IP

5.107.83.21

Network

5.107.0.0/16

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://5.107.83.21:4899/ 404

ASN

AS5384

Organization

Emirates Telecommunications Group Company (etisalat Group) Pjsc

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

Data MD5

4b5b496ff238cb6bc91391c80dbcb192

HTTP Header MD5

4b5b496ff238cb6bc91391c80dbcb192

HTTP Body MD5

d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 404 Not Found

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:09.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "4b5b496ff238cb6bc91391c80dbcb192",
         "headermmh3" : -2050145619
      },
      "length" : 24
   },
   "asn" : "AS5384",
   "city" : "Sharjah",
   "country" : "AE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 404 Not Found\r\n",
   "datamd5" : "4b5b496ff238cb6bc91391c80dbcb192",
   "datammh3" : -1733658736,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS5384",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "AE",
      "countryname" : "United Arab Emirates",
      "domain" : [
         "emirates.net.ae"
      ],
      "isineu" : "false",
      "latitude" : "23.424076",
      "location" : "23.424076,53.847818",
      "longitude" : "53.847818",
      "netname" : "ETISALATADSL-EMIRNET",
      "organization" : "Emirates Telecommunications Corporation P.O. Box 1150, Dubai, UAE",
      "subnet" : "5.107.0.0/17"
   },
   "ip" : "5.107.83.21",
   "ipv6" : "false",
   "latitude" : "25.3412",
   "location" : "25.3412,55.4224",
   "longitude" : "55.4224",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Emirates Telecommunications Group Company (etisalat Group) Pjsc",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Not Found",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 404,
   "subnet" : "5.107.0.0/16",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

103.140.186.11

Network

103.140.186.0/23

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://103.140.186.11:4899/ 200

ASN

AS206804

Organization

EstNOC OY

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

Data MD5

f27c039934e7ea2e2b15c9c0a3859f26

HTTP Header MD5

992f938f09faf879d225006862d5733a

HTTP Body MD5

3e8d102717d1c45cd5e6ea513ac708df

HTTP/1.1 200 OK
Date: Thu, 07 Nov 2024 03:29:04 UTC
Content-Type: text/html; charset=UTF-8
Content-Length: 172
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Location: /global-protect/login.esp
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';

<script LANGUAGE="JavaScript">
window.location="/global-protect/login.esp";
</script>
<html><head></head><body><p>JavaScript must be enabled to continue!</p></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:05.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "3e8d102717d1c45cd5e6ea513ac708df",
         "bodymmh3" : 2043901515,
         "headermd5" : "992f938f09faf879d225006862d5733a",
         "headermmh3" : 1908911781
      },
      "length" : 696
   },
   "asn" : "AS206804",
   "city" : "Singapore",
   "country" : "SG",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nDate: Thu, 07 Nov 2024 03:29:04 UTC\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 172\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nLocation: /global-protect/login.esp\r\nX-Frame-Options: DENY\r\nStrict-Transport-Security: max-age=31536000;\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';\r\n\r\n<script LANGUAGE=\"JavaScript\">\nwindow.location=\"/global-protect/login.esp\";\n</script>\n<html><head></head><body><p>JavaScript must be enabled to continue!</p></body></html>\n",
   "datamd5" : "f27c039934e7ea2e2b15c9c0a3859f26",
   "datammh3" : 239367868,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS206804",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "SG",
      "countryname" : "Singapore",
      "domain" : [
         "estnoc.ee"
      ],
      "isineu" : "false",
      "latitude" : "1.352083",
      "location" : "1.352083,103.819836",
      "longitude" : "103.819836",
      "netname" : "EstNOC-Singapore",
      "organization" : "EstNOC OY",
      "subnet" : "103.140.186.0/24"
   },
   "ip" : "103.140.186.11",
   "ipv6" : "false",
   "latitude" : "1.3264",
   "location" : "1.3264,103.9394",
   "longitude" : "103.9394",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "EstNOC OY",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "103.140.186.0/23",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

54.154.151.61

Network

54.154.0.0/15

Domain(s)

amazonaws.com

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://54.154.151.61:4899/ 200

Reverse DNS

ec2-54-154-151-61.eu-west-1.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx

CPE(s)

<enterprise field>: cpe

Data MD5

f192c778ba9971cccb2fcec90e21e379

HTTP Header MD5

9f060a9cb1b31c417a3a68e629ae97e3

HTTP Body MD5

852141068209c03fdeb5dacc5a9c52e3

HTTP/1.1 200 OK
Connection: close
Date: Thu, 07 Nov 2024 03:28:14 GMT
Server: nginx
Content-Length: 69
Content-Type: text/html

<html><body><script>top.location='/p/login/';</script></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:28:14.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "852141068209c03fdeb5dacc5a9c52e3",
         "bodymmh3" : -1124668290,
         "headermd5" : "9f060a9cb1b31c417a3a68e629ae97e3",
         "headermmh3" : 900726066
      },
      "length" : 204
   },
   "asn" : "AS16509",
   "city" : "Dublin",
   "country" : "IE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 07 Nov 2024 03:28:14 GMT\r\nServer: nginx\r\nContent-Length: 69\r\nContent-Type: text/html\r\n\r\n<html><body><script>top.location='/p/login/';</script></body></html>\n",
   "datamd5" : "f192c778ba9971cccb2fcec90e21e379",
   "datammh3" : -1092385355,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZON",
      "organization" : "Amazon Technologies Inc.",
      "subnet" : "54.154.0.0/15"
   },
   "host" : [
      "ec2-54-154-151-61"
   ],
   "hostname" : [
      "ec2-54-154-151-61.eu-west-1.compute.amazonaws.com"
   ],
   "ip" : "54.154.151.61",
   "ipv6" : "false",
   "latitude" : "53.3379",
   "location" : "53.3379,-6.2591",
   "longitude" : "-6.2591",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "ec2-54-154-151-61.eu-west-1.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "compute.amazonaws.com",
      "eu-west-1.compute.amazonaws.com"
   ],
   "subnet" : "54.154.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

185.192.41.66

Network

185.192.40.0/22

Device

<enterprise field>: device.class

Operating System

FreeBSD FreeBSD

URL

http://185.192.41.66:4899/ 401

HTTP Title

Unauthorized

ASN

AS206245

Organization

Subset Solutions UK Limited

Protocol

http

Source

datascan

Operating System

FreeBSD FreeBSD

HTTP Component(s)

Plex Media Server

CPE(s)

<enterprise field>: cpe

Data MD5

2de861031040181ee2188040cc83180e

HTTP Header MD5

9ca01530123920eac6307b32e7d89d3b

HTTP Body MD5

58839c8a9d6616ca62adc7b6e3610676

HTTP/1.1 401 Unauthorized
X-Plex-Protocol: 1.0
Content-Length: 193
Content-Type: text/html
Connection: close
Cache-Control: no-cache
Date: Thu, 07 Nov 2024 03:20:25 GMT

<html><head><script>window.location = window.location.href.match(/(^.+\/)[^\/]*$/)[1] + 'web/index.html';</script><title>Unauthorized</title></head><body><h1>401 Unauthorized</h1></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:20:26.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "58839c8a9d6616ca62adc7b6e3610676",
         "bodymmh3" : 1524593440,
         "component" : [
            {
               "productvendor" : "Plex",
               "product" : "Media Server"
            }
         ],
         "headermd5" : "9ca01530123920eac6307b32e7d89d3b",
         "headermmh3" : 421035589,
         "title" : "Unauthorized"
      },
      "length" : 371
   },
   "asn" : "AS206245",
   "city" : "Waterlooville",
   "country" : "GB",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 401 Unauthorized\r\nX-Plex-Protocol: 1.0\r\nContent-Length: 193\r\nContent-Type: text/html\r\nConnection: close\r\nCache-Control: no-cache\r\nDate: Thu, 07 Nov 2024 03:20:25 GMT\r\n\r\n<html><head><script>window.location = window.location.href.match(/(^.+\\/)[^\\/]*$/)[1] + 'web/index.html';</script><title>Unauthorized</title></head><body><h1>401 Unauthorized</h1></body></html>",
   "datamd5" : "2de861031040181ee2188040cc83180e",
   "datammh3" : -1584694499,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS206245",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "GB",
      "countryname" : "United Kingdom",
      "domain" : [
         "subset.host",
         "subsetsolutions.uk"
      ],
      "isineu" : "false",
      "latitude" : "55.378051",
      "location" : "55.378051,-3.435973",
      "longitude" : "-3.435973",
      "netname" : "SUBSETUK-DCNET",
      "organization" : "SUBSETUK-DCNET",
      "subnet" : "185.192.40.0/22"
   },
   "ip" : "185.192.41.66",
   "ipv6" : "false",
   "latitude" : "50.9163",
   "location" : "50.9163,-1.0075",
   "longitude" : "-1.0075",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Subset Solutions UK Limited",
   "os" : "FreeBSD",
   "osvendor" : "FreeBSD",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Unauthorized",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 401,
   "subnet" : "185.192.40.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

107.132.204.141

Network

107.132.0.0/16

Domain(s)

sbcglobal.net

Device

<enterprise field>: device.class

URL

http://107.132.204.141:4899/ 200

HTTP Title

WEB SERVICE

Reverse DNS

107-132-204-141.lightspeed.crchtx.sbcglobal.net

ASN

AS7018

Organization

ATT-INTERNET4

Protocol

http

Source

datascan

Data MD5

646fc6afd0f3961431383f7a7a540642

HTTP Header MD5

16aa56a7bf550a630e80c815add27257

HTTP Body MD5

f2418b1b634f690a0a648e225440ae53

HTTP/1.1 200 OK
CONNECTION: keep-alive
Date: Wed, 06 Nov 2024 21:19:33 GMT
Last-Modified: Fri, 22 May 2020 02:11:03 GMT
Etag: "1590113463:c06"
CONTENT-LENGTH: 3078
P3P: CP=CAO PSA OUR
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
CONTENT-TYPE: text/html

<!DOCTYPE HTML> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta charset="UTF-8"> <title>WEB SERVICE</title> <link href="./baseProj/images/favicon.ico" type="image/x-icon" rel="shortcut icon"> <script src="ext/ext-all.js"></script> <script type="text/javascript" src="./projectPath.js"></script> <script type="text/javascript" src="/app/libs/require.js"></script> <script type="text/javascript" src="/app/jsCore/require-config.js"></script> <script type="text/javascript">Ext.onReady(function () {
            //启用缓存
            Ext.Loader.setConfig({
                "disableCaching": true,
                "paths":{
                    "basePath": BASEURL, //配置基础项目的文件路径
                    "projectPath": PROJECT_URL //配置定制项目的文件路径
                }
            });

            //定义项目的加载路径
            var basePath = Ext.Loader.getPath('basePath'),
                projectPath = Ext.Loader.getPath('projectPath');

            //设置类的地址路径
            Ext.Loader.setPath({
                "jsCore": "app/jsCore",
                'component': "baseProj/js/component",
                'js': 'baseProj/js',
                'plugin': 'app/plugin',
                'widget': 'baseProj/js/widget',
                'baseCls':'app/baseCls',
				'app': 'baseCls', //各个项目统一一个app
                'customJs': projectPath+'js', // 非基线项目引用的js路径
                'desktop':PROJ_MODULE.indexOf('desktop') != -1? projectPath+'js/desktop':basePath+'/js/desktop', //加载指定项目的Desktop.js
                'data': PROJ_MODULE.indexOf('data') != -1 ? projectPath + 'data': basePath + '/data'  //加载指定项目的数据文件
            });
            //桌面内容不可选择
            Ext.getBody().unselectable();

            require(['pubsub', 'core', 'extend', 'libs/qrcode', 'libs/jsonpath', 'libs/json2',
                'libs/base64', 'libs/md5', 'libs/aes', 'libs/rsa', 'libs/xss', 'libs/moment',
                'timeaxes/TimeAxes',
                'timeaxes/TimeAxesAdaptor',
                'timeaxes/TimeGridLayer',
                'h5Player'
            ], function () {
                //载入必要的模块，字符串文件加载完成后，初始化和加载应用
                Ext.require(['jsCore.Common'], function () {
                    jsCore.Common.getJsonLanguage().done(function () {
                        //自验问题修改：设备初始化界面，密码输入框输入时，报js错误,修改为先设置规则
                        jsCore.Common.setFieldVtype();
                        Ext.require(['baseCls.App']);
                        //***密码输入框输入时，报js错误 END***//
                    });
                });
            });
        });</script> </head> <body></body> <script type="text/javascript" src="./pluginVersion.js"></script> <script type="text/javascript" src="./webVersion.js"></script> <script type="text/javascript" src="./cap.js"></script> </html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:19:44.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "f2418b1b634f690a0a648e225440ae53",
         "bodymmh3" : -529807277,
         "header" : [
            {
               "value" : "Fri, 22 May 2020 02:11:03 GMT",
               "name" : "Last-Modified"
            },
            {
               "value" : "1590113463:c06",
               "name" : "Etag"
            }
         ],
         "headermd5" : "16aa56a7bf550a630e80c815add27257",
         "headermmh3" : 1913387833,
         "title" : "WEB SERVICE"
      },
      "length" : 3464
   },
   "asn" : "AS7018",
   "city" : "Victoria",
   "country" : "US",
   "data" : "HTTP/1.1 200 OK\r\nCONNECTION: keep-alive\r\nDate: Wed, 06 Nov 2024 21:19:33 GMT\r\nLast-Modified: Fri, 22 May 2020 02:11:03 GMT\r\nEtag: \"1590113463:c06\"\r\nCONTENT-LENGTH: 3078\r\nP3P: CP=CAO PSA OUR\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1;mode=block\r\nContent-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'\r\nX-Content-Type-Options: nosniff\r\nCONTENT-TYPE: text/html\r\n\r\n<!DOCTYPE HTML> <html> <head> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\"> <meta charset=\"UTF-8\"> <title>WEB SERVICE</title> <link href=\"./baseProj/images/favicon.ico\" type=\"image/x-icon\" rel=\"shortcut icon\"> <script src=\"ext/ext-all.js\"></script> <script type=\"text/javascript\" src=\"./projectPath.js\"></script> <script type=\"text/javascript\" src=\"/app/libs/require.js\"></script> <script type=\"text/javascript\" src=\"/app/jsCore/require-config.js\"></script> <script type=\"text/javascript\">Ext.onReady(function () {\n            //\u542f\u7528\u7f13\u5b58\n            Ext.Loader.setConfig({\n                \"disableCaching\": true,\n                \"paths\":{\n                    \"basePath\": BASEURL, //\u914d\u7f6e\u57fa\u7840\u9879\u76ee\u7684\u6587\u4ef6\u8def\u5f84\n                    \"projectPath\": PROJECT_URL //\u914d\u7f6e\u5b9a\u5236\u9879\u76ee\u7684\u6587\u4ef6\u8def\u5f84\n                }\n            });\n\n            //\u5b9a\u4e49\u9879\u76ee\u7684\u52a0\u8f7d\u8def\u5f84\n            var basePath = Ext.Loader.getPath('basePath'),\n                projectPath = Ext.Loader.getPath('projectPath');\n\n            //\u8bbe\u7f6e\u7c7b\u7684\u5730\u5740\u8def\u5f84\n            Ext.Loader.setPath({\n                \"jsCore\": \"app/jsCore\",\n                'component': \"baseProj/js/component\",\n                'js': 'baseProj/js',\n                'plugin': 'app/plugin',\n                'widget': 'baseProj/js/widget',\n                'baseCls':'app/baseCls',\n\t\t\t\t'app': 'baseCls', //\u5404\u4e2a\u9879\u76ee\u7edf\u4e00\u4e00\u4e2aapp\n                'customJs': projectPath+'js', // \u975e\u57fa\u7ebf\u9879\u76ee\u5f15\u7528\u7684js\u8def\u5f84\n                'desktop':PROJ_MODULE.indexOf('desktop') != -1? projectPath+'js/desktop':basePath+'/js/desktop', //\u52a0\u8f7d\u6307\u5b9a\u9879\u76ee\u7684Desktop.js\n                'data': PROJ_MODULE.indexOf('data') != -1 ? projectPath + 'data': basePath + '/data'  //\u52a0\u8f7d\u6307\u5b9a\u9879\u76ee\u7684\u6570\u636e\u6587\u4ef6\n            });\n            //\u684c\u9762\u5185\u5bb9\u4e0d\u53ef\u9009\u62e9\n            Ext.getBody().unselectable();\n\n            require(['pubsub', 'core', 'extend', 'libs/qrcode', 'libs/jsonpath', 'libs/json2',\n                'libs/base64', 'libs/md5', 'libs/aes', 'libs/rsa', 'libs/xss', 'libs/moment',\n                'timeaxes/TimeAxes',\n                'timeaxes/TimeAxesAdaptor',\n                'timeaxes/TimeGridLayer',\n                'h5Player'\n            ], function () {\n                //\u8f7d\u5165\u5fc5\u8981\u7684\u6a21\u5757\uff0c\u5b57\u7b26\u4e32\u6587\u4ef6\u52a0\u8f7d\u5b8c\u6210\u540e\uff0c\u521d\u59cb\u5316\u548c\u52a0\u8f7d\u5e94\u7528\n                Ext.require(['jsCore.Common'], function () {\n                    jsCore.Common.getJsonLanguage().done(function () {\n                        //\u81ea\u9a8c\u95ee\u9898\u4fee\u6539\uff1a\u8bbe\u5907\u521d\u59cb\u5316\u754c\u9762\uff0c\u5bc6\u7801\u8f93\u5165\u6846\u8f93\u5165\u65f6\uff0c\u62a5js\u9519\u8bef,\u4fee\u6539\u4e3a\u5148\u8bbe\u7f6e\u89c4\u5219\n                        jsCore.Common.setFieldVtype();\n                        Ext.require(['baseCls.App']);\n                        //***\u5bc6\u7801\u8f93\u5165\u6846\u8f93\u5165\u65f6\uff0c\u62a5js\u9519\u8bef END***//\n                    });\n                });\n            });\n        });</script> </head> <body></body> <script type=\"text/javascript\" src=\"./pluginVersion.js\"></script> <script type=\"text/javascript\" src=\"./webVersion.js\"></script> <script type=\"text/javascript\" src=\"./cap.js\"></script> </html>",
   "datamd5" : "646fc6afd0f3961431383f7a7a540642",
   "datammh3" : 1551617712,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "sbcglobal.net"
   ],
   "geolocus" : {
      "asn" : "AS7018",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "att.com",
         "att.net",
         "sbcglobal.net"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "SIS-80-10-10-13",
      "organization" : "AT&T Corp.",
      "subnet" : "107.128.0.0/12"
   },
   "host" : [
      "107-132-204-141"
   ],
   "hostname" : [
      "107-132-204-141.lightspeed.crchtx.sbcglobal.net"
   ],
   "ip" : "107.132.204.141",
   "ipv6" : "false",
   "latitude" : "28.8684",
   "location" : "28.8684,-96.9960",
   "longitude" : "-96.9960",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "ATT-INTERNET4",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "107-132-204-141.lightspeed.crchtx.sbcglobal.net"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "crchtx.sbcglobal.net",
      "lightspeed.crchtx.sbcglobal.net"
   ],
   "subnet" : "107.132.0.0/16",
   "tld" : [
      "net"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

211.229.140.221

Network

211.229.128.0/20

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://211.229.140.221:4899/ 200

HTTP Title

main page

ASN

AS4766

Organization

Korea Telecom

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

Data MD5

590d3f1f5048082925f85226da9d33c2

HTTP Header MD5

a5668677bad84c83cbb2cf70fc5712b4

HTTP Body MD5

425064ac3f9b0beb2f58d1e3fe67fb73

HTTP/1.1 200 OK
Content-Type: text/html
ETag: "1112005829"
Last-Modified: Thu, 26 Jan 2023 08:12:26 GMT
Content-Length: 704
Accept-Ranges: bytes
Connection: close
Date: Thu, 07 Nov 2024 03:18:50 GMT
Server: fwebserver

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso8859-1">
<title>main page</title>
<script language="javascript">

function redirect() {
	location.href = "/cgi-bin/login.cgi";
}

function redirect_mobile_check() {

	var filter = "win16|win32|win64|mac|macintel|linux x86_64";
	var vWebType = "PC";

	if (navigator.platform)
	{
		if (filter.indexOf(navigator.platform.toLowerCase()) < 0)
			vWebType = "MOBILE";
		else
			vWebType = "PC";
	}

	if(vWebType ==  "PC")	
		location.href = "/cgi-bin/login.cgi";
	else
		location.href = "/cgi-bin_mobile/login.cgi";
}

</script>
</head>

<body onload="redirect_mobile_check()">
</body>

</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:18:53.000Z",
   "app" : {
      "extract" : {
         "file" : [
            "login.cgi"
         ]
      },
      "http" : {
         "bodymd5" : "425064ac3f9b0beb2f58d1e3fe67fb73",
         "bodymmh3" : 1045994363,
         "header" : [
            {
               "name" : "ETag",
               "value" : 1112005829
            },
            {
               "value" : "Thu, 26 Jan 2023 08:12:26 GMT",
               "name" : "Last-Modified"
            }
         ],
         "headermd5" : "a5668677bad84c83cbb2cf70fc5712b4",
         "headermmh3" : -2133048605,
         "title" : "main page"
      },
      "length" : 933
   },
   "asn" : "AS4766",
   "city" : "Gyeongsan-si",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nETag: \"1112005829\"\r\nLast-Modified: Thu, 26 Jan 2023 08:12:26 GMT\r\nContent-Length: 704\r\nAccept-Ranges: bytes\r\nConnection: close\r\nDate: Thu, 07 Nov 2024 03:18:50 GMT\r\nServer: fwebserver\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"content-type\" content=\"text/html; charset=iso8859-1\">\r\n<title>main page</title>\r\n<script language=\"javascript\">\r\n\r\nfunction redirect() {\r\n\tlocation.href = \"/cgi-bin/login.cgi\";\r\n}\r\n\r\nfunction redirect_mobile_check() {\r\n\r\n\tvar filter = \"win16|win32|win64|mac|macintel|linux x86_64\";\r\n\tvar vWebType = \"PC\";\r\n\r\n\tif (navigator.platform)\r\n\t{\r\n\t\tif (filter.indexOf(navigator.platform.toLowerCase()) < 0)\r\n\t\t\tvWebType = \"MOBILE\";\r\n\t\telse\r\n\t\t\tvWebType = \"PC\";\r\n\t}\r\n\r\n\tif(vWebType ==  \"PC\")\t\r\n\t\tlocation.href = \"/cgi-bin/login.cgi\";\r\n\telse\r\n\t\tlocation.href = \"/cgi-bin_mobile/login.cgi\";\r\n}\r\n\r\n</script>\r\n</head>\r\n\r\n<body onload=\"redirect_mobile_check()\">\r\n</body>\r\n\r\n</html>\r\n\r\n",
   "datamd5" : "590d3f1f5048082925f85226da9d33c2",
   "datammh3" : -473773929,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "211.229.128.0/20"
   },
   "ip" : "211.229.140.221",
   "ipv6" : "false",
   "latitude" : "35.9079",
   "location" : "35.9079,128.8210",
   "longitude" : "128.8210",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "211.229.128.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

122.45.156.117

Network

122.32.0.0/12

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://122.45.156.117:4899/ 200

HTTP Title

HCMSActiveX Viewer

ASN

AS17858

Organization

LG POWERCOMM

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

CPE(s)

<enterprise field>: cpe

Data MD5

9ad2eb29d3c6f78d0f61249e88cef835

HTTP Header MD5

ba860b3caca90736d63774a542763ca1

HTTP Body MD5

ec7d5b0ba383f43c5276c73269d63e31

HTTP/1.0 200 OK
Content-type: text/html
Date: Thu, 07 Nov 2024 03:18:23 GMT
Connection: close
Accept-Ranges: bytes
Last-Modified: Wed, 11 Nov 2020 03:00:06 GMT
Content-length: 812

<!DOCTYPE html>
<html>
<head>
<title>HCMSActiveX Viewer</title>
<script language="JavaScript">
<!--
function start()
{
	var href = document.URL.split("//");
	var host;
	if (href.length > 1) {
		host = href[1].split("/")[0];
	} else {
		host = href[0].split("/")[0];
	}

	host = host.split(":");

	var address = host[0];
	var port = 80;
	if (host.length > 1) {
		port = Number(host[1]);
	} else {
		port = 80;
	}

	HCMSActiveX.Connect(address, port);
}

function stop()
{
	HCMSActiveX.Disconnect();
}
//-->
</script>
</head>
<body onload="start()" onUnload="stop()">
<div align="center">
<object id="HCMSActiveX"
	width=1050 height=700
	classid="clsid:91B34397-1200-4BCA-BC91-8B3D12BE75C2"
	codebase="http://www.eznetdns.com/webviewer/common/HCMSActiveX.cab#version=0,2,0,10602">
</object>
</div>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:18:24.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "eznetdns.com"
         ],
         "hostname" : [
            "www.eznetdns.com"
         ],
         "url" : [
            "http://www.eznetdns.com/webviewer/common/HCMSActiveX.cab"
         ]
      },
      "http" : {
         "bodymd5" : "ec7d5b0ba383f43c5276c73269d63e31",
         "bodymmh3" : 336110476,
         "header" : [
            {
               "value" : "Wed, 11 Nov 2020 03:00:06 GMT",
               "name" : "Last-Modified"
            }
         ],
         "headermd5" : "ba860b3caca90736d63774a542763ca1",
         "headermmh3" : 417594921,
         "title" : "HCMSActiveX Viewer"
      },
      "length" : 1001
   },
   "asn" : "AS17858",
   "city" : "Yongsan-gu",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.0 200 OK\r\nContent-type: text/html\r\nDate: Thu, 07 Nov 2024 03:18:23 GMT\r\nConnection: close\r\nAccept-Ranges: bytes\r\nLast-Modified: Wed, 11 Nov 2020 03:00:06 GMT\r\nContent-length: 812\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n<title>HCMSActiveX Viewer</title>\n<script language=\"JavaScript\">\n<!--\nfunction start()\n{\n\tvar href = document.URL.split(\"//\");\n\tvar host;\n\tif (href.length > 1) {\n\t\thost = href[1].split(\"/\")[0];\n\t} else {\n\t\thost = href[0].split(\"/\")[0];\n\t}\n\n\thost = host.split(\":\");\n\n\tvar address = host[0];\n\tvar port = 80;\n\tif (host.length > 1) {\n\t\tport = Number(host[1]);\n\t} else {\n\t\tport = 80;\n\t}\n\n\tHCMSActiveX.Connect(address, port);\n}\n\nfunction stop()\n{\n\tHCMSActiveX.Disconnect();\n}\n//-->\n</script>\n</head>\n<body onload=\"start()\" onUnload=\"stop()\">\n<div align=\"center\">\n<object id=\"HCMSActiveX\"\n\twidth=1050 height=700\n\tclassid=\"clsid:91B34397-1200-4BCA-BC91-8B3D12BE75C2\"\n\tcodebase=\"http://www.eznetdns.com/webviewer/common/HCMSActiveX.cab#version=0,2,0,10602\">\n</object>\n</div>\n</body>\n</html>\n",
   "datamd5" : "9ad2eb29d3c6f78d0f61249e88cef835",
   "datammh3" : -164014901,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS17858",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "lguplus.co.kr",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "Xpeed",
      "organization" : "Xpeed",
      "subnet" : "122.32.0.0/12"
   },
   "ip" : "122.45.156.117",
   "ipv6" : "false",
   "latitude" : "37.5332",
   "location" : "37.5332,126.9692",
   "longitude" : "126.9692",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "LG POWERCOMM",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "122.32.0.0/12",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

160.124.138.215

Network

160.124.0.0/16

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://160.124.138.215:4899/ 302

HTTP Title

302 Found

ASN

AS132839

Organization

POWER LINE DATACENTER

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx

CPE(s)

<enterprise field>: cpe

Data MD5

fec523b9aa4f35bf1e9de0046045ced3

HTTP Header MD5

d7becab03a8905d978f0985d2d16182f

HTTP Body MD5

29b5f7615598c74df0019844c163d80c

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 07 Nov 2024 03:18:23 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Location: https://<ip>/
Strict-Transport-Security: max-age=31536000

<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:18:23.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "29b5f7615598c74df0019844c163d80c",
         "bodymmh3" : -23674247,
         "headermd5" : "d7becab03a8905d978f0985d2d16182f",
         "headermmh3" : -2117492965,
         "title" : "302 Found"
      },
      "length" : 359
   },
   "asn" : "AS132839",
   "country" : "ZA",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Thu, 07 Nov 2024 03:18:23 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: close\r\nLocation: https://<ip>/\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n<html>\r\n<head><title>302 Found</title></head>\r\n<body>\r\n<center><h1>302 Found</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "fec523b9aa4f35bf1e9de0046045ced3",
   "datammh3" : 576449098,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS132839",
      "continent" : "AF",
      "continentname" : "Africa",
      "country" : "ZA",
      "countryname" : "South Africa",
      "isineu" : "false",
      "latitude" : "-30.559482",
      "location" : "-30.559482,22.937506",
      "longitude" : "22.937506",
      "netname" : "POSIX-AFRICA",
      "organization" : "Posix Systems (Pty) Ltd",
      "subnet" : "160.124.0.0/16"
   },
   "ip" : "160.124.138.215",
   "ipv6" : "false",
   "latitude" : "-28.9984",
   "location" : "-28.9984,23.9888",
   "longitude" : "23.9888",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "POWER LINE DATACENTER",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved Temporarily",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 302,
   "subnet" : "160.124.0.0/16",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

45.15.21.106

Network

45.15.20.0/22

Domain(s)

v9ks2n.cn

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://45.15.21.106:4899/ 302

Reverse DNS

v9ks2n.cn

ASN

AS9009

Organization

M247 Europe SRL

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx

HTTP Component(s)

Oracle Java Atlassian Confluence

CPE(s)

<enterprise field>: cpe

Data MD5

1625694c587cd601197fb35f20511ece

HTTP Header MD5

2dc1e159d50343e36aa92b49adbad2ef

HTTP Body MD5

d41d8cd98f00b204e9800998ecf8427e

Favicon MD5

966e60f8eb85b7ea43a7b0095f3e2336

Favicon MMH3

-305179312

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 07 Nov 2024 01:50:51 UTC
Cache-Control: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Confluence-Request-Time: 1697032431875
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
Location: /login.action?os_destination=%2Findex.action&permissionViolation=true
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Set-Cookie: JSESSIONID=FD2CA9E2B09E9FEE2EC126FA48BF694B; Path=/; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:17:54.000Z",
   "app" : {
      "favicon" : {
         "image" : "AAABAAMAMDAAAAEAIACCCAAANgAAACAgAAABACAAYQUAALgIAAAQEAAAAQAgAIoCAAAZDgAAiVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAISUlEQVRoga2ZeZAU9RXHP98fuxyCCMu1CCoKGUzAaBUm0ZSlMRVTieYwXsHgVSYYTRmNROORFY9MFE80xiiJ4gkqpZaJ0RyWpiqJFQ9MUigeGxCPdVlQBAQVhJ1v/uiZ2e6Z7tnZYV9V19Tv9ev33ve97+v+dY+oJUctFSAe3r9Q066fZPjsVdOEDkX8Swr/3rBgd/d2jTLPHLV0CPBDYF/gMeAJHt5/Y79lWyG7nPbmePD9kg4GvaGgmyXd8f5vJq6rdV0tAN8A7geGStoi6RmkOyQ91r1kv5pOG5ERp781V3ApkiQh1I30TwXNk8KT7/5q3La6AejoFwYC9yAdJwAJRcc2pBck3Snp958snt7VH8m3/KhjBvAIaGIUpxgTIWkj0iIFzV8zf8yKugCEY/9zIPCopFGKvPU4jY7tSC9JulvSg1Lo+OiuXK98TZNRZ3YOwyxEHFtMuBgHemILSa8SNF/SfZ3XjNyUCaD5+BflQuEG4KweZz0g4jpJBaTXJC2S9ICklZtun1w3kDFndQXb5whdgRhY9p0N5BNJf1HQVVJ45q0rh3WnAZgK/FloEsWLewMCsqRVCloi6T5JL29YsMf2WsmPPXtNAE4A5oNaeuJUVb4MJKZbK+l3Crq1CsCgWcsvBK4oV5mY04SuAkhZpy5Jf1XQQ5KeBd5dd/OExG143E/WjgV+APopoiXpM+abRLejPHp0BUlPJwAMPvGVVuBPwH4J9FRUJ0uXBLdF0kopPI/0YgSMZtBUpK8K9kVqShnaGBBSdAlwG5viAKTwNYnpVCQXb2kVrbLBDUaaJjGtqHPxfOkn5rNUZVJ0mUC6BQvLAIae8r+dgVmIpkqaJJzVAJfN4SjvVF6nVD4TCIniPYt9fRmAgg4CHZgyoD1Oq2gSA9KLrg8DGotDzGcCxGbg2vaLQ0cTwPDZq5qxZ4GGVt2+KrqRMrS1OVwFrq4BjcUhkXxRFhFtb2gqIhqBtG99QxsDktb6rMrXO6BUMqBK/gtc3d6mT8oAgPUhhCVIEySNrI/XWZXv44AmeV2ueIasAy5ub9PrJUUA2PjbSdulMC8oHKEQFiiErjAgEAYEFAIhDIiOhK6kr9apaNujC0XdgPI60oWyTiGUQWTIVmAe8HhcWWU95sddTUjTJZ2ooGMk7aZiafvO6ySHU4YxK9lK6QZuAi5qb9PHNQGUpPWc9wJSTtL3JB0vabJUAaQODvcyjPUmfzvws/Y2Vb2P9Opt1/PWSwp7SvqupBMk7Y0UMjmcBa4x2QrcClySlnxdAOKy+0WbJ0rhaEknSfos8a1A5YBGyBpNHOA9Is7f0t6mj7KMGoqw59wtY6VweJFeByDt3ACvs6QbeBr4BfBUe5tqvo/vULQpl20fJulzkr6N9BVgCjCoQXfbgZeBhcDi9ja9W89FO1wugKm/tGzGATOAQ4DPE4EZRQQoK84WYDXwAvAo8ER7m1b3JXa/AKiUXN5DgFZgUvGYALQQgekGNgLvACuBdqCzvU2pL+29ScMAcnk3AeOATxFVewIwgujpvhVYX0zyTeANoKvyHt4f0mcAubxHA18GvkVElQnAkAxfJgKzDlgBPAf8HVgKrO1tQOuRugHk8h4BHAvMJvrYNbDBmFuJwDxp+xHbz6+YO2Bzg756B5DLW8CBwFyiyjc3Gqwktku/m7Cftb3Y9uOvXzZwTV991QSQy3sgcApwCbBrA7kmxDbYOFrE19ttL8O+x/aDb+SHdNTrMxNALu+hwAXAHGCnHcg6kXAieUz0U14XbF61fa/tB7BXvT1v55rfmVIB5PLeCbgMOJsGKROjSSzBeBcMjtYp54y90vb9thfZtHdeMyJ14KsA5PJuBn4OXEgDg5pKk4pKp1CoyrZ4zsZvYz/oiF4vdV0/OvHBLA3AbGA+MLShxGPVTKdJrS7EbCn5K6+7bP/B9p3YS9feGH2tTgDI5X0IsJh6B7ZYvbSEMoa1hm1snexCpe1645tccP69X4/fFmLJ7wrk60k+qliBgo0LheiwcaFnXTpXKBRSbAs9ti5QKK7LtoWatiNd8EzwaCi+1OfyHkA0sAf1lviOVDadJhm21RTqWePlRFuV8leJLwHfr0WTBgYwlRapg03JX9w2g1J4K2bR+7dM3ALQlMt7FHAe0dY3We14ZfsygDs2rL10gaXAU6U8m4AzgEN3jCaJypbugErvQp3Dmt6VArB4w4I91scBnIY9MJMmvbYesLvBy2yeAL9qsw271fY+tmdgTzEelJZ8VhfKtuVzBngN88c4U5psL7M9ATv08WlZOreB6LmxoOOq4YnN2Pg564JhLPYXbB9t+zDs1j4Ma2UXHvrgtr3eisfQlMu7W23Pxj7D9vg+dmGDYY7g7o6rd+mmhow9e22z7c9gH2/7ONuTwKqudCaFOoGvb7p98rIEAIDJl24LLhRm2D7f9hHA4DoGcBtwMXDNOxn7lDQZfebqYHsv2zOxZ9nOGYc6unAb4vTNC6ckCpV4Ek9q+3io7WOwz7U9zVjZQ8XDwCmd1/b85dkXaTmjQ7Z3s32MXTgRM912UylORfIfgI/88M7c3yr9pO5Gd79w8yTbZ9k+GbvF1RTqBL6z+rpRzzWSfKUMn72qFftI2ydHQ09zRRceBWZ+dNfUqg9cme8DE8//oMn2wbYvwD7UdlOMUpcTwqVd17W4PwCUZNipK0bZPhz7VNsH2AwuPrhO+vievZekXdP7t9Fz3x9p+4RiRyZjngZmrrlhzDv9mXxcdjr5tV1sH2b7m8ArmJu23PvpD9Ns63qpb52zTi4U9gF/0eYfa28cu7xfM86QQbOWB2xvXTw9s9P/ByyJE7YSazbXAAAAAElFTkSuQmCCiVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAFKElEQVRYhZ2We4icZxXGf8+Z3aStuk3S3aRNYm3iurSxSBWpQikIEUVSSFNrQ6Xb1HhLkXYptiq4GINbCVYxitHiSi60EdJCItj8kShFSCo1ijZEY7uJtZdkm6sm0mA3u3Me/5jLTuaWsQdeZub73nN+z3Pe733nE/Vxx5+uAPqBV9nx4XMN9/+PuPKLr3wSsVyKrYWuwv4zGxe4fk40yRsEdkvaHp/5y12FlQdmvR347DWvXaNCrIso3B+F2C7p4b4Hj/fWz9NFau78c69hl6SbJSFpQhH7I2KTFM+89eQNpzuB9z14QsWpqW9JrJUkKUAqRug5RayPiN+Of3/OZIOAwsoDdwu2SJohCSIoC5mMiBek2KLQr97c1D/eTkDvA28sBbZJmieVa4TKteKcIrZFaMPr63sOVwXM+Oxfr8A8hVgmRU2CqClSlOKQQr+MiJ1I//j3z949VQufO3TyFuBxSTfWgaFSL4QUL0bET6oCLrvn0FLQDoV66sHUiwlZ0lFF7A3FXoX+KUU30i2Ce5AW1oCmc+t/S2cF8I77xgq2f460us5xsy5c7Kgk5oIUIam7BQhNL2c5LyzY0gWgiBsFn6px2AAm6oRMgyRpZjMwbboAHBB8twsgCoXlQtcoNL1OTRy3amU7UG0XKrWB88D3xoZ1pCQgCmcU+o+knrZFqgLbgxrarYs2G8BmYAdAWUCMKnRQEZ8LxTKF+miAdOAw6n43j93Ao2PDmmg4B+YOneyWdFNErFLECoXmNwPTyjFAazDAc8Dnx4b1UuVC09kLHjlbkLREEYOKuEvStaVnrQ7cusX1YWAPMFQLbymgEu/55vmQ4n2KWBmhO6W4XlJ3h9BKnAU2UXroTtTf7KhK/7pJobha0sck3QZ8BFgIzGyRksAp4FlgFNg3NqzJZhM7tlGJgRHPKMNvKI/rgF7gMmACGAcOAvuBsbFhXWhX75ICBkbcDbwXuBn4ADC/BnYaeBV4ETgEHL0UsGMBAyMuAB8FvgR8HLia5u8PlMUcBf6A/Yzt39k+fmRtV8MLSEcCBkbcCzxUhje8RLQK29ietP2SM5+2vd3Ow6985/LsWMDAiBcBG4DbaO24loqr8IR0RYhtv2bn004/Yftvr69/V7GtgDJ8FFjaiVtchVVH47XE6XHbO5251fYLb/xgTnVHVAUMjPgq4BfA7W8HXLqepe/ZUtApZ+6yvdnO50/+aN6FKMO7gK8By9uBM7NmFMni9HCxSBazNGrn1I5isS8z78vMXzt9P5T/jIBlwJr6JSmtb1tHje5rOtB8boLdYzMXoGtgxNcC3wB6Ol/fvCSI2nm110s5p4CdlQ48TOmQaeEym4Emy095t23RGtRCFHsQB0oC7E8bouQo27TY2D5mvA2zz85JpxfZvtXOW51eYFtt3Zc+z2O2nRu9bhKgK+1vO3PI9vubui+3GnwIWJOZ+8Yfm1094eY9dHoUu9+ZK9J5t+0l2AVnS/e/B/ZdtA0Xr51Y7PSQnYNOz26i/CQweOyxWXvabdGrvjI+384VTq+y86byEtWamsJ84c3N/VsrOQHw8rqZL2fmVzO9MjOfzcypytZxFsnMx41/0w4OcGbj/PF//XThRjuXOf3lzNybxZwobc8iWcyDmbm7NqfhKF749XNznL43Mx+wvRj7j8CK4z/sPXYpAfXxztVHZtn+hDNX2/4g5tH/PnH9j9sKAFjwyFkVi1MfcnoVsOvEhr7dzeZ1GpcP/v1KwyLsw289ueR87b3/AaPHxyTsnFoAAAAAAElFTkSuQmCCiVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACUUlEQVQ4jW2SXWgOYBTH/+ecZ1NrvjJlkvkoayWyJm7kxgVWLpZWhFgpZW6krLxFuJjU3LhQ8hFR2lZa+bqdhEZpIS2LppnPFtbS23v+x8X7sXc49dyc//P7nafTIwCAlmcJwH5RnTCzvtyt1T/wn5pzYGSniLSapc6KysqnY13zQgDAWl80AHigqvM1pYdm6Yolu//r0vLxIlxzaKwOgR5RaVKzEUvpvFm6JgAwY9frjIicUlWoGtQ0q2bPLKVus/REzKoEOCwizWIGVYWa5tRsQKrb3tYh0Ceqq9RKAkheFmo2oaqmplVTWV4iIreTpVQvorU6ZS6TmKjpTNViZpA8CBEZBJBJqtZvyXZoSm1maYuazv0bUNUSWKhRAEeHMvKq1Fl4ZLxSzdZaSnvNbKua1YqqlEEAEAAGAXQMZeQ+AExLAWDZ8axZSitFpBnAOgDzC+AXAP0AeocyMlK8P02w4nQsAtACYCOABYX8K4CnEXGH7i+HT1R4OSNl8CYAZwCsmSaOQEQEyTG633X3q0Ef+NA5K1sSFOBLABZPcZE/dNAJkggSpI/Tec89d5nuj2TF6agHcBNAYwlkHshDecE/PfJbMPYkACeBaAxG2RSC5GSQTno1nRKc9goE4zOANynIWpI50lNxUkTcjYiuICfdfT3dt9O9iWRlYToioufnxaXvkufD3XRvp/sSRjwX4ODo2TnvC+t4XNP+8aq7b6b7PrpvCPJ7AN2lJdYdm5RcNruW9I5g9H46V3Pj7/8BANVtw7NJ3xbk7Ii48Pt6Q+4P/3tTTDJ3gjcAAAAASUVORK5CYII=",
         "imagemd5" : "966e60f8eb85b7ea43a7b0095f3e2336",
         "imagemmh3" : -305179312,
         "length" : 4259,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1636538602,
         "component" : [
            {
               "productvendor" : "Oracle",
               "product" : "Java"
            },
            {
               "productvendor" : "Atlassian",
               "product" : "Confluence"
            }
         ],
         "headermd5" : "2dc1e159d50343e36aa92b49adbad2ef",
         "headermmh3" : -136762667
      },
      "length" : 620
   },
   "asn" : "AS9009",
   "city" : "New York",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Thu, 07 Nov 2024 01:50:51 UTC\r\nCache-Control: no-store\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nX-Confluence-Request-Time: 1697032431875\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Security-Policy: frame-ancestors 'self'\r\nLocation: /login.action?os_destination=%2Findex.action&permissionViolation=true\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nSet-Cookie: JSESSIONID=FD2CA9E2B09E9FEE2EC126FA48BF694B; Path=/; Secure; HttpOnly\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\n\r\n",
   "datamd5" : "1625694c587cd601197fb35f20511ece",
   "datammh3" : 1837928346,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "v9ks2n.cn"
   ],
   "geolocus" : {
      "asn" : "AS55933",
      "continent" : "OC",
      "continentname" : "Oceania",
      "country" : "AU",
      "countryname" : "Australia",
      "domain" : [
         "apnic.net"
      ],
      "isineu" : "false",
      "latitude" : "-25.274398",
      "location" : "-25.274398,133.775136",
      "longitude" : "133.775136",
      "netname" : "IANA-NETBLOCK-45",
      "organization" : "This network range is not fully allocated to APNIC.",
      "subnet" : "45.0.0.0/8"
   },
   "hostname" : [
      "v9ks2n.cn"
   ],
   "ip" : "45.15.21.106",
   "ipv6" : "false",
   "latitude" : "40.7123",
   "location" : "40.7123,-74.0068",
   "longitude" : "-74.0068",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "M247 Europe SRL",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Found",
   "reverse" : [
      "v9ks2n.cn"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 302,
   "subnet" : "45.15.20.0/22",
   "tld" : [
      "cn"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

IP

13.246.37.168

Network

13.244.0.0/14

Domain(s)

amazonaws.com

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

http://13.246.37.168:4899/ 200

HTTP Title

Download Master

Reverse DNS

ec2-13-246-37-168.af-south-1.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx

CPE(s)

<enterprise field>: cpe

Data MD5

a52ae731c45deec6fcf5b3934ee55e00

HTTP Header MD5

9f060a9cb1b31c417a3a68e629ae97e3

HTTP Body MD5

18ccd80dc0943311ea6b6014e12a985c

HTTP/1.1 200 OK
Connection: close
Date: Thu, 07 Nov 2024 03:10:49 GMT
Server: nginx
Content-Length: 1767
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html xmlns:v>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Expires" content="-1" />
<meta HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<meta http-equiv="Pragma" content="no-cache" />
<title>Download Master</title>
<script type="text/javascript" src="jquery.js"></script>
</head>
<body>
<script>
var httpTag = 'https:' == document.location.protocol ? false : true;
        if(( navigator.userAgent.match(/iPhone/i)) ||
            ( navigator.userAgent.match(/iPod/i))   ||
                ( navigator.userAgent.match(/windows ce/i)) ||
                ( navigator.userAgent.match(/windows phone/i)) ||
                ( navigator.userAgent.match(/Android/i)) &&
                ( navigator.userAgent.match(/Mobile/i)))
                {
                if(httpTag)
                        self.location = "http://"+ location.host.split(":")[0] +":"+ location.host.split(":")[1] +"/downloadmaster/index.asp";
                else
                        self.location = "https://"+ location.host.split(":")[0] +":"+ location.host.split(":")[1] +"/downloadmaster/index.asp";
                }
        else{
                if(httpTag)
                        self.location = "http://"+ location.host.split(":")[0] +":"+ location.host.split(":")[1] +"/downloadmaster/index.asp";
                else
                        self.location = "https://"+ location.host.split(":")[0] +":"+ location.host.split(":")[1] +"/downloadmaster/index.asp";
                }

</script>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:10:49.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/1999/xhtml",
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "18ccd80dc0943311ea6b6014e12a985c",
         "bodymmh3" : 559765034,
         "headermd5" : "9f060a9cb1b31c417a3a68e629ae97e3",
         "headermmh3" : 1091240298,
         "title" : "Download Master"
      },
      "length" : 1904
   },
   "asn" : "AS16509",
   "city" : "Cape Town",
   "country" : "ZA",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 07 Nov 2024 03:10:49 GMT\r\nServer: nginx\r\nContent-Length: 1767\r\nContent-Type: text/html\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<html xmlns:v>\n<head>\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=EmulateIE8\" />\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta http-equiv=\"Expires\" content=\"-1\" />\n<meta HTTP-EQUIV=\"Cache-Control\" CONTENT=\"no-cache\">\n<meta http-equiv=\"Pragma\" content=\"no-cache\" />\n<title>Download Master</title>\n<script type=\"text/javascript\" src=\"jquery.js\"></script>\n</head>\n<body>\n<script>\nvar httpTag = 'https:' == document.location.protocol ? false : true;\n        if(( navigator.userAgent.match(/iPhone/i)) ||\n            ( navigator.userAgent.match(/iPod/i))   ||\n                ( navigator.userAgent.match(/windows ce/i)) ||\n                ( navigator.userAgent.match(/windows phone/i)) ||\n                ( navigator.userAgent.match(/Android/i)) &&\n                ( navigator.userAgent.match(/Mobile/i)))\n                {\n                if(httpTag)\n                        self.location = \"http://\"+ location.host.split(\":\")[0] +\":\"+ location.host.split(\":\")[1] +\"/downloadmaster/index.asp\";\n                else\n                        self.location = \"https://\"+ location.host.split(\":\")[0] +\":\"+ location.host.split(\":\")[1] +\"/downloadmaster/index.asp\";\n                }\n        else{\n                if(httpTag)\n                        self.location = \"http://\"+ location.host.split(\":\")[0] +\":\"+ location.host.split(\":\")[1] +\"/downloadmaster/index.asp\";\n                else\n                        self.location = \"https://\"+ location.host.split(\":\")[0] +\":\"+ location.host.split(\":\")[1] +\"/downloadmaster/index.asp\";\n                }\n\n</script>\n</body>\n</html>\n",
   "datamd5" : "a52ae731c45deec6fcf5b3934ee55e00",
   "datammh3" : -434684070,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "AF",
      "continentname" : "Africa",
      "country" : "ZA",
      "countryname" : "South Africa",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "false",
      "latitude" : "-30.559482",
      "location" : "-30.559482,22.937506",
      "longitude" : "22.937506",
      "netname" : "AMAZON-CPT",
      "organization" : "Amazon Data Services South Africa",
      "subnet" : "13.244.0.0/14"
   },
   "host" : [
      "ec2-13-246-37-168"
   ],
   "hostname" : [
      "ec2-13-246-37-168.af-south-1.compute.amazonaws.com"
   ],
   "ip" : "13.246.37.168",
   "ipv6" : "false",
   "latitude" : "-34.0486",
   "location" : "-34.0486,18.4811",
   "longitude" : "18.4811",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "ec2-13-246-37-168.af-south-1.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "af-south-1.compute.amazonaws.com",
      "compute.amazonaws.com"
   ],
   "subnet" : "13.244.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}