IP

<access denied by policy>

Network

<access denied by policy>

Operating System

<access denied by policy> <access denied by policy>

ASN

<access denied by policy>

Organization

<access denied by policy>

Protocol

<access denied by policy>

Source

<access denied by policy>

Operating System

<access denied by policy> <access denied by policy>

CPE(s)

<enterprise field>: cpe

Data MD5

<access denied by policy>

<access denied by policy>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:19:25.000Z",
   "app" : "<enterprise field>: app",
   "asn" : "<access denied by policy>",
   "city" : "<access denied by policy>",
   "country" : "<access denied by policy>",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "<access denied by policy>",
   "datamd5" : "<access denied by policy>",
   "datammh3" : "<access denied by policy>",
   "device" : "<enterprise field>: device",
   "geolocus" : "<enterprise field>: geolocus",
   "ip" : "<access denied by policy>",
   "ipv6" : "<access denied by policy>",
   "latitude" : "<access denied by policy>",
   "location" : "<access denied by policy>",
   "longitude" : "<access denied by policy>",
   "node" : "<enterprise field>: node",
   "organization" : "<access denied by policy>",
   "os" : "<access denied by policy>",
   "osvendor" : "<access denied by policy>",
   "port" : "<access denied by policy>",
   "protocol" : "<access denied by policy>",
   "protocolversion" : "<access denied by policy>",
   "reason" : "<access denied by policy>",
   "seen_date" : "<access denied by policy>",
   "source" : "<access denied by policy>",
   "status" : "<access denied by policy>",
   "subnet" : "<access denied by policy>",
   "tag" : "<enterprise field>: tag",
   "tls" : "<access denied by policy>",
   "transport" : "<access denied by policy>",
   "url" : "<access denied by policy>"
}

IP

185.213.154.118

Network

185.213.152.0/22

Device

<enterprise field>: device.class

URL

http://185.213.154.118:4566/ 400

ASN

AS39351

Organization

31173 Services AB

Protocol

http

Source

datascan

Data MD5

7ec6fc76f1262fda24211ad1f325a0f1

HTTP Header MD5

e1ac934a33d282a0f9203d1f38959cd4

HTTP Body MD5

b634668f41ef53ef6d608dc70c4e0dcb

HTTP/1.0 400 Bad Request

Client sent an HTTP request to an HTTPS server.

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:19:15.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "b634668f41ef53ef6d608dc70c4e0dcb",
         "bodymmh3" : 759042204,
         "headermd5" : "e1ac934a33d282a0f9203d1f38959cd4",
         "headermmh3" : 247729568
      },
      "length" : 76
   },
   "asn" : "AS39351",
   "city" : "Gothenburg",
   "country" : "SE",
   "data" : "HTTP/1.0 400 Bad Request\r\n\r\nClient sent an HTTP request to an HTTPS server.\n",
   "datamd5" : "7ec6fc76f1262fda24211ad1f325a0f1",
   "datammh3" : 785411303,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS39351",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "SE",
      "countryname" : "Sweden",
      "domain" : [
         "31173.se"
      ],
      "isineu" : "true",
      "latitude" : "60.128161",
      "location" : "60.128161,18.643501",
      "longitude" : "18.643501",
      "netname" : "NET-31173-185-213-154",
      "organization" : "31173 Services AB",
      "subnet" : "185.213.154.64/26"
   },
   "ip" : "185.213.154.118",
   "ipv6" : "false",
   "latitude" : "57.7065",
   "location" : "57.7065,11.9670",
   "longitude" : "11.9670",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "31173 Services AB",
   "port" : 4566,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "185.213.152.0/22",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

13.251.45.65

Network

13.250.0.0/15

Domain(s)

amazonaws.com

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://13.251.45.65:4566/ 200

Reverse DNS

ec2-13-251-45-65.ap-southeast-1.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx

CPE(s)

<enterprise field>: cpe

Data MD5

97f64c9c6bf158d0d05d3f05372b5a7a

HTTP Header MD5

9f060a9cb1b31c417a3a68e629ae97e3

HTTP Body MD5

c25cbaf569d22e9f526ff69fe9e61bbf

HTTP/1.1 200 OK
Connection: close
Date: Thu, 07 Nov 2024 03:19:15 GMT
Server: nginx
Content-Length: 583
Content-Type: text/html

<html style="background:#007cef">
<head>
<meta http-equiv="expires" content="0">
<script type='text/javascript'>
pr=(document.location.protocol == 'https:') ? 'https' : 'http';
pt=(location.port == '') ? '' : ':' + location.port;
redirect_suffix = "/redirect.html?count="+Math.random();
if(location.hostname.indexOf(':') == -1)
{
location.href=pr+"://"+location.hostname+pt+redirect_suffix;
}
else    //could be ipv6 addr
{
var url = "";
url=pr+"://["+ location.hostname.replace(/[\[\]]/g, '') +"]"+pt+redirect_suffix;
location.href = url;
}
</script>
</head>
<body>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:19:15.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "c25cbaf569d22e9f526ff69fe9e61bbf",
         "bodymmh3" : 2073015905,
         "headermd5" : "9f060a9cb1b31c417a3a68e629ae97e3",
         "headermmh3" : -735030231
      },
      "length" : 719
   },
   "asn" : "AS16509",
   "city" : "Singapore",
   "country" : "SG",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 07 Nov 2024 03:19:15 GMT\r\nServer: nginx\r\nContent-Length: 583\r\nContent-Type: text/html\r\n\r\n<html style=\"background:#007cef\">\n<head>\n<meta http-equiv=\"expires\" content=\"0\">\n<script type='text/javascript'>\npr=(document.location.protocol == 'https:') ? 'https' : 'http';\npt=(location.port == '') ? '' : ':' + location.port;\nredirect_suffix = \"/redirect.html?count=\"+Math.random();\nif(location.hostname.indexOf(':') == -1)\n{\nlocation.href=pr+\"://\"+location.hostname+pt+redirect_suffix;\n}\nelse    //could be ipv6 addr\n{\nvar url = \"\";\nurl=pr+\"://[\"+ location.hostname.replace(/[\\[\\]]/g, '') +\"]\"+pt+redirect_suffix;\nlocation.href = url;\n}\n</script>\n</head>\n<body>\n</body>\n</html>\n",
   "datamd5" : "97f64c9c6bf158d0d05d3f05372b5a7a",
   "datammh3" : 1079192638,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "SG",
      "countryname" : "Singapore",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "false",
      "latitude" : "1.352083",
      "location" : "1.352083,103.819836",
      "longitude" : "103.819836",
      "netname" : "AMAZON-SIN",
      "organization" : "Amazon Data Services Singapore",
      "subnet" : "13.250.0.0/15"
   },
   "host" : [
      "ec2-13-251-45-65"
   ],
   "hostname" : [
      "ec2-13-251-45-65.ap-southeast-1.compute.amazonaws.com"
   ],
   "ip" : "13.251.45.65",
   "ipv6" : "false",
   "latitude" : "1.2868",
   "location" : "1.2868,103.8503",
   "longitude" : "103.8503",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4566,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "ec2-13-251-45-65.ap-southeast-1.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "ap-southeast-1.compute.amazonaws.com",
      "compute.amazonaws.com"
   ],
   "subnet" : "13.250.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

201.108.163.107

Network

201.108.0.0/14

Domain(s)

prod-dial.com.mx

Device

<enterprise field>: device.class

Operating System

Microsoft Windows

URL

http://201.108.163.107:4566/ 200

HTTP Title

VIVOTEK Web Console

Reverse DNS

dsl-201-108-163-107.prod-dial.com.mx

ASN

AS8151

Organization

UNINET

Protocol

http

Source

datascan

Operating System

Microsoft Windows

CPE(s)

<enterprise field>: cpe

Data MD5

e7b37d18794a44f0740d8ca524ef5bb2

HTTP Header MD5

5bf85e1ef94af60552a435cb3ab24afb

HTTP Body MD5

225e2055746af24acafc1dba663bfa8d

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Date: Wed Nov  6 21:18:22 2024 GMT--600
Expires: Mon, 1 Mon 1990 00:00:00 GMT
Set-Cookie: sid=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html
Content-Length: 906

<!DOCTYPE HTML>
<html lang="en">
	<head>
		<meta http-equiv="X-UA-Compatible" content="IE=8" />
		<meta http-equiv="content-type" content="text/html; charset=utf-8" />
		<title>VIVOTEK Web Console</title>
		<link href="css/index.css" media="all" rel="stylesheet" type="text/css" />
		<script>
			function SetAuth(type)
			{
				document.getElementById('AuthType').value = type;
			}
		</script>
	</head>
	<body>
		<div >
			<img id="logo" src="images/logo.png" />
			<img id="user" src="images/User.png" />
		</div>
		
		<form id="AuthForm" action="Authenticate.html" method="POST">
			<input type="submit" id="VASTButton" value="Basic Account" onclick="SetAuth('digest')"/>

			<input type="submit" id="ADButton" value="Windows AD Account" onclick="SetAuth('AD')"/>

			<input id="AuthType" name="AuthType" type="hidden" value="" />
		</form>
				
		</div>
	</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:18:22.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "225e2055746af24acafc1dba663bfa8d",
         "bodymmh3" : -1872607953,
         "headermd5" : "5bf85e1ef94af60552a435cb3ab24afb",
         "headermmh3" : -1313518093,
         "title" : "VIVOTEK Web Console"
      },
      "length" : 1228
   },
   "asn" : "AS8151",
   "city" : "Xalapa",
   "country" : "MX",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nCache-Control: no-store, no-cache, must-revalidate\r\nCache-Control: post-check=0, pre-check=0\r\nPragma: no-cache\r\nDate: Wed Nov  6 21:18:22 2024 GMT--600\r\nExpires: Mon, 1 Mon 1990 00:00:00 GMT\r\nSet-Cookie: sid=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT\r\nContent-Type: text/html\r\nContent-Length: 906\r\n\r\n<!DOCTYPE HTML>\r\n<html lang=\"en\">\r\n\t<head>\r\n\t\t<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\" />\r\n\t\t<meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />\r\n\t\t<title>VIVOTEK Web Console</title>\r\n\t\t<link href=\"css/index.css\" media=\"all\" rel=\"stylesheet\" type=\"text/css\" />\r\n\t\t<script>\r\n\t\t\tfunction SetAuth(type)\r\n\t\t\t{\r\n\t\t\t\tdocument.getElementById('AuthType').value = type;\r\n\t\t\t}\r\n\t\t</script>\r\n\t</head>\r\n\t<body>\r\n\t\t<div >\r\n\t\t\t<img id=\"logo\" src=\"images/logo.png\" />\r\n\t\t\t<img id=\"user\" src=\"images/User.png\" />\r\n\t\t</div>\r\n\t\t\r\n\t\t<form id=\"AuthForm\" action=\"Authenticate.html\" method=\"POST\">\r\n\t\t\t<input type=\"submit\" id=\"VASTButton\" value=\"Basic Account\" onclick=\"SetAuth('digest')\"/>\r\n\r\n\t\t\t<input type=\"submit\" id=\"ADButton\" value=\"Windows AD Account\" onclick=\"SetAuth('AD')\"/>\r\n\r\n\t\t\t<input id=\"AuthType\" name=\"AuthType\" type=\"hidden\" value=\"\" />\r\n\t\t</form>\r\n\t\t\t\t\r\n\t\t</div>\r\n\t</body>\r\n</html>\r\n",
   "datamd5" : "e7b37d18794a44f0740d8ca524ef5bb2",
   "datammh3" : -442391697,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "prod-dial.com.mx"
   ],
   "geolocus" : {
      "asn" : "AS8151",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "MX",
      "countryname" : "Mexico",
      "domain" : [
         "uninet-ide.com.mx",
         "uninet.com.mx"
      ],
      "isineu" : "false",
      "latitude" : "23.634501",
      "location" : "23.634501,-102.552784",
      "longitude" : "-102.552784",
      "netname" : "MX-USCV4-LACNIC",
      "organization" : "UNINET",
      "subnet" : "201.96.0.0/12"
   },
   "host" : [
      "dsl-201-108-163-107"
   ],
   "hostname" : [
      "dsl-201-108-163-107.prod-dial.com.mx"
   ],
   "ip" : "201.108.163.107",
   "ipv6" : "false",
   "latitude" : "19.3107",
   "location" : "19.3107,-96.9638",
   "longitude" : "-96.9638",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "UNINET",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 4566,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "dsl-201-108-163-107.prod-dial.com.mx"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "201.108.0.0/14",
   "tld" : [
      "com.mx"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

95.189.103.234

Network

95.189.96.0/20

Device

<enterprise field>: device.class

Operating System

Microsoft Windows

URL

http://95.189.103.234:4566/ 200

HTTP Title

IIS Windows

ASN

AS12389

Organization

Rostelecom

Protocol

http

Source

datascan

Operating System

Microsoft Windows

Product

Microsoft IIS 10.0

CPE(s)

<enterprise field>: cpe

Data MD5

01193d3fd55f7980fcb64ff1fb8b75c9

HTTP Header MD5

498aa3fde37c67fc39d713f9b02f652c

HTTP Body MD5

1dd82f6fc356bc3cddf7e82615de177c

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 18 Jun 2021 12:30:04 GMT
Accept-Ranges: bytes
ETag: "958043aa3d64d71:0"
Server: Microsoft-IIS/10.0
Date: Thu, 07 Nov 2024 03:18:01 GMT
Connection: close
Content-Length: 696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS Windows</title>
<style type="text/css">
<!--
body {
	color:#000000;
	background-color:#0072C6;
	margin:0;
}

#container {
	margin-left:auto;
	margin-right:auto;
	text-align:center;
	}

a img {
	border:none;
}

-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>
</div>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:18:01.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org",
            "microsoft.com"
         ],
         "hostname" : [
            "go.microsoft.com",
            "www.w3.org"
         ],
         "url" : [
            "http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409",
            "http://www.w3.org/1999/xhtml",
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "1dd82f6fc356bc3cddf7e82615de177c",
         "bodymmh3" : 1971329886,
         "header" : [
            {
               "value" : "Fri, 18 Jun 2021 12:30:04 GMT",
               "name" : "Last-Modified"
            },
            {
               "name" : "ETag",
               "value" : "958043aa3d64d71:0"
            }
         ],
         "headermd5" : "498aa3fde37c67fc39d713f9b02f652c",
         "headermmh3" : 1345705608,
         "title" : "IIS Windows"
      },
      "length" : 940
   },
   "asn" : "AS12389",
   "city" : "Chita",
   "country" : "RU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nLast-Modified: Fri, 18 Jun 2021 12:30:04 GMT\r\nAccept-Ranges: bytes\r\nETag: \"958043aa3d64d71:0\"\r\nServer: Microsoft-IIS/10.0\r\nDate: Thu, 07 Nov 2024 03:18:01 GMT\r\nConnection: close\r\nContent-Length: 696\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />\r\n<title>IIS Windows</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody {\r\n\tcolor:#000000;\r\n\tbackground-color:#0072C6;\r\n\tmargin:0;\r\n}\r\n\r\n#container {\r\n\tmargin-left:auto;\r\n\tmargin-right:auto;\r\n\ttext-align:center;\r\n\t}\r\n\r\na img {\r\n\tborder:none;\r\n}\r\n\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"container\">\r\n<a href=\"http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409\"><img src=\"iisstart.png\" alt=\"IIS\" width=\"960\" height=\"600\" /></a>\r\n</div>\r\n</body>\r\n</html>",
   "datamd5" : "01193d3fd55f7980fcb64ff1fb8b75c9",
   "datammh3" : 625036870,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS39407",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "RU",
      "countryname" : "Russia",
      "domain" : [
         "rt.ru",
         "sinor.ru"
      ],
      "isineu" : "false",
      "latitude" : "61.52401",
      "location" : "61.52401,105.318756",
      "longitude" : "105.318756",
      "netname" : "WEBSTREAM",
      "organization" : "OJSC \"Sibirtelecom",
      "subnet" : "95.189.96.0/20"
   },
   "ip" : "95.189.103.234",
   "ipv6" : "false",
   "latitude" : "52.0388",
   "location" : "52.0388,113.5595",
   "longitude" : "113.5595",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Rostelecom",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "osversion" : [
      "Server 2016",
      10
   ],
   "port" : 4566,
   "product" : "IIS",
   "productvendor" : "Microsoft",
   "productversion" : "10.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "95.189.96.0/20",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

203.83.10.253

Network

203.83.8.0/22

Device

<enterprise field>: device.class

Operating System

Microsoft Windows

URL

http://203.83.10.253:4566/ 400

HTTP Title

400 The plain HTTP request was sent to HTTPS port

ASN

AS132883

Organization

TOPWAY GLOBAL LIMITED

Protocol

http

Source

datascan

Operating System

Microsoft Windows

Product

F5 Nginx 1.17.6

CPE(s)

<enterprise field>: cpe

Data MD5

023c8c5e51d9ce9369af8e1f921f5e3f

HTTP Header MD5

f4eaba8998b0e515f84d95c1ad5ea5c7

HTTP Body MD5

a2b4897849c71fbcb21dd632d3506361

HTTP/1.1 400 Bad Request
Server: nginx/1.17.6
Date: Thu, 07 Nov 2024 03:18:00 GMT
Content-Type: text/html
Content-Length: 255
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.17.6</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:18:00.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "a2b4897849c71fbcb21dd632d3506361",
         "bodymmh3" : -2063426561,
         "headermd5" : "f4eaba8998b0e515f84d95c1ad5ea5c7",
         "headermmh3" : 912304483,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 407
   },
   "asn" : "AS132883",
   "country" : "CN",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx/1.17.6\r\nDate: Thu, 07 Nov 2024 03:18:00 GMT\r\nContent-Type: text/html\r\nContent-Length: 255\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx/1.17.6</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "023c8c5e51d9ce9369af8e1f921f5e3f",
   "datammh3" : 457427036,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS132883",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "cnaaa.com",
         "cnnic.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "cnaaa",
      "organization" : "Jiangsu Sanai network science and technology co ,LTD",
      "subnet" : "203.83.8.0/22"
   },
   "ip" : "203.83.10.253",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "TOPWAY GLOBAL LIMITED",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 4566,
   "product" : "Nginx",
   "productvendor" : "F5",
   "productversion" : "1.17.6",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "203.83.8.0/22",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

69.191.242.59

Network

69.191.240.0/20

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://69.191.242.59:4566/ 400

HTTP Title

400 The plain HTTP request was sent to HTTPS port

ASN

AS10361

Organization

BLOOMBERG-NET

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx

CPE(s)

<enterprise field>: cpe

Data MD5

0c1820e0d381850a77897bf32978a1f0

HTTP Header MD5

a629a0fe278971ad61801ba6975ba467

HTTP Body MD5

ea425366a98dfc499c0cbeedb9a4f02a

HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 07 Nov 2024 03:17:38 GMT
Content-Type: text/html
Content-Length: 248
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:17:38.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "ea425366a98dfc499c0cbeedb9a4f02a",
         "bodymmh3" : 1153229498,
         "headermd5" : "a629a0fe278971ad61801ba6975ba467",
         "headermmh3" : 857695530,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 393
   },
   "asn" : "AS10361",
   "city" : "Hoboken",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Thu, 07 Nov 2024 03:17:38 GMT\r\nContent-Type: text/html\r\nContent-Length: 248\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "0c1820e0d381850a77897bf32978a1f0",
   "datammh3" : 190190724,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS10361",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "bloomberg.com",
         "bloomberg.net"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "BLOOMBERG-NET-2",
      "organization" : "Bloomberg Financial Market",
      "subnet" : "69.191.240.0/20"
   },
   "ip" : "69.191.242.59",
   "ipv6" : "false",
   "latitude" : "40.7424",
   "location" : "40.7424,-74.0325",
   "longitude" : "-74.0325",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "BLOOMBERG-NET",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4566,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "69.191.240.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

104.250.52.14

Network

104.250.48.0/20

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

ASN

AS137280

Organization

Kingsoft cloud corporation limited

Protocol

unknown

Source

datascan

Operating System

Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

Data MD5

68b329da9893e34099c7d8ad5cb9c940

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:10:49.000Z",
   "app" : {
      "length" : 1
   },
   "asn" : "AS137280",
   "city" : "Singapore",
   "country" : "SG",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "\n",
   "datamd5" : "68b329da9893e34099c7d8ad5cb9c940",
   "datammh3" : -1840324437,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS137280",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "HK",
      "countryname" : "Hong Kong",
      "domain" : [
         "kingsoft.com"
      ],
      "isineu" : "false",
      "latitude" : "22.396428",
      "location" : "22.396428,114.109497",
      "longitude" : "114.109497",
      "netname" : "KSYUNGLOBAL-HK",
      "organization" : "Kingsoft cloud corporation limited",
      "subnet" : "104.250.52.0/22"
   },
   "ip" : "104.250.52.14",
   "ipv6" : "false",
   "latitude" : "1.2868",
   "location" : "1.2868,103.8503",
   "longitude" : "103.8503",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Kingsoft cloud corporation limited",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4566,
   "protocol" : "unknown",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "subnet" : "104.250.48.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

109.63.94.211

Network

109.63.80.0/20

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://109.63.94.211:4566/ 401

HTTP Title

Unauthorized

ASN

AS51375

Organization

Stc Bahrain B.s.c Closed

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

HTTP Component(s)

Plex Media Server

CPE(s)

<enterprise field>: cpe

Data MD5

2de861031040181ee2188040cc83180e

HTTP Header MD5

9ca01530123920eac6307b32e7d89d3b

HTTP Body MD5

58839c8a9d6616ca62adc7b6e3610676

HTTP/1.1 401 Unauthorized
X-Plex-Protocol: 1.0
Content-Length: 193
Content-Type: text/html
Connection: close
Cache-Control: no-cache
Date: Thu, 07 Nov 2024 03:10:47 GMT

<html><head><script>window.location = window.location.href.match(/(^.+\/)[^\/]*$/)[1] + 'web/index.html';</script><title>Unauthorized</title></head><body><h1>401 Unauthorized</h1></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:10:48.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "58839c8a9d6616ca62adc7b6e3610676",
         "bodymmh3" : 1524593440,
         "component" : [
            {
               "product" : "Media Server",
               "productvendor" : "Plex"
            }
         ],
         "headermd5" : "9ca01530123920eac6307b32e7d89d3b",
         "headermmh3" : 2054410825,
         "title" : "Unauthorized"
      },
      "length" : 371
   },
   "asn" : "AS51375",
   "city" : "Hamad Town",
   "country" : "BH",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 Unauthorized\r\nX-Plex-Protocol: 1.0\r\nContent-Length: 193\r\nContent-Type: text/html\r\nConnection: close\r\nCache-Control: no-cache\r\nDate: Thu, 07 Nov 2024 03:10:47 GMT\r\n\r\n<html><head><script>window.location = window.location.href.match(/(^.+\\/)[^\\/]*$/)[1] + 'web/index.html';</script><title>Unauthorized</title></head><body><h1>401 Unauthorized</h1></body></html>",
   "datamd5" : "2de861031040181ee2188040cc83180e",
   "datammh3" : -1584694499,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "ip" : "109.63.94.211",
   "ipv6" : "false",
   "latitude" : "26.1180",
   "location" : "26.1180,50.5011",
   "longitude" : "50.5011",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Stc Bahrain B.s.c Closed",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4566,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "109.63.80.0/20",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

44.244.33.218

Network

44.224.0.0/11

Domain(s)

amazonaws.com

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://44.244.33.218:4566/ 200

HTTP Title

Infocon Holding - EasyIO-30P Sedona

Reverse DNS

ec2-44-244-33-218.us-west-2.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx

CPE(s)

<enterprise field>: cpe

Data MD5

a0d13f5a8644408f638911c1a4d30bc0

HTTP Header MD5

b93e910767bc7dd35ce0736d46622fe3

HTTP Body MD5

1852f44d5a4231d68b3b2ca70e893cc5

HTTP/1.1 200 OK
Connection: close
Date: Thu, 07 Nov 2024 03:10:47 GMT
Server: nginx
Content-Type: text/html
Content-Length: 1289

<html><head><link rel=stylesheet type="text/css" href=menu.css><title>Infocon Holding - EasyIO-30P Sedona</title></head><body style="margin:0;" onload="onDocLoad();"><script language=javascript src=menuitem.js></script><script language=javascript src=menusc.js></script><div id=dropMenu onmouseout="onDropMenuMouseout(event);" onmouseover="onDropMenuMouseover();"></div><TABLE width=100% cellSpacing=0 cellPadding=0 bgcolor=#ffffff border=0 align=center><tr><td height=53px><img src=logo.gif class='clsMenu'><img src=btl.jpg></td></tr><tr><td><table width=100% bgcolor=#ece9d8 cellSpacing=0 cellPadding=2 border=1><tr id=menubar><td height=28><span id=mmenu onmouseover="onMenuBarMouseover();"></span></td><td id=login></td><td id=userid></td></tr></table></td></tr><tr height=768 valign=top align=center bgcolor="white"><td><table><tr><td colspan=2 height=10></td></tr><TR><Th colspan=2 id="cTtl"></Th></TR><tr><td align=center colspan=2><br></td></tr><tr><td colspan=2 height=10></td></tr><tr><td colspan=2 ID="cTbl"></td></tr><tr><td colspan=2 height=10></td></tr></table></td></tr></table><script language=javascript src=main.js></script><script language=javascript src=table.js></script><script language=javascript>function onDocLoad(){cTxtTbl();createMenu();}</script></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:10:47.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "1852f44d5a4231d68b3b2ca70e893cc5",
         "bodymmh3" : 777722857,
         "headermd5" : "b93e910767bc7dd35ce0736d46622fe3",
         "headermmh3" : 999796036,
         "title" : "Infocon Holding - EasyIO-30P Sedona"
      },
      "length" : 1426
   },
   "asn" : "AS16509",
   "city" : "Boardman",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 07 Nov 2024 03:10:47 GMT\r\nServer: nginx\r\nContent-Type: text/html\r\nContent-Length: 1289\r\n\r\n<html><head><link rel=stylesheet type=\"text/css\" href=menu.css><title>Infocon Holding - EasyIO-30P Sedona</title></head><body style=\"margin:0;\" onload=\"onDocLoad();\"><script language=javascript src=menuitem.js></script><script language=javascript src=menusc.js></script><div id=dropMenu onmouseout=\"onDropMenuMouseout(event);\" onmouseover=\"onDropMenuMouseover();\"></div><TABLE width=100% cellSpacing=0 cellPadding=0 bgcolor=#ffffff border=0 align=center><tr><td height=53px><img src=logo.gif class='clsMenu'><img src=btl.jpg></td></tr><tr><td><table width=100% bgcolor=#ece9d8 cellSpacing=0 cellPadding=2 border=1><tr id=menubar><td height=28><span id=mmenu onmouseover=\"onMenuBarMouseover();\"></span></td><td id=login></td><td id=userid></td></tr></table></td></tr><tr height=768 valign=top align=center bgcolor=\"white\"><td><table><tr><td colspan=2 height=10></td></tr><TR><Th colspan=2 id=\"cTtl\"></Th></TR><tr><td align=center colspan=2><br></td></tr><tr><td colspan=2 height=10></td></tr><tr><td colspan=2 ID=\"cTbl\"></td></tr><tr><td colspan=2 height=10></td></tr></table></td></tr></table><script language=javascript src=main.js></script><script language=javascript src=table.js></script><script language=javascript>function onDocLoad(){cTxtTbl();createMenu();}</script></body></html>\u0000",
   "datamd5" : "a0d13f5a8644408f638911c1a4d30bc0",
   "datammh3" : -2071317735,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZO-ZPDX",
      "organization" : "Amazon.com, Inc.",
      "subnet" : "44.224.0.0/11"
   },
   "host" : [
      "ec2-44-244-33-218"
   ],
   "hostname" : [
      "ec2-44-244-33-218.us-west-2.compute.amazonaws.com"
   ],
   "ip" : "44.244.33.218",
   "ipv6" : "false",
   "latitude" : "45.8491",
   "location" : "45.8491,-119.7143",
   "longitude" : "-119.7143",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4566,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "ec2-44-244-33-218.us-west-2.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "compute.amazonaws.com",
      "us-west-2.compute.amazonaws.com"
   ],
   "subnet" : "44.224.0.0/11",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}