Cyber Defense Search Engine

IP
85.26.213.196

Network
85.26.208.0/20

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://85.26.213.196:4369/ 200

ASN
AS31213

Organization
PJSC MegaFon

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
6e8d9634954ae536350449c4a98b1eac

HTTP Header MD5
d619316b9b777323921e98dbe2a06180

HTTP Body MD5
c714c7d261300d71413f260e125d4b9a

HTTP/1.1 200 OK
Connection: close
ETag: "952-20c-63e9fc38"
Last-Modified: Mon, 13 Feb 2023 09:00:40 GMT
Date: Thu, 07 Nov 2024 05:39:34 GMT
Content-Type: text/html
Content-Length: 524

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="refresh" content="0; URL=/cgi-bin/luci/" />
</head>
<body style="background-color: white">
<a style="color: black; font-family: arial, helvetica, sans-serif;" href="/cgi-bin/luci/">LuCI - Lua Configuration Interface</a>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:39:34.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/1999/xhtml",
            "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "c714c7d261300d71413f260e125d4b9a",
         "bodymmh3" : 1930024863,
         "header" : [
            {
               "value" : "952-20c-63e9fc38",
               "name" : "ETag"
            },
            {
               "name" : "Last-Modified",
               "value" : "Mon, 13 Feb 2023 09:00:40 GMT"
            }
         ],
         "headermd5" : "d619316b9b777323921e98dbe2a06180",
         "headermmh3" : 1307707377
      },
      "length" : 717
   },
   "asn" : "AS31213",
   "country" : "RU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nETag: \"952-20c-63e9fc38\"\r\nLast-Modified: Mon, 13 Feb 2023 09:00:40 GMT\r\nDate: Thu, 07 Nov 2024 05:39:34 GMT\r\nContent-Type: text/html\r\nContent-Length: 524\r\n\r\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n<meta http-equiv=\"Cache-Control\" content=\"no-cache, no-store, must-revalidate\" />\n<meta http-equiv=\"refresh\" content=\"0; URL=/cgi-bin/luci/\" />\n</head>\n<body style=\"background-color: white\">\n<a style=\"color: black; font-family: arial, helvetica, sans-serif;\" href=\"/cgi-bin/luci/\">LuCI - Lua Configuration Interface</a>\n</body>\n</html>\n",
   "datamd5" : "6e8d9634954ae536350449c4a98b1eac",
   "datammh3" : 1460462077,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "ip" : "85.26.213.196",
   "ipv6" : "false",
   "latitude" : "55.7386",
   "location" : "55.7386,37.6068",
   "longitude" : "37.6068",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "PJSC MegaFon",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4369,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "85.26.208.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
122.176.136.213

Network
122.176.128.0/18

Domain(s)
airtelbroadband.in

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

URL

http://122.176.136.213:4369/ 200

HTTP Title
IIS Windows Server

Reverse DNS
abts-north-dynamic-213.136.176.122.airtelbroadband.in

ASN
AS24560

Organization
Bharti Airtel Ltd., Telemedia Services

Protocol
http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft IIS 10.0

HTTP Component(s)
Microsoft ASP.NET Microsoft IIS

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
0ca775a6b65f845f5163e490398a9acf

HTTP Header MD5
c45e463ffd89b34a781c977b38f3ecbc

HTTP Body MD5
654ae82705924352d2363b1d797997ce

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 21 Sep 2022 06:25:00 GMT
Accept-Ranges: bytes
ETag: "d67570e082cdd81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 07 Nov 2024 05:38:49 GMT
Connection: close
Content-Length: 703

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS Windows Server</title>
<style type="text/css">
<!--
body {
	color:#000000;
	background-color:#0072C6;
	margin:0;
}

#container {
	margin-left:auto;
	margin-right:auto;
	text-align:center;
	}

a img {
	border:none;
}

-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>
</div>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:38:50.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "microsoft.com",
            "w3.org"
         ],
         "hostname" : [
            "go.microsoft.com",
            "www.w3.org"
         ],
         "url" : [
            "http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409",
            "http://www.w3.org/1999/xhtml",
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "654ae82705924352d2363b1d797997ce",
         "bodymmh3" : 703707298,
         "component" : [
            {
               "productvendor" : "Microsoft",
               "product" : "IIS"
            },
            {
               "productvendor" : "Microsoft",
               "product" : "ASP.NET"
            }
         ],
         "header" : [
            {
               "name" : "Last-Modified",
               "value" : "Wed, 21 Sep 2022 06:25:00 GMT"
            },
            {
               "name" : "ETag",
               "value" : "d67570e082cdd81:0"
            }
         ],
         "headermd5" : "c45e463ffd89b34a781c977b38f3ecbc",
         "headermmh3" : -930652834,
         "title" : "IIS Windows Server"
      },
      "length" : 970
   },
   "asn" : "AS24560",
   "city" : "Noida",
   "country" : "IN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nLast-Modified: Wed, 21 Sep 2022 06:25:00 GMT\r\nAccept-Ranges: bytes\r\nETag: \"d67570e082cdd81:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 07 Nov 2024 05:38:49 GMT\r\nConnection: close\r\nContent-Length: 703\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />\r\n<title>IIS Windows Server</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody {\r\n\tcolor:#000000;\r\n\tbackground-color:#0072C6;\r\n\tmargin:0;\r\n}\r\n\r\n#container {\r\n\tmargin-left:auto;\r\n\tmargin-right:auto;\r\n\ttext-align:center;\r\n\t}\r\n\r\na img {\r\n\tborder:none;\r\n}\r\n\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"container\">\r\n<a href=\"http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409\"><img src=\"iisstart.png\" alt=\"IIS\" width=\"960\" height=\"600\" /></a>\r\n</div>\r\n</body>\r\n</html>",
   "datamd5" : "0ca775a6b65f845f5163e490398a9acf",
   "datammh3" : 1065540519,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "airtelbroadband.in"
   ],
   "geolocus" : {
      "asn" : "AS24560",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "IN",
      "countryname" : "India",
      "domain" : [
         "airtel.com",
         "airtelbroadband.in"
      ],
      "isineu" : "false",
      "latitude" : "20.593684",
      "location" : "20.593684,78.96288",
      "longitude" : "78.96288",
      "netname" : "BNLD-209392-NewDelhi",
      "organization" : "ABTS-DSl-DEL",
      "subnet" : "122.176.0.0/16"
   },
   "host" : [
      "abts-north-dynamic-213"
   ],
   "hostname" : [
      "abts-north-dynamic-213.136.176.122.airtelbroadband.in"
   ],
   "ip" : "122.176.136.213",
   "ipv6" : "false",
   "latitude" : "28.6145",
   "location" : "28.6145,77.3063",
   "longitude" : "77.3063",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Bharti Airtel Ltd., Telemedia Services",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "osversion" : [
      "Server 2016",
      10
   ],
   "port" : 4369,
   "product" : "IIS",
   "productvendor" : "Microsoft",
   "productversion" : "10.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "abts-north-dynamic-213.136.176.122.airtelbroadband.in"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "136.176.122.airtelbroadband.in",
      "122.airtelbroadband.in",
      "176.122.airtelbroadband.in"
   ],
   "subnet" : "122.176.128.0/18",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "in"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
43.204.233.253

Network
43.200.0.0/13

Domain(s)
amazonaws.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://43.204.233.253:4369/ 200

Reverse DNS
ec2-43-204-233-253.ap-south-1.compute.amazonaws.com

ASN
AS16509

Organization
AMAZON-02

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

Product
F5 Nginx

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
841ef049931f2abf64cb8efe40b3361a

HTTP Header MD5
9f060a9cb1b31c417a3a68e629ae97e3

HTTP Body MD5
7247f7a69fe8c58679f8e1859605c9b1

HTTP/1.1 200 OK
Connection: close
Date: Thu, 07 Nov 2024 05:38:22 GMT
Server: nginx
Content-Length: 88
Content-Type: text/html

<HTML><HEAD><script>window.top.location.href='/Main_Login.asp';</script>
</HEAD></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:38:22.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "7247f7a69fe8c58679f8e1859605c9b1",
         "bodymmh3" : -1161513703,
         "headermd5" : "9f060a9cb1b31c417a3a68e629ae97e3",
         "headermmh3" : 222404312
      },
      "length" : 223
   },
   "asn" : "AS16509",
   "city" : "Mumbai",
   "country" : "IN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 07 Nov 2024 05:38:22 GMT\r\nServer: nginx\r\nContent-Length: 88\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><script>window.top.location.href='/Main_Login.asp';</script>\n</HEAD></HTML>\n",
   "datamd5" : "841ef049931f2abf64cb8efe40b3361a",
   "datammh3" : -116911898,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZON-AS-AP",
      "organization" : "Amazon.com, Inc.",
      "subnet" : "43.204.0.0/15"
   },
   "host" : [
      "ec2-43-204-233-253"
   ],
   "hostname" : [
      "ec2-43-204-233-253.ap-south-1.compute.amazonaws.com"
   ],
   "ip" : "43.204.233.253",
   "ipv6" : "false",
   "latitude" : "19.0748",
   "location" : "19.0748,72.8856",
   "longitude" : "72.8856",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4369,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "ec2-43-204-233-253.ap-south-1.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "ap-south-1.compute.amazonaws.com",
      "compute.amazonaws.com"
   ],
   "subnet" : "43.200.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
129.146.131.8

Network
129.146.0.0/16

Device

<enterprise field>: device.class

Operating System
Linux Linux Ubuntu

URL

http://129.146.131.8:4369/ 302

HTTP Title
302 Found

ASN
AS31898

Organization
ORACLE-BMC-31898

Protocol
http

Source
datascan
Operating System
Linux Linux Ubuntu

Product
F5 Nginx 1.18.0

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
08697fd0185813fc921a4889e1032df4

HTTP Header MD5
bad4d2256edd9355ba1ff344e3090ae0

HTTP Body MD5
72a114f2d4915d58ddf7f5349eb52944

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 07 Nov 2024 05:37:36 GMT
Content-Type: text/html
Content-Length: 154
Connection: close
Location: https://cdn.maxgoodell.com

<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:37:36.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "maxgoodell.com"
         ],
         "hostname" : [
            "cdn.maxgoodell.com"
         ],
         "url" : [
            "https://cdn.maxgoodell.com"
         ]
      },
      "http" : {
         "bodymd5" : "72a114f2d4915d58ddf7f5349eb52944",
         "bodymmh3" : -2120412095,
         "headermd5" : "bad4d2256edd9355ba1ff344e3090ae0",
         "headermmh3" : -1090190208,
         "title" : "302 Found"
      },
      "length" : 359
   },
   "asn" : "AS31898",
   "city" : "Phoenix",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 302 Moved Temporarily\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Thu, 07 Nov 2024 05:37:36 GMT\r\nContent-Type: text/html\r\nContent-Length: 154\r\nConnection: close\r\nLocation: https://cdn.maxgoodell.com\r\n\r\n<html>\r\n<head><title>302 Found</title></head>\r\n<body>\r\n<center><h1>302 Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "08697fd0185813fc921a4889e1032df4",
   "datammh3" : 644795933,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS31898",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "oracle.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "OPC1",
      "organization" : "Oracle Corporation",
      "subnet" : "129.146.0.0/16"
   },
   "ip" : "129.146.131.8",
   "ipv6" : "false",
   "latitude" : "33.4656",
   "location" : "33.4656,-111.9956",
   "longitude" : "-111.9956",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "ORACLE-BMC-31898",
   "os" : "Linux",
   "osdistribution" : "Ubuntu",
   "osvendor" : "Linux",
   "port" : 4369,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.18.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved Temporarily",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 302,
   "subnet" : "129.146.0.0/16",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
16.171.60.171

Network
16.168.0.0/14

Domain(s)
amazonaws.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://16.171.60.171:4369/ 404

HTTP Title
Error 404--Not Found

Reverse DNS
ec2-16-171-60-171.eu-north-1.compute.amazonaws.com

ASN
AS16509

Organization
AMAZON-02

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

Product
Oracle Weblogic Server 10.3.6.0.0

HTTP Component(s)
Oracle Weblogic Server

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
e26e7874bcd5613de7a73a09bb31100c

HTTP Header MD5
522c4e821ae16fa1f93f1ac71c0e412a

HTTP Body MD5
693ba5c2587c2994de7843b9c3c9e384

Favicon MD5
2b86aa50c3a66bb77ff07c42cc051dcc

Favicon MMH3
-1216248324

HTTP/1.1 404 Not Found
Connection: close
Date: Thu, 07 Nov 2024 04:54:30 GMT
Server: WebLogic Server 10.3.6.0.0
Content-Type: text/html
Content-Length: 1766

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
    <HEAD>
        <TITLE>Error 404--Not Found</TITLE>
    </HEAD>
    <BODY bgcolor="white">
        <FONT FACE=Helvetica><BR CLEAR=all>
        <TABLE border=0 cellspacing=5>
            <TR>
                <TD>
                    <BR CLEAR=all>
                    <FONT FACE="Helvetica" COLOR="black" SIZE="3">
                        <H2>Error 404--Not Found</H2>
                    </FONT>
                </TD>
            </TR>
        </TABLE>
        <TABLE border=0 width=100% cellpadding=10>
            <TR>
                <TD VALIGN=top WIDTH=100% BGCOLOR=white>
                    <FONT FACE="Courier New">
                        <FONT FACE="Helvetica" SIZE="3">
                            <H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>
                        </FONT>
                        <FONT FACE="Helvetica" SIZE="3">
                            <H4>10.4.5 404 Not Found</H4>
                        </FONT>
                        <P>
                            <FONT FACE="Courier New">
                                The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
                        </p>
                        <p>If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.</FONT></P>
                    </FONT>
                </TD>
            </TR>
        </TABLE>
    </BODY>
</HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:31:31.000Z",
   "app" : {
      "extract" : {
         "ip" : [
            "10.3.6.0"
         ]
      },
      "favicon" : {
         "image" : "AAABAAIAEBAQAAAAAAAoAQAAJgAAACAgEAAAAAAA6AIAAE4BAAAoAAAAEAAAACAAAAABAAQAAAAAAIAAAAAAAAAAAAAAABAAAAAQAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAABERERERAAABEREREREAABERAAAAAAAAERAAAAAAAAEREAAAAAAAAREREREREQABERERERERAAEREAAAAAAAAREQAAAAAAAAEREAAAAAAAARERAAAAAAAAEREREREQAAAAERERERAAAAAAAAAAAAAAAAAAAAAAA//8AAPADAADgAwAAw/8AAMf/AACH/wAAgAMAAIADAACH/wAAh/8AAMP/AADB/wAA4AMAAPgDAAD//wAA//8AACgAAAAgAAAAQAAAAAEABAAAAAAAAAIAAAAAAAAAAAAAEAAAABAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEREREREREREQAAAAAAAAEREREREREREREAAAAAAAERERERERERERERAAAAAAAREREREREREREREQAAAAABEREREREREREREREAAAAAAREREREAAAAAAAAAAAAAABEREREQAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREQAAAAAAAAAAAAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREREREREREREREAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREQAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAABEREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREREREREREQAAAAAAEREREREREREREREAAAAAAAERERERERERERERAAAAAAAAAREREREREREREQAAAAAAAAABEREREREREREAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////////4AAP/4AAD/4AAA/8AAAP+AAAD/gD///wB///8A////Af///gH///4B///+AAAA/gAAAP4AAAD+AAAA/gAAAP4B////Af///wD///8Af///gD///8AAAP/AAAD/4AAA//gAAP/+AAD////////////////w==",
         "imagemd5" : "2b86aa50c3a66bb77ff07c42cc051dcc",
         "imagemmh3" : -1216248324,
         "length" : 1078,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "693ba5c2587c2994de7843b9c3c9e384",
         "bodymmh3" : -369160404,
         "component" : [
            {
               "product" : "Weblogic Server",
               "productvendor" : "Oracle"
            }
         ],
         "headermd5" : "522c4e821ae16fa1f93f1ac71c0e412a",
         "headermmh3" : -2124859187,
         "title" : "Error 404--Not Found"
      },
      "length" : 1931
   },
   "asn" : "AS16509",
   "city" : "Stockholm",
   "country" : "SE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 404 Not Found\r\nConnection: close\r\nDate: Thu, 07 Nov 2024 04:54:30 GMT\r\nServer: WebLogic Server 10.3.6.0.0\r\nContent-Type: text/html\r\nContent-Length: 1766\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Draft//EN\">\n<HTML>\n    <HEAD>\n        <TITLE>Error 404--Not Found</TITLE>\n    </HEAD>\n    <BODY bgcolor=\"white\">\n        <FONT FACE=Helvetica><BR CLEAR=all>\n        <TABLE border=0 cellspacing=5>\n            <TR>\n                <TD>\n                    <BR CLEAR=all>\n                    <FONT FACE=\"Helvetica\" COLOR=\"black\" SIZE=\"3\">\n                        <H2>Error 404--Not Found</H2>\n                    </FONT>\n                </TD>\n            </TR>\n        </TABLE>\n        <TABLE border=0 width=100% cellpadding=10>\n            <TR>\n                <TD VALIGN=top WIDTH=100% BGCOLOR=white>\n                    <FONT FACE=\"Courier New\">\n                        <FONT FACE=\"Helvetica\" SIZE=\"3\">\n                            <H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>\n                        </FONT>\n                        <FONT FACE=\"Helvetica\" SIZE=\"3\">\n                            <H4>10.4.5 404 Not Found</H4>\n                        </FONT>\n                        <P>\n                            <FONT FACE=\"Courier New\">\n                                The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.\n                        </p>\n                        <p>If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.</FONT></P>\n                    </FONT>\n                </TD>\n            </TR>\n        </TABLE>\n    </BODY>\n</HTML>",
   "datamd5" : "e26e7874bcd5613de7a73a09bb31100c",
   "datammh3" : 1679174131,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "SE",
      "countryname" : "Sweden",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "true",
      "latitude" : "60.128161",
      "location" : "60.128161,18.643501",
      "longitude" : "18.643501",
      "netname" : "AMAZON-ARN",
      "organization" : "Amazon Data Services Sweden",
      "subnet" : "16.170.0.0/15"
   },
   "host" : [
      "ec2-16-171-60-171"
   ],
   "hostname" : [
      "ec2-16-171-60-171.eu-north-1.compute.amazonaws.com"
   ],
   "ip" : "16.171.60.171",
   "ipv6" : "false",
   "latitude" : "59.3241",
   "location" : "59.3241,18.0517",
   "longitude" : "18.0517",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4369,
   "product" : "Weblogic Server",
   "productvendor" : "Oracle",
   "productversion" : "10.3.6.0.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Not Found",
   "reverse" : [
      "ec2-16-171-60-171.eu-north-1.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 404,
   "subdomains" : [
      "compute.amazonaws.com",
      "eu-north-1.compute.amazonaws.com"
   ],
   "subnet" : "16.168.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
62.3.32.10

Network
62.3.32.0/24

Domain(s)
hosted-by-mvps.net

Device

<enterprise field>: device.class

URL

http://62.3.32.10:4369/ 301

Reverse DNS
ip-62-3-32-10-82360.vps.hosted-by-mvps.net

ASN
AS202448

Organization
MVPS LTD

Protocol
http

Source
datascan
Product
Apache HTTP Server

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
433fd4199a3d308ad34b27bca550fea1

HTTP Header MD5
1596025e1d1eb4b7aaf8a70fe8f5fcfb

HTTP Body MD5
d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 301 Moved Permanently
Location: /admin/login.html
Content-Type: text/html; charset=UTF-8
Server: Apache
Content-Length: 0
Set-Cookie: idA4039=24905182; max-age=2592000;
Connection: keep-alive

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:29:35.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1636538602,
         "headermd5" : "1596025e1d1eb4b7aaf8a70fe8f5fcfb",
         "headermmh3" : -1069809004
      },
      "length" : 210
   },
   "asn" : "AS202448",
   "city" : "Larnaca",
   "country" : "CY",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 301 Moved Permanently\r\nLocation: /admin/login.html\r\nContent-Type: text/html; charset=UTF-8\r\nServer: Apache\r\nContent-Length: 0\r\nSet-Cookie: idA4039=24905182; max-age=2592000;\r\nConnection: keep-alive\r\n\r\n",
   "datamd5" : "433fd4199a3d308ad34b27bca550fea1",
   "datammh3" : -1934269793,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "hosted-by-mvps.net"
   ],
   "host" : [
      "ip-62-3-32-10-82360"
   ],
   "hostname" : [
      "ip-62-3-32-10-82360.vps.hosted-by-mvps.net"
   ],
   "ip" : "62.3.32.10",
   "ipv6" : "false",
   "latitude" : "34.9125",
   "location" : "34.9125,33.6417",
   "longitude" : "33.6417",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MVPS LTD",
   "port" : 4369,
   "product" : "HTTP Server",
   "productvendor" : "Apache",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved Permanently",
   "reverse" : [
      "ip-62-3-32-10-82360.vps.hosted-by-mvps.net"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 301,
   "subdomains" : [
      "vps.hosted-by-mvps.net"
   ],
   "subnet" : "62.3.32.0/24",
   "tld" : [
      "net"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
146.70.117.131

Network
146.70.96.0/19

Device

<enterprise field>: device.class

URL

http://146.70.117.131:4369/ 400

ASN
AS9009

Organization
M247 Europe SRL

Protocol
http

Source
datascan

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
7ec6fc76f1262fda24211ad1f325a0f1

HTTP Header MD5
e1ac934a33d282a0f9203d1f38959cd4

HTTP Body MD5
b634668f41ef53ef6d608dc70c4e0dcb

HTTP/1.0 400 Bad Request

Client sent an HTTP request to an HTTPS server.

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:28:51.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "b634668f41ef53ef6d608dc70c4e0dcb",
         "bodymmh3" : 759042204,
         "headermd5" : "e1ac934a33d282a0f9203d1f38959cd4",
         "headermmh3" : 247729568
      },
      "length" : 76
   },
   "asn" : "AS9009",
   "city" : "Frankfurt am Main",
   "country" : "DE",
   "data" : "HTTP/1.0 400 Bad Request\r\n\r\nClient sent an HTTP request to an HTTPS server.\n",
   "datamd5" : "7ec6fc76f1262fda24211ad1f325a0f1",
   "datammh3" : 785411303,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS9009",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "DE",
      "countryname" : "Germany",
      "domain" : [
         "m247.com",
         "m247.ro"
      ],
      "isineu" : "true",
      "latitude" : "51.165691",
      "location" : "51.165691,10.451526",
      "longitude" : "10.451526",
      "netname" : "M247-LTD-Frankfurt",
      "organization" : "M247 Ltd Frankfurt",
      "subnet" : "146.70.117.0/24"
   },
   "ip" : "146.70.117.131",
   "ipv6" : "false",
   "latitude" : "50.1049",
   "location" : "50.1049,8.6295",
   "longitude" : "8.6295",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "M247 Europe SRL",
   "port" : 4369,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "146.70.96.0/19",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

<access denied by policy>

Network

<access denied by policy>

Domain(s)

Operating System

<access denied by policy> <access denied by policy>

Reverse DNS

<access denied by policy>

ASN

<access denied by policy>

Organization

<access denied by policy>

Protocol

<access denied by policy>

Source

<access denied by policy>
Operating System

<access denied by policy> <access denied by policy>

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5

<access denied by policy>
```
<access denied by policy>
```

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:28:09.000Z",
   "app" : "<enterprise field>: app",
   "asn" : "<access denied by policy>",
   "city" : "<access denied by policy>",
   "country" : "<access denied by policy>",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "<access denied by policy>",
   "datamd5" : "<access denied by policy>",
   "datammh3" : "<access denied by policy>",
   "device" : "<enterprise field>: device",
   "domain" : "<access denied by policy>",
   "geolocus" : "<enterprise field>: geolocus",
   "host" : "<access denied by policy>",
   "hostname" : "<access denied by policy>",
   "ip" : "<access denied by policy>",
   "ipv6" : "<access denied by policy>",
   "latitude" : "<access denied by policy>",
   "location" : "<access denied by policy>",
   "longitude" : "<access denied by policy>",
   "node" : "<enterprise field>: node",
   "organization" : "<access denied by policy>",
   "os" : "<access denied by policy>",
   "osvendor" : "<access denied by policy>",
   "port" : "<access denied by policy>",
   "protocol" : "<access denied by policy>",
   "protocolversion" : "<access denied by policy>",
   "reason" : "<access denied by policy>",
   "reverse" : "<access denied by policy>",
   "seen_date" : "<access denied by policy>",
   "source" : "<access denied by policy>",
   "status" : "<access denied by policy>",
   "subdomains" : "<access denied by policy>",
   "subnet" : "<access denied by policy>",
   "tag" : "<enterprise field>: tag",
   "tld" : "<access denied by policy>",
   "tls" : "<access denied by policy>",
   "transport" : "<access denied by policy>",
   "url" : "<access denied by policy>"
}

IP
60.54.116.171

Network
60.54.0.0/16

Device

<enterprise field>: device.class

Operating System
Microsoft Windows

URL

http://60.54.116.171:4369/ 403

HTTP Title
403 - Forbidden: Access is denied.

ASN
AS4788

Organization
TM TECHNOLOGY SERVICES SDN. BHD.

Protocol
http

Source
datascan
Operating System
Microsoft Windows

Product
Microsoft IIS 10.0

HTTP Component(s)
Microsoft ASP.NET

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
c5a72c1f5ebe497d4fe07ffb96aeb3a2

HTTP Header MD5
b690839560122c2a2a04dcf6a01c3e1b

HTTP Body MD5
02e3536d8084eddb0d537418440bb078

HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 07 Nov 2024 05:20:48 GMT
Connection: close
Content-Length: 1233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;} 
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;} 
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>403 - Forbidden: Access is denied.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:20:48.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/1999/xhtml",
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "02e3536d8084eddb0d537418440bb078",
         "bodymmh3" : -985096807,
         "component" : [
            {
               "productvendor" : "Microsoft",
               "product" : "ASP.NET"
            }
         ],
         "headermd5" : "b690839560122c2a2a04dcf6a01c3e1b",
         "headermmh3" : 1050060222,
         "title" : "403 - Forbidden: Access is denied."
      },
      "length" : 1413
   },
   "asn" : "AS4788",
   "city" : "Puchong Batu Dua Belas",
   "country" : "MY",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 403 Forbidden\r\nContent-Type: text/html\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 07 Nov 2024 05:20:48 GMT\r\nConnection: close\r\nContent-Length: 1233\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>403 - Forbidden: Access is denied.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n  <h2>403 - Forbidden: Access is denied.</h2>\r\n  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "c5a72c1f5ebe497d4fe07ffb96aeb3a2",
   "datammh3" : 264711203,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4788",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "MY",
      "countryname" : "Malaysia",
      "domain" : [
         "tm.com.my"
      ],
      "isineu" : "false",
      "latitude" : "4.210484",
      "location" : "4.210484,101.975766",
      "longitude" : "101.975766",
      "netname" : "TTSSB-MY",
      "organization" : "TM TECHNOLOGY SERVICES SDN BHD",
      "subnet" : "60.54.64.0/18"
   },
   "ip" : "60.54.116.171",
   "ipv6" : "false",
   "latitude" : "3.0659",
   "location" : "3.0659,101.6189",
   "longitude" : "101.6189",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "TM TECHNOLOGY SERVICES SDN. BHD.",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "osversion" : [
      "Server 2016",
      10
   ],
   "port" : 4369,
   "product" : "IIS",
   "productvendor" : "Microsoft",
   "productversion" : "10.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Forbidden",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 403,
   "subnet" : "60.54.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP
139.84.239.208

Network
139.84.128.0/17

Domain(s)
vultrusercontent.com

Device

<enterprise field>: device.class

Operating System
Linux Linux Kernel

URL

http://139.84.239.208:4369/ 302

Reverse DNS
139.84.239.208.vultrusercontent.com

ASN
AS20473

Organization
AS-VULTR

Protocol
http

Source
datascan
Operating System
Linux Linux Kernel

HTTP Component(s)
CrushFTP CrushFTP

CPE(s)

<enterprise field>: cpe

This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

Data MD5
0744db3b97abce2abfb7371b7265b47e

HTTP Header MD5
46b45c2d27e00895e4bd2923728ce046

HTTP Body MD5
d41d8cd98f00b204e9800998ecf8427e

HTTP/1.0 302 Found
Set-Cookie: currentAuth=6rIz; path=/
Set-Cookie: CrushAuth=173095683491_PiUTi0cjtPLy58B3TBEn2UIPlHbGoJ; path=/; HttpOnly
Date: Thu, 07 Nov 2024 05:20:34 UTC
Server: CrushFTP HTTP Server
P3P: policyref="/WebInterface/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Keep-Alive: timeout=15, max=20
Connection: Keep-Alive
Pragma: no-cache
location: /WebInterface/login.html
Content-Length: 0

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T05:20:35.000Z",
   "app" : {
      "extract" : {
         "file" : [
            "p3p.xml"
         ]
      },
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "component" : [
            {
               "product" : "CrushFTP",
               "productvendor" : "CrushFTP"
            }
         ],
         "headermd5" : "46b45c2d27e00895e4bd2923728ce046",
         "headermmh3" : -869329223
      },
      "length" : 456
   },
   "asn" : "AS20473",
   "city" : "Durbanville",
   "country" : "ZA",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.0 302 Found\r\nSet-Cookie: currentAuth=6rIz; path=/\r\nSet-Cookie: CrushAuth=173095683491_PiUTi0cjtPLy58B3TBEn2UIPlHbGoJ; path=/; HttpOnly\r\nDate: Thu, 07 Nov 2024 05:20:34 UTC\r\nServer: CrushFTP HTTP Server\r\nP3P: policyref=\"/WebInterface/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nKeep-Alive: timeout=15, max=20\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nlocation: /WebInterface/login.html\r\nContent-Length: 0\r\n\r\n",
   "datamd5" : "0744db3b97abce2abfb7371b7265b47e",
   "datammh3" : -178092291,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "vultrusercontent.com"
   ],
   "geolocus" : {
      "asn" : "AS20473",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "constant.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "CONSTANT",
      "organization" : "The Constant Company, LLC",
      "subnet" : "139.84.224.0/19"
   },
   "host" : [
      139
   ],
   "hostname" : [
      "139.84.239.208.vultrusercontent.com"
   ],
   "ip" : "139.84.239.208",
   "ipv6" : "false",
   "latitude" : "-33.8409",
   "location" : "-33.8409,18.6566",
   "longitude" : "18.6566",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AS-VULTR",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4369,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Found",
   "reverse" : [
      "139.84.239.208.vultrusercontent.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 302,
   "subdomains" : [
      "208.vultrusercontent.com",
      "239.208.vultrusercontent.com",
      "84.239.208.vultrusercontent.com"
   ],
   "subnet" : "139.84.128.0/17",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

Returning 10 result(s) out of 23,431 in 0.144 second(s)

85.26.213.196:4369 (tcp/http) - last seen on 2024-11-07 at 05:39:34 UTC

122.176.136.213:4369 (tcp/http) - last seen on 2024-11-07 at 05:38:50 UTC

43.204.233.253:4369 (tcp/http) - last seen on 2024-11-07 at 05:38:22 UTC

129.146.131.8:4369 (tcp/http) - last seen on 2024-11-07 at 05:37:36 UTC

16.171.60.171:4369 (tcp/http) - last seen on 2024-11-07 at 05:31:31 UTC

62.3.32.10:4369 (tcp/http) - last seen on 2024-11-07 at 05:29:35 UTC

146.70.117.131:4369 (tcp/http) - last seen on 2024-11-07 at 05:28:51 UTC

<access denied by policy>:<access denied by policy> (<access denied by policy>/<access denied by policy>) - last seen on 2024-11-07 at 05:28:09 UTC

60.54.116.171:4369 (tcp/http) - last seen on 2024-11-07 at 05:20:48 UTC

139.84.239.208:4369 (tcp/http) - last seen on 2024-11-07 at 05:20:35 UTC