ONYPHE
datascan ctl threatlist sniffer vulnscan riskscan

Returning 10 result(s) out of 81,061 in 0.105 second(s)

  • 216.52.186.203:5269 (tcp/unknown) - last seen on 2024-11-07 at 03:29:28 UTC

    • IP
      216.52.186.203
      Network
      216.52.184.0/21
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      ASN
      AS12179
      Organization
      INTERNAP-2BLK
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      413fafa98bae9b9fcfd5d1dce9017891 
    • </stream:stream>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:28.000Z",
   "app" : {
      "length" : 16
   },
   "asn" : "AS12179",
   "city" : "Dallas",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "</stream:stream>",
   "datamd5" : "413fafa98bae9b9fcfd5d1dce9017891",
   "datammh3" : -1447426825,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS12179",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "unitasglobal.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "UG-210",
      "organization" : "Unitas Global",
      "subnet" : "216.52.184.0/21"
   },
   "ip" : "216.52.186.203",
   "ipv6" : "false",
   "latitude" : "32.8477",
   "location" : "32.8477,-96.7025",
   "longitude" : "-96.7025",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "INTERNAP-2BLK",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5269,
   "protocol" : "unknown",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "subnet" : "216.52.184.0/21",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 59.75.40.180:5269 (tcp/http) - last seen on 2024-11-07 at 03:29:27 UTC

    • IP
      59.75.40.180
      Network
      59.64.0.0/12
      Device

      <enterprise field>: device.class

      URL

      http://59.75.40.180:5269/ 302

      ASN
      AS4538
      Organization
      China Education and Research Network Center
      Protocol
      http
      Source
      datascan

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      96d7aced4477a5334c7de4616620bcc7
      HTTP Header MD5
      17494da67b263d49a356f29516833bab
      HTTP Body MD5
      d41d8cd98f00b204e9800998ecf8427e 
    • HTTP/1.1 302 Moved Temporarily
Server: DrcomServer1.0
Location: http://192.168.254.3
Cache-Control: no-cache
Content-Length: 0
Connection: close


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:27.000Z",
   "app" : {
      "extract" : {
         "ip" : [
            "192.168.254.3"
         ],
         "url" : [
            "http://192.168.254.3"
         ]
      },
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1,
         "headermd5" : "17494da67b263d49a356f29516833bab",
         "headermmh3" : 1664562682
      },
      "length" : 153
   },
   "asn" : "AS4538",
   "country" : "CN",
   "data" : "HTTP/1.1 302 Moved Temporarily\r\nServer: DrcomServer1.0\r\nLocation: http://192.168.254.3\r\nCache-Control: no-cache\r\nContent-Length: 0\r\nConnection: close\r\n\r\n",
   "datamd5" : "96d7aced4477a5334c7de4616620bcc7",
   "datammh3" : 1446480259,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS4538",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "CN",
      "countryname" : "China",
      "domain" : [
         "cernet.edu.cn"
      ],
      "isineu" : "false",
      "latitude" : "35.86166",
      "location" : "35.86166,104.195397",
      "longitude" : "104.195397",
      "netname" : "XAR-CERNET",
      "organization" : "China Education and Research Network",
      "subnet" : "59.75.40.128/25"
   },
   "ip" : "59.75.40.180",
   "ipv6" : "false",
   "latitude" : "34.7732",
   "location" : "34.7732,113.7220",
   "longitude" : "113.7220",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "China Education and Research Network Center",
   "port" : 5269,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Moved Temporarily",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 302,
   "subnet" : "59.64.0.0/12",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 95.82.61.146:5269 (tcp/http) - last seen on 2024-11-07 at 03:29:27 UTC

    • IP
      95.82.61.146
      Network
      95.82.48.0/20
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://95.82.61.146:5269/ 200

      HTTP Title
      Welcome to OpenResty!
      ASN
      AS134729
      Organization
      JOINT POWER TECHNOLOGY LIMITED
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      OpenResty OpenResty
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      e9d065ee67e3562b97c20680dbe58552
      HTTP Header MD5
      40d3d0b13e398bbca889c08417e6f928
      HTTP Body MD5
      4c58a19da43c2e4c47593beade2c6576 
    • HTTP/1.1 200 OK
Server: openresty
Date: Thu, 07 Nov 2024 03:29:27 GMT
Content-Type: text/html
Content-Length: 1097
Connection: close
Vary: Accept-Encoding
Last-Modified: Wed, 06 Sep 2023 08:46:51 GMT
Vary: Accept-Encoding
ETag: "64f83c7b-449"
Accept-Ranges: bytes

<!DOCTYPE html>
<html>
<head>
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<meta content="utf-8" http-equiv="encoding">
<title>Welcome to OpenResty!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to OpenResty!</h1>
<p>If you see this page, the OpenResty web platform is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to our
<a href="https://openresty.org/">openresty.org</a> site<br/>
Commercial support is available at
<a href="https://openresty.com/">openresty.com</a>.</p>
<p>We have articles on troubleshooting issues like <a href="https://blog.openresty.com/en/lua-cpu-flame-graph/?src=wb">high CPU usage</a> and
<a href="https://blog.openresty.com/en/how-or-alloc-mem/">large memory usage</a> on <a href="https://blog.openresty.com/">our official blog site</a>.
<p><em>Thank you for flying <a href="https://openresty.org/">OpenResty</a>.</em></p>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:27.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "openresty.org",
            "openresty.com"
         ],
         "hostname" : [
            "blog.openresty.com",
            "openresty.com",
            "openresty.org"
         ],
         "url" : [
            "https://blog.openresty.com/",
            "https://blog.openresty.com/en/how-or-alloc-mem/",
            "https://blog.openresty.com/en/lua-cpu-flame-graph/?src=wb",
            "https://openresty.com/",
            "https://openresty.org/"
         ]
      },
      "http" : {
         "bodymd5" : "4c58a19da43c2e4c47593beade2c6576",
         "bodymmh3" : -778468377,
         "header" : [
            {
               "name" : "Last-Modified",
               "value" : "Wed, 06 Sep 2023 08:46:51 GMT"
            },
            {
               "name" : "ETag",
               "value" : "64f83c7b-449"
            }
         ],
         "headermd5" : "40d3d0b13e398bbca889c08417e6f928",
         "headermmh3" : 262404164,
         "title" : "Welcome to OpenResty!"
      },
      "length" : 1374
   },
   "asn" : "AS134729",
   "country" : "AU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Thu, 07 Nov 2024 03:29:27 GMT\r\nContent-Type: text/html\r\nContent-Length: 1097\r\nConnection: close\r\nVary: Accept-Encoding\r\nLast-Modified: Wed, 06 Sep 2023 08:46:51 GMT\r\nVary: Accept-Encoding\r\nETag: \"64f83c7b-449\"\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n<meta content=\"text/html;charset=utf-8\" http-equiv=\"Content-Type\">\n<meta content=\"utf-8\" http-equiv=\"encoding\">\n<title>Welcome to OpenResty!</title>\n<style>\n    body {\n        width: 35em;\n        margin: 0 auto;\n        font-family: Tahoma, Verdana, Arial, sans-serif;\n    }\n</style>\n</head>\n<body>\n<h1>Welcome to OpenResty!</h1>\n<p>If you see this page, the OpenResty web platform is successfully installed and\nworking. Further configuration is required.</p>\n\n<p>For online documentation and support please refer to our\n<a href=\"https://openresty.org/\">openresty.org</a> site<br/>\nCommercial support is available at\n<a href=\"https://openresty.com/\">openresty.com</a>.</p>\n<p>We have articles on troubleshooting issues like <a href=\"https://blog.openresty.com/en/lua-cpu-flame-graph/?src=wb\">high CPU usage</a> and\n<a href=\"https://blog.openresty.com/en/how-or-alloc-mem/\">large memory usage</a> on <a href=\"https://blog.openresty.com/\">our official blog site</a>.\n<p><em>Thank you for flying <a href=\"https://openresty.org/\">OpenResty</a>.</em></p>\n</body>\n</html>\n",
   "datamd5" : "e9d065ee67e3562b97c20680dbe58552",
   "datammh3" : 1392601195,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "ip" : "95.82.61.146",
   "ipv6" : "false",
   "latitude" : "-33.4940",
   "location" : "-33.4940,143.2104",
   "longitude" : "143.2104",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "JOINT POWER TECHNOLOGY LIMITED",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5269,
   "product" : "OpenResty",
   "productvendor" : "OpenResty",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subnet" : "95.82.48.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 51.158.187.203:5269 (tcp/unknown) - last seen on 2024-11-07 at 03:29:26 UTC

    • IP
      51.158.187.203
      Network
      51.158.0.0/15
      Domain(s)
      scw.cloud
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      Reverse DNS
      203-187-158-51.instances.scw.cloud
      ASN
      AS12876
      Organization
      Scaleway S.a.s.
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      68b329da9893e34099c7d8ad5cb9c940 
    • 

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:26.000Z",
   "app" : {
      "length" : 1
   },
   "asn" : "AS12876",
   "city" : "Paris",
   "country" : "FR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "\n",
   "datamd5" : "68b329da9893e34099c7d8ad5cb9c940",
   "datammh3" : -1840324437,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "scw.cloud"
   ],
   "geolocus" : {
      "asn" : "AS12876",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "NL",
      "countryname" : "Netherlands",
      "domain" : [
         "online.net",
         "scw.cloud"
      ],
      "isineu" : "true",
      "latitude" : "52.132633",
      "location" : "52.132633,5.291266",
      "longitude" : "5.291266",
      "netname" : "SCALEWAY-AMS",
      "organization" : "Scaleway",
      "subnet" : "51.158.128.0/17"
   },
   "host" : [
      "203-187-158-51"
   ],
   "hostname" : [
      "203-187-158-51.instances.scw.cloud"
   ],
   "ip" : "51.158.187.203",
   "ipv6" : "false",
   "latitude" : "48.8323",
   "location" : "48.8323,2.4075",
   "longitude" : "2.4075",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Scaleway S.a.s.",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5269,
   "protocol" : "unknown",
   "reverse" : [
      "203-187-158-51.instances.scw.cloud"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "subdomains" : [
      "instances.scw.cloud"
   ],
   "subnet" : "51.158.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "cloud"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 192.36.61.90:5269 (tcp/http) - last seen on 2024-11-07 at 03:29:22 UTC

    • IP
      192.36.61.90
      Network
      192.36.61.0/24
      Domain(s)
      192.in-addr.arpa
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://192.36.61.90:5269/ 200

      HTTP Title
      Mirth Connect Administrator
      Reverse DNS
      90.61.36.192.in-addr.arpa
      ASN
      AS57169
      Organization
      EDIS GmbH
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      Mortbay Jetty 7.6.7
      HTTP Component(s)
      NextGen Mirth Connect jQuery jQuery 1.7.1
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      a6b67a89320d10f9ca82c75648f64c39
      HTTP Header MD5
      a05d029317bbc8a28dd92000102db2ad
      HTTP Body MD5
      b0ebe5bc1036cd1fe9997be43b7fafa8 
    • HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 2512
Last-Modified: Tue, 11 Nov 2014 19:40:08 GMT
Server: Jetty(7.6.7.v20120910)

<!doctype html>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	<meta http-equiv="x-ua-compatible" content="IE=edge">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="cache-control" content="no-store">
	
	<title>Mirth Connect Administrator</title>
	
	<link rel="shortcut icon" type="image/x-icon" href="images/favicon.ico" />
	<link rel="stylesheet" type="text/css" href="css/bootstrap.css" />
	<link rel="stylesheet" type="text/css" href="css/main.css" />
	
	<script type="text/javascript">
		/* Break out of frame if inside a frame. */
		if (window != window.top) {
			window.top.location = window.location;
		}
	</script>

	<script type="text/javascript" src="js/jquery-1.7.1.min.js"></script>
</head>

<body id="body" style="display:none;" class="subpage">
	<div id="centerWrapper">
		<div class="row">
			<div style="padding: 10px; text-align: center;">
				<img id="mirthLogo" src="images/mirthconnectlogowide.png"/>
			</div>
			
			<div id="mcadministrator" class="span9">
				<h1 style="text-align: center;">Mirth Connect Administrator</h1>

				<div class="help-block">
					<strong>Overview of Web Start:</strong><br /> Java Web Start is a framework developed by Sun Microsystems
					that enables launching Java applications directly from a browser.
					Unlike Java applets, Web Start applications do not run inside the
					browser. 
				</div>				
				<div class="help-block">
					<br/>Click the big green button below to launch the Mirth Connect
					Administrator using Java Web Start.
				</div>
				
				<div style="text-align: center; margin-top: 10px;">
					<a class="btn btn-large btn-themebutton" type="submit" href="javascript:launchAdministrator()">Launch Mirth Connect Administrator</a>
				</div>
			</div>
		</div>
	</div>

	<footer class="smallSubPage" style="width:100%;">
		<table>
			<tr>
				<td style="text-align: center;">&copy; 2014 Mirth Corporation | Mirth Connect</td>
			</tr>
		</table>
	</footer>

 	<script type="text/javascript">
		$(document).ready(function() {			
			$.ajax({
			    type: 'HEAD',
			    url: 'webadmin/Index.action',
				success: function() {
					window.location.replace("webadmin/Index.action");
				},
				error: function() {
					$("#body").css("display", "inline");
				} 
			});
		}); 
	</script>
	
    <script type="text/javascript">
   		function launchAdministrator(){
    		window.location.href = 'webstart.jnlp?time=' + new Date().getTime(); 
   		}
	</script>
</body>
</html>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:22.000Z",
   "app" : {
      "favicon" : {
         "url" : "/images/favicon.ico"
      },
      "http" : {
         "bodymd5" : "b0ebe5bc1036cd1fe9997be43b7fafa8",
         "bodymmh3" : -683887888,
         "component" : [
            {
               "product" : "Mirth Connect",
               "productvendor" : "NextGen"
            },
            {
               "productvendor" : "jQuery",
               "productversion" : "1.7.1",
               "product" : "jQuery"
            }
         ],
         "header" : [
            {
               "value" : "Tue, 11 Nov 2014 19:40:08 GMT",
               "name" : "Last-Modified"
            }
         ],
         "headermd5" : "a05d029317bbc8a28dd92000102db2ad",
         "headermmh3" : 409096128,
         "title" : "Mirth Connect Administrator"
      },
      "length" : 2656
   },
   "asn" : "AS57169",
   "country" : "LT",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 2512\r\nLast-Modified: Tue, 11 Nov 2014 19:40:08 GMT\r\nServer: Jetty(7.6.7.v20120910)\r\n\r\n<!doctype html>\n<html>\n<head>\n\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n\t<meta http-equiv=\"x-ua-compatible\" content=\"IE=edge\">\n\t<meta http-equiv=\"cache-control\" content=\"no-cache\">\n\t<meta http-equiv=\"cache-control\" content=\"no-store\">\n\t\n\t<title>Mirth Connect Administrator</title>\n\t\n\t<link rel=\"shortcut icon\" type=\"image/x-icon\" href=\"images/favicon.ico\" />\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"css/bootstrap.css\" />\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"css/main.css\" />\n\t\n\t<script type=\"text/javascript\">\n\t\t/* Break out of frame if inside a frame. */\n\t\tif (window != window.top) {\n\t\t\twindow.top.location = window.location;\n\t\t}\n\t</script>\n\n\t<script type=\"text/javascript\" src=\"js/jquery-1.7.1.min.js\"></script>\n</head>\n\n<body id=\"body\" style=\"display:none;\" class=\"subpage\">\n\t<div id=\"centerWrapper\">\n\t\t<div class=\"row\">\n\t\t\t<div style=\"padding: 10px; text-align: center;\">\n\t\t\t\t<img id=\"mirthLogo\" src=\"images/mirthconnectlogowide.png\"/>\n\t\t\t</div>\n\t\t\t\n\t\t\t<div id=\"mcadministrator\" class=\"span9\">\n\t\t\t\t<h1 style=\"text-align: center;\">Mirth Connect Administrator</h1>\n\n\t\t\t\t<div class=\"help-block\">\n\t\t\t\t\t<strong>Overview of Web Start:</strong><br /> Java Web Start is a framework developed by Sun Microsystems\n\t\t\t\t\tthat enables launching Java applications directly from a browser.\n\t\t\t\t\tUnlike Java applets, Web Start applications do not run inside the\n\t\t\t\t\tbrowser. \n\t\t\t\t</div>\t\t\t\t\n\t\t\t\t<div class=\"help-block\">\n\t\t\t\t\t<br/>Click the big green button below to launch the Mirth Connect\n\t\t\t\t\tAdministrator using Java Web Start.\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div style=\"text-align: center; margin-top: 10px;\">\n\t\t\t\t\t<a class=\"btn btn-large btn-themebutton\" type=\"submit\" href=\"javascript:launchAdministrator()\">Launch Mirth Connect Administrator</a>\n\t\t\t\t</div>\n\t\t\t</div>\n\t\t</div>\n\t</div>\n\n\t<footer class=\"smallSubPage\" style=\"width:100%;\">\n\t\t<table>\n\t\t\t<tr>\n\t\t\t\t<td style=\"text-align: center;\">&copy; 2014 Mirth Corporation | Mirth Connect</td>\n\t\t\t</tr>\n\t\t</table>\n\t</footer>\n\n \t<script type=\"text/javascript\">\n\t\t$(document).ready(function() {\t\t\t\n\t\t\t$.ajax({\n\t\t\t    type: 'HEAD',\n\t\t\t    url: 'webadmin/Index.action',\n\t\t\t\tsuccess: function() {\n\t\t\t\t\twindow.location.replace(\"webadmin/Index.action\");\n\t\t\t\t},\n\t\t\t\terror: function() {\n\t\t\t\t\t$(\"#body\").css(\"display\", \"inline\");\n\t\t\t\t} \n\t\t\t});\n\t\t}); \n\t</script>\n\t\n    <script type=\"text/javascript\">\n   \t\tfunction launchAdministrator(){\n    \t\twindow.location.href = 'webstart.jnlp?time=' + new Date().getTime(); \n   \t\t}\n\t</script>\n</body>\n</html>",
   "datamd5" : "a6b67a89320d10f9ca82c75648f64c39",
   "datammh3" : 1266031808,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "192.in-addr.arpa"
   ],
   "geolocus" : {
      "asn" : "AS57169",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "LT",
      "countryname" : "Lithuania",
      "domain" : [
         "192.in-addr.arpa",
         "edis.at"
      ],
      "isineu" : "true",
      "latitude" : "55.169438",
      "location" : "55.169438,23.881275",
      "longitude" : "23.881275",
      "netname" : "EDIS-LT-NET",
      "organization" : "EDIS GmbH",
      "subnet" : "192.36.61.0/24"
   },
   "host" : [
      90
   ],
   "hostname" : [
      "90.61.36.192.in-addr.arpa"
   ],
   "ip" : "192.36.61.90",
   "ipv6" : "false",
   "latitude" : "55.4167",
   "location" : "55.4167,24.0000",
   "longitude" : "24.0000",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "EDIS GmbH",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5269,
   "product" : "Jetty",
   "productvendor" : "Mortbay",
   "productversion" : "7.6.7",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "OK",
   "reverse" : [
      "90.61.36.192.in-addr.arpa"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "61.36.192.in-addr.arpa",
      "36.192.in-addr.arpa"
   ],
   "subnet" : "192.36.61.0/24",
   "tld" : [
      "in-addr.arpa"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 103.90.161.103:5269 (tcp/http) - last seen on 2024-11-07 at 03:29:07 UTC

    • IP
      103.90.161.103
      Network
      103.90.160.0/22
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      URL

      http://103.90.161.103:5269/ 400

      HTTP Title
      400 The plain HTTP request was sent to HTTPS port
      ASN
      AS36007
      Organization
      KAMATERA
      Protocol
      http
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      Product
      F5 Nginx
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      0c1820e0d381850a77897bf32978a1f0
      HTTP Header MD5
      a629a0fe278971ad61801ba6975ba467
      HTTP Body MD5
      ea425366a98dfc499c0cbeedb9a4f02a 
    • HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 07 Nov 2024 03:29:06 GMT
Content-Type: text/html
Content-Length: 248
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>

    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:07.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "ea425366a98dfc499c0cbeedb9a4f02a",
         "bodymmh3" : 1153229498,
         "headermd5" : "a629a0fe278971ad61801ba6975ba467",
         "headermmh3" : -12702341,
         "title" : "400 The plain HTTP request was sent to HTTPS port"
      },
      "length" : 393
   },
   "asn" : "AS36007",
   "city" : "Miami",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 400 Bad Request\r\nServer: nginx\r\nDate: Thu, 07 Nov 2024 03:29:06 GMT\r\nContent-Type: text/html\r\nContent-Length: 248\r\nConnection: close\r\n\r\n<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
   "datamd5" : "0c1820e0d381850a77897bf32978a1f0",
   "datammh3" : 190190724,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS36007",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "cloudwm.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "KAMATERA-US-MI",
      "organization" : "Kamatera, Inc.",
      "subnet" : "103.90.160.0/22"
   },
   "ip" : "103.90.161.103",
   "ipv6" : "false",
   "latitude" : "25.8119",
   "location" : "25.8119,-80.2318",
   "longitude" : "-80.2318",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "KAMATERA",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5269,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Bad Request",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 400,
   "subnet" : "103.90.160.0/22",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 2.90.26.82:5269 (tcp/http) - last seen on 2024-11-07 at 03:29:07 UTC

    • IP
      2.90.26.82
      Network
      2.90.0.0/18
      Device

      <enterprise field>: device.class

      Operating System
      FreeBSD FreeBSD
      URL

      http://2.90.26.82:5269/ 302

      ASN
      AS25019
      Organization
      Saudi Telecom Company JSC
      Protocol
      http
      Source
      datascan
    • Operating System
      FreeBSD FreeBSD
      Product
      Apache HTTP Server
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      eb2a7ec1be49ab9d22ac2f59a8691eac
      HTTP Header MD5
      54c7d64b9c9f14d6e65557658ee73786
      HTTP Body MD5
      d41d8cd98f00b204e9800998ecf8427e 
    • HTTP/1.1 302 Found
Date: Thu, 07 Nov 2024 03:29:06 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: /login/?next=/
Vary: Accept-Language,Cookie
Pragma: no-cache
Cache-Control: no-store
Content-Language: en
Content-Length: 0
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: None
Content-Type: text/html; charset=utf-8
Connection: close


    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:07.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1636538602,
         "headermd5" : "54c7d64b9c9f14d6e65557658ee73786",
         "headermmh3" : 109429258
      },
      "length" : 433
   },
   "asn" : "AS25019",
   "city" : "Makkah",
   "country" : "SA",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 302 Found\r\nDate: Thu, 07 Nov 2024 03:29:06 GMT\r\nServer: Apache\r\nX-Frame-Options: SAMEORIGIN\r\nX-Content-Type-Options: nosniff\r\nLocation: /login/?next=/\r\nVary: Accept-Language,Cookie\r\nPragma: no-cache\r\nCache-Control: no-store\r\nContent-Language: en\r\nContent-Length: 0\r\nX-Content-Type-Options: nosniff\r\nReferrer-Policy: same-origin\r\nCross-Origin-Opener-Policy: None\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\n\r\n",
   "datamd5" : "eb2a7ec1be49ab9d22ac2f59a8691eac",
   "datammh3" : -985243380,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS25019",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "SA",
      "countryname" : "Saudi Arabia",
      "domain" : [
         "stc.com.sa"
      ],
      "isineu" : "false",
      "latitude" : "23.885942",
      "location" : "23.885942,45.079162",
      "longitude" : "45.079162",
      "netname" : "STC_FBB",
      "organization" : "Saudinet, Saudi Telecom Company ISP",
      "subnet" : "2.90.0.0/18"
   },
   "ip" : "2.90.26.82",
   "ipv6" : "false",
   "latitude" : "21.4230",
   "location" : "21.4230,39.8210",
   "longitude" : "39.8210",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Saudi Telecom Company JSC",
   "os" : "FreeBSD",
   "osvendor" : "FreeBSD",
   "port" : 5269,
   "product" : "HTTP Server",
   "productvendor" : "Apache",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "reason" : "Found",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "status" : 302,
   "subnet" : "2.90.0.0/18",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 45.148.17.51:5269 (tcp/unknown) - last seen on 2024-11-07 at 03:29:06 UTC

    • IP
      45.148.17.51
      Network
      45.148.16.0/22
      Domain(s)
      ovpn.com
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      Reverse DNS
      45-148-17-51.pool.ovpn.com
      ASN
      AS42675
      Organization
      Obehosting AB
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      11daebd207f6f754109c5810e87f73ac 
    • <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' id='' xmlns='jabber:server' version='1.0'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:06.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "jabber.org"
         ],
         "hostname" : [
            "etherx.jabber.org"
         ],
         "url" : [
            "http://etherx.jabber.org/streams"
         ]
      },
      "length" : 233
   },
   "asn" : "AS42675",
   "city" : "Stockholm",
   "country" : "SE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' id='' xmlns='jabber:server' version='1.0'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>",
   "datamd5" : "11daebd207f6f754109c5810e87f73ac",
   "datammh3" : -866182009,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "ovpn.com"
   ],
   "geolocus" : {
      "asn" : "AS42675",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "SE",
      "countryname" : "Sweden",
      "domain" : [
         "obe.net"
      ],
      "isineu" : "true",
      "latitude" : "60.128161",
      "location" : "60.128161,18.643501",
      "longitude" : "18.643501",
      "netname" : "SE-OBE-SDL",
      "organization" : "Obe Sundsvall",
      "subnet" : "45.148.17.0/24"
   },
   "host" : [
      "45-148-17-51"
   ],
   "hostname" : [
      "45-148-17-51.pool.ovpn.com"
   ],
   "ip" : "45.148.17.51",
   "ipv6" : "false",
   "latitude" : "59.3241",
   "location" : "59.3241,18.0517",
   "longitude" : "18.0517",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Obehosting AB",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5269,
   "protocol" : "unknown",
   "reverse" : [
      "45-148-17-51.pool.ovpn.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "subdomains" : [
      "pool.ovpn.com"
   ],
   "subnet" : "45.148.16.0/22",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 15.161.3.48:5269 (tcp/unknown) - last seen on 2024-11-07 at 03:29:04 UTC

    • IP
      15.161.3.48
      Network
      15.160.0.0/15
      Domain(s)
      amazonaws.com
      Device

      <enterprise field>: device.class

      Operating System
      Linux Linux Kernel
      Reverse DNS
      ec2-15-161-3-48.eu-south-1.compute.amazonaws.com
      ASN
      AS16509
      Organization
      AMAZON-02
      Protocol
      unknown
      Source
      datascan
    • Operating System
      Linux Linux Kernel
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      eaa22f271dd0fb99e0cbd9877cb8c2ee 
    • <?xml version='1.0'?><stream:stream id='12299006715809699624' version='1.0' xml:lang='en' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-streams'>syntax error</text></stream:error></stream:stream>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:04.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "jabber.org"
         ],
         "hostname" : [
            "etherx.jabber.org"
         ],
         "url" : [
            "http://etherx.jabber.org/streams"
         ]
      },
      "length" : 384
   },
   "asn" : "AS16509",
   "city" : "Milan",
   "country" : "IT",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "<?xml version='1.0'?><stream:stream id='12299006715809699624' version='1.0' xml:lang='en' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server'><stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-streams'>syntax error</text></stream:error></stream:stream>",
   "datamd5" : "eaa22f271dd0fb99e0cbd9877cb8c2ee",
   "datammh3" : 1866047516,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com"
   ],
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "IT",
      "countryname" : "Italy",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "true",
      "latitude" : "41.87194",
      "location" : "41.87194,12.56738",
      "longitude" : "12.56738",
      "netname" : "AMAZON-MXP",
      "organization" : "Amazon Data Services Italy",
      "subnet" : "15.160.0.0/15"
   },
   "host" : [
      "ec2-15-161-3-48"
   ],
   "hostname" : [
      "ec2-15-161-3-48.eu-south-1.compute.amazonaws.com"
   ],
   "ip" : "15.161.3.48",
   "ipv6" : "false",
   "latitude" : "45.4722",
   "location" : "45.4722,9.1922",
   "longitude" : "9.1922",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 5269,
   "protocol" : "unknown",
   "reverse" : [
      "ec2-15-161-3-48.eu-south-1.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "subdomains" : [
      "compute.amazonaws.com",
      "eu-south-1.compute.amazonaws.com"
   ],
   "subnet" : "15.160.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}

  • 192.243.50.113:5269 (tcp/unknown) - last seen on 2024-11-07 at 03:29:04 UTC

    • IP
      192.243.50.113
      Network
      192.243.48.0/20
      Device

      <enterprise field>: device.class

      Operating System
      FreeBSD FreeBSD
      ASN
      AS39572
      Organization
      DataWeb Global Group B.V.
      Protocol
      unknown
      Source
      datascan
    • Operating System
      FreeBSD FreeBSD
      CPE(s)

      <enterprise field>: cpe

    • This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.

    • Data MD5
      8c5cf60e797a1cf2e8f89ae3242d5f92 
    • <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='4210296146'><stream:error><xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'></xml-not-well-formed></stream:error></stream:stream>
    • {
   "@category" : "datascan",
   "@timestamp" : "2024-11-07T03:29:04.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "jabber.org"
         ],
         "hostname" : [
            "etherx.jabber.org"
         ],
         "url" : [
            "http://etherx.jabber.org/streams"
         ]
      },
      "length" : 288
   },
   "asn" : "AS39572",
   "country" : "DM",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:server' xmlns:db='jabber:server:dialback' id='4210296146'><stream:error><xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'></xml-not-well-formed></stream:error></stream:stream>",
   "datamd5" : "8c5cf60e797a1cf2e8f89ae3242d5f92",
   "datammh3" : 1663182448,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "geolocus" : {
      "asn" : "AS39572",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "DM",
      "countryname" : "Dominica",
      "domain" : [
         "advancedhosters.com"
      ],
      "isineu" : "false",
      "latitude" : "15.414999",
      "location" : "15.414999,-61.370976",
      "longitude" : "-61.370976",
      "netname" : "ADVANCEDHOSTERS-NET",
      "organization" : "Internet Service Solution Corp.",
      "subnet" : "192.243.48.0/20"
   },
   "ip" : "192.243.50.113",
   "ipv6" : "false",
   "latitude" : "15.5000",
   "location" : "15.5000,-61.3333",
   "longitude" : "-61.3333",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "DataWeb Global Group B.V.",
   "os" : "FreeBSD",
   "osvendor" : "FreeBSD",
   "port" : 5269,
   "protocol" : "unknown",
   "seen_date" : "2024-11-07",
   "source" : "datascan",
   "subnet" : "192.243.48.0/20",
   "tls" : "false",
   "transport" : "tcp",
   "url" : "/"
}