ONYPHE
datascan ctl threatlist sniffer vulnscan riskscan

Returning 10 result(s) out of 282 in 0.056 second(s)

  • 211.229.140.221:4899 (tcp/http) - last seen on 2024-11-07 at 03:18:53 UTC

    • IP
      211.229.140.221
      Network
      211.229.128.0/20
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://211.229.140.221:4899/ 200

      HTTP Title
      main page
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      590d3f1f5048082925f85226da9d33c2
      HTTP Header MD5
      a5668677bad84c83cbb2cf70fc5712b4
      HTTP Body MD5
      425064ac3f9b0beb2f58d1e3fe67fb73 
    • HTTP/1.1 200 OK
Content-Type: text/html
ETag: "1112005829"
Last-Modified: Thu, 26 Jan 2023 08:12:26 GMT
Content-Length: 704
Accept-Ranges: bytes
Connection: close
Date: Thu, 07 Nov 2024 03:18:50 GMT
Server: fwebserver

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso8859-1">
<title>main page</title>
<script language="javascript">

function redirect() {
	location.href = "/cgi-bin/login.cgi";
}

function redirect_mobile_check() {

	var filter = "win16|win32|win64|mac|macintel|linux x86_64";
	var vWebType = "PC";

	if (navigator.platform)
	{
		if (filter.indexOf(navigator.platform.toLowerCase()) < 0)
			vWebType = "MOBILE";
		else
			vWebType = "PC";
	}

	if(vWebType ==  "PC")	
		location.href = "/cgi-bin/login.cgi";
	else
		location.href = "/cgi-bin_mobile/login.cgi";
}

</script>
</head>

<body onload="redirect_mobile_check()">
</body>

</html>


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:18:53.000Z",
   "app" : {
      "extract" : {
         "file" : [
            "login.cgi"
         ]
      },
      "http" : {
         "bodymd5" : "425064ac3f9b0beb2f58d1e3fe67fb73",
         "bodymmh3" : 1045994363,
         "header" : [
            {
               "name" : "ETag",
               "value" : 1112005829
            },
            {
               "name" : "Last-Modified",
               "value" : "Thu, 26 Jan 2023 08:12:26 GMT"
            }
         ],
         "headermd5" : "a5668677bad84c83cbb2cf70fc5712b4",
         "headermmh3" : -2133048605,
         "title" : "main page"
      },
      "length" : 933
   },
   "asn" : "AS4766",
   "city" : "Gyeongsan-si",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nETag: \"1112005829\"\r\nLast-Modified: Thu, 26 Jan 2023 08:12:26 GMT\r\nContent-Length: 704\r\nAccept-Ranges: bytes\r\nConnection: close\r\nDate: Thu, 07 Nov 2024 03:18:50 GMT\r\nServer: fwebserver\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"content-type\" content=\"text/html; charset=iso8859-1\">\r\n<title>main page</title>\r\n<script language=\"javascript\">\r\n\r\nfunction redirect() {\r\n\tlocation.href = \"/cgi-bin/login.cgi\";\r\n}\r\n\r\nfunction redirect_mobile_check() {\r\n\r\n\tvar filter = \"win16|win32|win64|mac|macintel|linux x86_64\";\r\n\tvar vWebType = \"PC\";\r\n\r\n\tif (navigator.platform)\r\n\t{\r\n\t\tif (filter.indexOf(navigator.platform.toLowerCase()) < 0)\r\n\t\t\tvWebType = \"MOBILE\";\r\n\t\telse\r\n\t\t\tvWebType = \"PC\";\r\n\t}\r\n\r\n\tif(vWebType ==  \"PC\")\t\r\n\t\tlocation.href = \"/cgi-bin/login.cgi\";\r\n\telse\r\n\t\tlocation.href = \"/cgi-bin_mobile/login.cgi\";\r\n}\r\n\r\n</script>\r\n</head>\r\n\r\n<body onload=\"redirect_mobile_check()\">\r\n</body>\r\n\r\n</html>\r\n\r\n",
   "datamd5" : "590d3f1f5048082925f85226da9d33c2",
   "datammh3" : -473773929,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "211.229.128.0/20"
   },
   "ip" : "211.229.140.221",
   "ipv6" : "false",
   "latitude" : "35.9079",
   "location" : "35.9079,128.8210",
   "longitude" : "128.8210",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "211.229.128.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 211.184.92.106:4899 (tcp/http) - last seen on 2024-11-07 at 00:40:46 UTC

    • IP
      211.184.92.106
      Network
      211.184.80.0/20
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://211.184.92.106:4899/ 200

      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      httpd httpd
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      568bea25c0aedb2ee99c171ae2e22ade
      HTTP Header MD5
      108601d04fb40cca73964b150fc4a31a
      HTTP Body MD5
      7f20c9c6f2f82599d5e98f166fcd70a0 
    • HTTP/1.0 200 OK
Date: Thu, 07 Nov 2024 00:40:44 GMT
Server: Httpd/1.0
Connection: close
Content-Length: 112
Last-Modified: Fri, 29 Mar 2019 02:57:32 GMT
Content-Type: text/html

<html>
<head>
<meta http-equiv=refresh content="0; URL=login/login.cgi">
<title></title>
<body>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T00:40:46.000Z",
   "app" : {
      "extract" : {
         "file" : [
            "login.cgi"
         ]
      },
      "http" : {
         "bodymd5" : "7f20c9c6f2f82599d5e98f166fcd70a0",
         "bodymmh3" : -957351584,
         "header" : [
            {
               "value" : "Fri, 29 Mar 2019 02:57:32 GMT",
               "name" : "Last-Modified"
            }
         ],
         "headermd5" : "108601d04fb40cca73964b150fc4a31a",
         "headermmh3" : 1688677786
      },
      "length" : 298
   },
   "asn" : "AS4766",
   "city" : "Seongnam-si",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.0 200 OK\r\nDate: Thu, 07 Nov 2024 00:40:44 GMT\r\nServer: Httpd/1.0\r\nConnection: close\r\nContent-Length: 112\r\nLast-Modified: Fri, 29 Mar 2019 02:57:32 GMT\r\nContent-Type: text/html\r\n\r\n<html>\n<head>\n<meta http-equiv=refresh content=\"0; URL=login/login.cgi\">\n<title></title>\n<body>\n</body>\n</html>\n",
   "datamd5" : "568bea25c0aedb2ee99c171ae2e22ade",
   "datammh3" : 2093214656,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "211.184.80.0/20"
   },
   "ip" : "211.184.92.106",
   "ipv6" : "false",
   "latitude" : "37.4569",
   "location" : "37.4569,127.1213",
   "longitude" : "127.1213",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "product" : "httpd",
   "productvendor" : "httpd",
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "211.184.80.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 14.35.173.15:4899 (tcp/unknown) - last seen on 2024-11-07 at 00:32:31 UTC

    • IP
      14.35.173.15
      Network
      14.35.160.0/20
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      f5fc479318c0245a1409f672c9221e40 
    • ERROR: NO_ACTIVE_TARGET
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T00:32:31.000Z",
   "app" : {
      "length" : 23
   },
   "asn" : "AS4766",
   "city" : "Pyeongtaek-si",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "ERROR: NO_ACTIVE_TARGET",
   "datamd5" : "f5fc479318c0245a1409f672c9221e40",
   "datammh3" : 1309586099,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "14.35.160.0/20"
   },
   "ip" : "14.35.173.15",
   "ipv6" : "false",
   "latitude" : "37.0009",
   "location" : "37.0009,127.0859",
   "longitude" : "127.0859",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "unknown",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "subnet" : "14.35.160.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 112.167.145.49:4899 (tcp/unknown) - last seen on 2024-11-06 at 22:47:59 UTC

    • IP
      112.167.145.49
      Network
      112.167.0.0/16
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      b1b84bfc48fe9ad417446628791d71d5 
    • RFJS\x00\x00\x00\x00X\x00\x00\x00\x01\x00\x00\x00\x00PROTOCOL_JSON1 ver=2.2 authkey=1C7346272C4D92492200 slevel=0 oem=34 kttv=2.0 kttlevel=3\x00
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-06T22:47:59.000Z",
   "app" : {
      "length" : 105
   },
   "asn" : "AS4766",
   "city" : "Asan",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "RFJS\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00PROTOCOL_JSON1 ver=2.2 authkey=1C7346272C4D92492200 slevel=0 oem=34 kttv=2.0 kttlevel=3\\x00",
   "datamd5" : "b1b84bfc48fe9ad417446628791d71d5",
   "datammh3" : -198563237,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "112.167.0.0/16"
   },
   "ip" : "112.167.145.49",
   "ipv6" : "false",
   "latitude" : "36.8940",
   "location" : "36.8940,126.8877",
   "longitude" : "126.8877",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "unknown",
   "seen_date" : "2024-11-06",
   "source" : "datascan",
   "subnet" : "112.167.0.0/16",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 121.190.242.162:4899 (tcp/http) - last seen on 2024-11-06 at 18:40:26 UTC

    • IP
      121.190.242.162
      Network
      121.190.240.0/21
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://121.190.242.162:4899/ 404

      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      df5c1a019fd13faeec24ce88e818a113
      HTTP Header MD5
      8271a08590d29ea336c6cd4bc192b60d
      HTTP Body MD5
      7cbf469b09881ce2e92f43feb16a2b68 
    • HTTP/1.0 404 Not Found
Connection: close
Content-Type: text/html
Content-Length: 47

<html><body><p>File not found</p></body></html>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-06T18:40:26.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "7cbf469b09881ce2e92f43feb16a2b68",
         "bodymmh3" : -15868574,
         "headermd5" : "8271a08590d29ea336c6cd4bc192b60d",
         "headermmh3" : 846407086
      },
      "length" : 137
   },
   "asn" : "AS4766",
   "city" : "Incheon",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.0 404 Not Found\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 47\r\n\r\n<html><body><p>File not found</p></body></html>",
   "datamd5" : "df5c1a019fd13faeec24ce88e818a113",
   "datammh3" : -1617912121,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "121.190.240.0/21"
   },
   "ip" : "121.190.242.162",
   "ipv6" : "false",
   "latitude" : "37.4723",
   "location" : "37.4723,126.6594",
   "longitude" : "126.6594",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Not Found",
   "seen_date" : "2024-11-06",
   "source" : "datascan",
   "status" : 404,
   "subnet" : "121.190.240.0/21",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 210.101.109.70:4899 (tcp/http) - last seen on 2024-11-06 at 16:30:27 UTC

    • IP
      210.101.109.70
      Network
      210.101.64.0/18
      Device

      <enterprise field>: device.class <enterprise field>: device.productvendor <enterprise field>: device.product

      Operating System
      SonicWall SonicOS
      URL

      http://210.101.109.70:4899/ 302

      HTTP Title
      Policy Jump
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      http
      Source
      datascan
    • Operating System
      SonicWall SonicOS
      HTTP Component(s)
      SonicWall SonicWall
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      8332030c845aaae05eb386bea74678a0
      HTTP Header MD5
      abacb902cd555996ea7c81367d39d2cf
      HTTP Body MD5
      7f437575f8c2fc5ea0b8a911e38bf0f9 
    • HTTP/1.0 302 Found
Content-type: text/html
X-Content-Type-Options: nosniff
Location: https://210.101.110.254:1443/dynPolLoginRedirect.html?cid=0

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">

	<title>Policy Jump</title>
	<meta name="id" content="policyJump" >
	<meta http-equiv="Expires" content="0">
</head>
<BODY>This document has moved <A href="https://210.101.110.254:1443/dynPolLoginRedirect.html?cid=0">here</A></BODY>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-06T16:30:27.000Z",
   "app" : {
      "extract" : {
         "ip" : [
            "210.101.110.254"
         ],
         "url" : [
            "https://210.101.110.254:1443/dynPolLoginRedirect.html?cid=0"
         ]
      },
      "http" : {
         "bodymd5" : "7f437575f8c2fc5ea0b8a911e38bf0f9",
         "bodymmh3" : -626897434,
         "component" : [
            {
               "product" : "SonicWall",
               "productvendor" : "SonicWall"
            }
         ],
         "headermd5" : "abacb902cd555996ea7c81367d39d2cf",
         "headermmh3" : -109501120,
         "title" : "Policy Jump"
      },
      "length" : 547
   },
   "asn" : "AS4766",
   "city" : "Buk-gu",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.0 302 Found\r\nContent-type: text/html\r\nX-Content-Type-Options: nosniff\r\nLocation: https://210.101.110.254:1443/dynPolLoginRedirect.html?cid=0\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\r\n<html>\r\n<head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n\r\n\t<title>Policy Jump</title>\r\n\t<meta name=\"id\" content=\"policyJump\" >\r\n\t<meta http-equiv=\"Expires\" content=\"0\">\r\n</head>\r\n<BODY>This document has moved <A href=\"https://210.101.110.254:1443/dynPolLoginRedirect.html?cid=0\">here</A></BODY>\r\n</html>\r\n",
   "datamd5" : "8332030c845aaae05eb386bea74678a0",
   "datammh3" : 1436404183,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "product" : "<enterprise field>: device.product",
      "productvendor" : "<enterprise field>: device.productvendor"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "210.101.64.0/18"
   },
   "ip" : "210.101.109.70",
   "ipv6" : "false",
   "latitude" : "35.9616",
   "location" : "35.9616,128.5413",
   "longitude" : "128.5413",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "SonicOS",
   "osvendor" : "SonicWall",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.0",
   "reason" : "Found",
   "seen_date" : "2024-11-06",
   "source" : "datascan",
   "status" : 302,
   "subnet" : "210.101.64.0/18",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 211.199.139.147:4899 (tcp/http) - last seen on 2024-11-06 at 09:40:28 UTC

    • IP
      211.199.139.147
      Network
      211.199.128.0/18
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://211.199.139.147:4899/ 200

      HTTP Title
      main page
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      4ee706a2f955b9f527c1406deb10d3b2
      HTTP Header MD5
      a3d845c84f69aa4fade7bdebc9e590b0
      HTTP Body MD5
      60b91305d545bb4d77592787df00080d 
    • HTTP/1.1 200 OK
Date: Wed, 06 Nov 2024 09:40:28 GMT
Server: 
Accept-Ranges: bytes
Connection: close
Content-Length: 289
Last-Modified: Thu, 12 May 2022 04:29:08 GMT
Content-Type: text/html

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso8859-1">
<title>main page</title>
<script language="javascript">

function redirect() {
	location.href = "/cgi-bin/login.cgi";
}

</script>
</head>

<body onload="redirect()">
</body>

</html>


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-06T09:40:28.000Z",
   "app" : {
      "extract" : {
         "file" : [
            "login.cgi"
         ]
      },
      "http" : {
         "bodymd5" : "60b91305d545bb4d77592787df00080d",
         "bodymmh3" : -1159873339,
         "header" : [
            {
               "name" : "Last-Modified",
               "value" : "Thu, 12 May 2022 04:29:08 GMT"
            }
         ],
         "headermd5" : "a3d845c84f69aa4fade7bdebc9e590b0",
         "headermmh3" : 414184949,
         "title" : "main page"
      },
      "length" : 488
   },
   "asn" : "AS4766",
   "city" : "Sejong",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nDate: Wed, 06 Nov 2024 09:40:28 GMT\r\nServer: \r\nAccept-Ranges: bytes\r\nConnection: close\r\nContent-Length: 289\r\nLast-Modified: Thu, 12 May 2022 04:29:08 GMT\r\nContent-Type: text/html\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"content-type\" content=\"text/html; charset=iso8859-1\">\r\n<title>main page</title>\r\n<script language=\"javascript\">\r\n\r\nfunction redirect() {\r\n\tlocation.href = \"/cgi-bin/login.cgi\";\r\n}\r\n\r\n</script>\r\n</head>\r\n\r\n<body onload=\"redirect()\">\r\n</body>\r\n\r\n</html>\r\n\r\n",
   "datamd5" : "4ee706a2f955b9f527c1406deb10d3b2",
   "datammh3" : 511056259,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "211.199.128.0/18"
   },
   "ip" : "211.199.139.147",
   "ipv6" : "false",
   "latitude" : "36.5916",
   "location" : "36.5916,127.2916",
   "longitude" : "127.2916",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-06",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "211.199.128.0/18",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 202.168.155.210:4899 (tcp/http) - last seen on 2024-11-06 at 04:25:50 UTC

    • IP
      202.168.155.210
      Network
      202.168.152.0/22
      Device

      <enterprise field>: device.class <enterprise field>: device.productvendor <enterprise field>: device.product

      Operating System
      Fortinet FortiOS
      URL

      http://202.168.155.210:4899/ 200

      HTTP Title
      Web Filter Block Override
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      http
      Source
      datascan
    • Operating System
      Fortinet FortiOS
      HTTP Component(s)
      Fortinet FortiGuard
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      4bc448c175a2c13cd2fac3c098851e21
      HTTP Header MD5
      257fdf67bf182740586db7f7fc5f5223
      HTTP Body MD5
      78ef50daf46f0d2e957e772aead46747 
    • HTTP/1.1 200 OK
Content-Length: 4612
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <link href="https://fonts.googleapis.com/css?family=Roboto&display=swap" rel="stylesheet">
        <style type="text/css">
            body {
                height: 100%;
                font-family: Roboto, Helvetica, Arial, sans-serif;
                color: #6a6a6a;
                margin: 0;
                display: flex;
                align-items: center;
                justify-content: center;
            }
            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
                color: #262626;
                vertical-align: baseline;
                margin: .2em;
                border-style: solid;
                border-width: 1px;
                border-color: #a9a9a9;
                background-color: #fff;
                box-sizing: border-box;
                padding: 2px .5em;
                appearance: none;
                border-radius: 0;
            }
            input:focus {
                border-color: #646464;
                box-shadow: 0 0 1px 0 #a2a2a2;
                outline: 0;
            }
            button {
                padding: .5em 1em;
                border: 1px solid;
                border-radius: 3px;
                min-width: 6em;
                font-weight: 400;
                font-size: .8em;
                cursor: pointer;
            }
            button.primary {
                color: #fff;
                background-color: rgb(47, 113, 178);
                border-color: rgb(34, 103, 173);
            }
            .message-container {
                height: 500px;
                width: 600px;
                padding: 0;
                margin: 10px;
            }
            .logo {
                background: url(https://<ip>:4899/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
                height: 267px;
                object-fit: contain;
            }
            table {
                background-color: #fff;
                border-spacing: 0;
                margin: 1em;
            }
            table > tbody > tr > td:first-of-type:not([colspan]) {
                white-space: nowrap;
                color: rgba(0,0,0,.5);
            }
            table > tbody > tr > td:first-of-type {
                vertical-align: top;
            }
            table > tbody > tr > td {
                padding: .3em .3em;
            }
            .field {
                display: table-row;
            }
            .field > :first-child {
                display: table-cell;
                width: 20%;
            }
            .field.single > :first-child {
                display: inline;
            }
            .field > :not(:first-child) {
                width: auto;
                max-width: 100%;
                display: inline-flex;
                align-items: baseline;
                virtical-align: top;
                box-sizing: border-box;
                margin: .3em;
            }
            .field > :not(:first-child) > input {
                width: 230px;
            }
            .form-footer {
                display: inline-flex;
                justify-content: flex-start;
            }
            .form-footer > * {
                margin: 1em;
            }
            .text-scrollable {
                overflow: auto;
                height: 150px;
                border: 1px solid rgb(200, 200, 200);
                padding: 5px;
                font-size: 1em;
            }
            .text-centered {
                text-align: center;
            }
            .text-container {
                margin: 1em 1.5em;
            }
            .flex-container {
                display: flex;
            }
            .flex-container.column {
                flex-direction: column;
            }
        </style>
        <title>Web Filter Block Override</title>
    </head>
    <body><div class="message-container">
    <div class="logo"></div>
    <h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
    <h3>Web Filter Block Override</h3>
    <p>Please contact your administrator to gain access to the web page.</p>
    <div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-06T04:25:50.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "googleapis.com"
         ],
         "hostname" : [
            "fonts.googleapis.com"
         ],
         "url" : [
            "https://fonts.googleapis.com/css?family=Roboto&display=swap"
         ]
      },
      "http" : {
         "bodymd5" : "78ef50daf46f0d2e957e772aead46747",
         "bodymmh3" : 875678365,
         "component" : [
            {
               "productvendor" : "Fortinet",
               "product" : "FortiGuard"
            }
         ],
         "headermd5" : "257fdf67bf182740586db7f7fc5f5223",
         "headermmh3" : 1740361275,
         "title" : "Web Filter Block Override"
      },
      "length" : 4870
   },
   "asn" : "AS4766",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Length: 4612\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: frame-ancestors 'self'\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"UTF-8\">\n        <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">\n        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n        <link href=\"https://fonts.googleapis.com/css?family=Roboto&display=swap\" rel=\"stylesheet\">\n        <style type=\"text/css\">\n            body {\n                height: 100%;\n                font-family: Roboto, Helvetica, Arial, sans-serif;\n                color: #6a6a6a;\n                margin: 0;\n                display: flex;\n                align-items: center;\n                justify-content: center;\n            }\n            input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {\n                color: #262626;\n                vertical-align: baseline;\n                margin: .2em;\n                border-style: solid;\n                border-width: 1px;\n                border-color: #a9a9a9;\n                background-color: #fff;\n                box-sizing: border-box;\n                padding: 2px .5em;\n                appearance: none;\n                border-radius: 0;\n            }\n            input:focus {\n                border-color: #646464;\n                box-shadow: 0 0 1px 0 #a2a2a2;\n                outline: 0;\n            }\n            button {\n                padding: .5em 1em;\n                border: 1px solid;\n                border-radius: 3px;\n                min-width: 6em;\n                font-weight: 400;\n                font-size: .8em;\n                cursor: pointer;\n            }\n            button.primary {\n                color: #fff;\n                background-color: rgb(47, 113, 178);\n                border-color: rgb(34, 103, 173);\n            }\n            .message-container {\n                height: 500px;\n                width: 600px;\n                padding: 0;\n                margin: 10px;\n            }\n            .logo {\n                background: url(https://<ip>:4899/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;\n                height: 267px;\n                object-fit: contain;\n            }\n            table {\n                background-color: #fff;\n                border-spacing: 0;\n                margin: 1em;\n            }\n            table > tbody > tr > td:first-of-type:not([colspan]) {\n                white-space: nowrap;\n                color: rgba(0,0,0,.5);\n            }\n            table > tbody > tr > td:first-of-type {\n                vertical-align: top;\n            }\n            table > tbody > tr > td {\n                padding: .3em .3em;\n            }\n            .field {\n                display: table-row;\n            }\n            .field > :first-child {\n                display: table-cell;\n                width: 20%;\n            }\n            .field.single > :first-child {\n                display: inline;\n            }\n            .field > :not(:first-child) {\n                width: auto;\n                max-width: 100%;\n                display: inline-flex;\n                align-items: baseline;\n                virtical-align: top;\n                box-sizing: border-box;\n                margin: .3em;\n            }\n            .field > :not(:first-child) > input {\n                width: 230px;\n            }\n            .form-footer {\n                display: inline-flex;\n                justify-content: flex-start;\n            }\n            .form-footer > * {\n                margin: 1em;\n            }\n            .text-scrollable {\n                overflow: auto;\n                height: 150px;\n                border: 1px solid rgb(200, 200, 200);\n                padding: 5px;\n                font-size: 1em;\n            }\n            .text-centered {\n                text-align: center;\n            }\n            .text-container {\n                margin: 1em 1.5em;\n            }\n            .flex-container {\n                display: flex;\n            }\n            .flex-container.column {\n                flex-direction: column;\n            }\n        </style>\n        <title>Web Filter Block Override</title>\n    </head>\n    <body><div class=\"message-container\">\n    <div class=\"logo\"></div>\n    <h1>FortiGuard Intrusion Prevention - Access Blocked</h1>\n    <h3>Web Filter Block Override</h3>\n    <p>Please contact your administrator to gain access to the web page.</p>\n    <div><font color=\"#FF0000\">Invalid FortiGuard Web Filtering override request.</font></div>\n</div></body>\n</html>\n",
   "datamd5" : "4bc448c175a2c13cd2fac3c098851e21",
   "datammh3" : -154638670,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "product" : "<enterprise field>: device.product",
      "productvendor" : "<enterprise field>: device.productvendor"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "gbpshk.com"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KR",
      "organization" : "Starry Network",
      "subnet" : "202.168.152.0/22"
   },
   "ip" : "202.168.155.210",
   "ipv6" : "false",
   "latitude" : "37.5944",
   "location" : "37.5944,126.9864",
   "longitude" : "126.9864",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "FortiOS",
   "osvendor" : "Fortinet",
   "port" : 4899,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-06",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "202.168.152.0/22",
   "tag" : "<enterprise field>: tag",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 211.57.190.222:4899 (tcp/http) - last seen on 2024-11-06 at 01:39:13 UTC

    • IP
      211.57.190.222
      Network
      211.57.160.0/19
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://211.57.190.222:4899/ 400

      HTTP Title
      400 The plain HTTP request was sent to HTTPS port
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      F5 Nginx
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      0c1820e0d381850a77897bf32978a1f0
      HTTP Header MD5
      a629a0fe278971ad61801ba6975ba467
      HTTP Body MD5
      ea425366a98dfc499c0cbeedb9a4f02a 
    • HTTP/1.1 400 Bad Request
Server: nginx
Date: Wed, 06 Nov 2024 01:39:13 GMT
Content-Type: text/html
Content-Length: 248
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-06T01:39:13.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "ea425366a98dfc499c0cbeedb9a4f02a",
         "bodymmh3" : 1153229498,
         "headermd5" : "a629a0fe278971ad61801ba6975ba467",
         "headermmh3" : -656754796,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 393
   },
   "asn" : "AS4766",
   "city" : "Gyeongsan-si",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Wed, 06 Nov 2024 01:39:13 GMT\r\nContent-Type: text/html\r\nContent-Length: 248\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "0c1820e0d381850a77897bf32978a1f0",
   "datammh3" : 190190724,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "211.57.160.0/19"
   },
   "ip" : "211.57.190.222",
   "ipv6" : "false",
   "latitude" : "35.8126",
   "location" : "35.8126,128.7839",
   "longitude" : "128.7839",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-06",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "211.57.160.0/19",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 121.167.93.59:4899 (tcp/unknown) - last seen on 2024-11-06 at 00:01:55 UTC

    • IP
      121.167.93.59
      Network
      121.166.0.0/15
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      ASN
      AS4766
      Organization
      Korea Telecom
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      57de7725c120b2e5e67363897b6db3cc 
    • RFJS\x00\x00\x00\x00X\x00\x00\x00\x01\x00\x00\x00\x00PROTOCOL_JSON1 ver=2.2 authkey=239347AA4901770C455F slevel=0 oem=34 kttv=2.0 kttlevel=3\x00
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-06T00:01:55.000Z",
   "app" : {
      "length" : 105
   },
   "asn" : "AS4766",
   "city" : "Yongin-si",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "RFJS\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00PROTOCOL_JSON1 ver=2.2 authkey=239347AA4901770C455F slevel=0 oem=34 kttv=2.0 kttlevel=3\\x00",
   "datamd5" : "57de7725c120b2e5e67363897b6db3cc",
   "datammh3" : 769655721,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "121.166.0.0/15"
   },
   "ip" : "121.167.93.59",
   "ipv6" : "false",
   "latitude" : "37.2980",
   "location" : "37.2980,127.0777",
   "longitude" : "127.0777",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 4899,
   "protocol" : "unknown",
   "seen_date" : "2024-11-06",
   "source" : "datascan",
   "subnet" : "121.166.0.0/15",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}