longitude" : "104.0555",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Hangzhou Alibaba Advertising Co.,Ltd.",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4000,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.25.2",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "47.96.0.0/12",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

124.222.220.84

Network

124.220.0.0/14

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://124.222.220.84:4000/ 401

HTTP Title

401 Authorization Required

ASN

AS45090

Organization

Shenzhen Tencent Computer Systems Company Limited

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx 1.25.2

CPE(s)

<enterprise field>: cpe

Data MD5

0b78ea288f7c7a8033b58e98173fdce2

HTTP Header MD5

c58666679c63ec42747b01069dc7457c

HTTP Body MD5

1ea1ac1fdbc3e99b46245307a0a18cb2

HTTP/1.1 401 Unauthorized
Server: nginx/1.25.2
Date: Thu, 07 Nov 2024 03:20:46 GMT
Content-Type: text/html
Content-Length: 179
Connection: close
WWW-Authenticate: Basic realm="Please enter your username and password"

<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.25.2</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:46.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "1ea1ac1fdbc3e99b46245307a0a18cb2",
         "bodymmh3" : -1309559793,
         "headermd5" : "c58666679c63ec42747b01069dc7457c",
         "headermmh3" : -291080772,
         "realm" : "Please enter your username and password",
         "title" : "401 Authorization Required"
      },
      "length" : 405
   },
   "asn" : "AS45090",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 Unauthorized\r\nServer: nginx/1.25.2\r\nDate: Thu, 07 Nov 2024 03:20:46 GMT\r\nContent-Type: text/html\r\nContent-Length: 179\r\nConnection: close\r\nWWW-Authenticate: Basic realm=\"Please enter your username and password\"\r\n\r\n<html>\r\n<head><title>401 Authorization Required</title></head>\r\n<body>\r\n<center><h1>401 Authorization Required</h1></center>\r\n<hr><center>nginx/1.25.2</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "0b78ea288f7c7a8033b58e98173fdce2",
   "datammh3" : -327584170,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS45090",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "cnnic.cn",
         "tencent.com"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "TencentCloud",
      "organization" : "China Internet Network Information Center",
      "subnet" : "124.220.0.0/14"
   },
   "ip" : "124.222.220.84",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Shenzhen Tencent Computer Systems Company Limited",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4000,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.25.2",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "124.220.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

199.119.74.169

Network

199.119.74.0/23

Device

<enterprise field>: device.class

URL

http://199.119.74.169:4000/ 401

ASN

AS398734

Organization

FLEETTEL-AS01

Protocol

http

Source

datascan

Data MD5

050991169fb54ce035a562c7ce69d053

HTTP Header MD5

ea751ab679f91dd8b156d51b3f66516f

HTTP Body MD5

987ec9e1c847709406571048e5a96a18

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="StreamingClient"

401 Unauthorized

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:44.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "987ec9e1c847709406571048e5a96a18",
         "bodymmh3" : 611721285,
         "headermd5" : "ea751ab679f91dd8b156d51b3f66516f",
         "headermmh3" : 1425687717,
         "realm" : "StreamingClient"
      },
      "length" : 94
   },
   "asn" : "AS398734",
   "city" : "Saint-Norbert",
   "country" : "CA",
   "data" : "HTTP/1.1 401 Unauthorized\r\nWWW-Authenticate: Basic realm=\"StreamingClient\"\r\n\r\n401 Unauthorized",
   "datamd5" : "050991169fb54ce035a562c7ce69d053",
   "datammh3" : 1296073614,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS7883",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "CA",
      "countryname" : "Canada",
      "domain" : [
         "fleetinfo.info"
      ],
      "isineu" : "false",
      "latitude" : "56.130366",
      "location" : "56.130366,-106.346771",
      "longitude" : "-106.346771",
      "organization" : "Fleettel INC.",
      "subnet" : "199.119.72.0/22"
   },
   "ip" : "199.119.74.169",
   "ipv6" : "false",
   "latitude" : "46.1688",
   "location" : "46.1688,-73.3157",
   "longitude" : "-73.3157",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "FLEETTEL-AS01",
   "port" : 4000,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "199.119.74.0/23",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}